11:30 am - 12:00 pm - Registration Open
- Sign in and grab some RedLegg swag! We’ll also have lunch served for you to fuel up and meet some of your neighbors before we get started.
12:00 pm - 1:00 pm - Kick-off & Lunch
- We’ll also serve lunch to fuel you up for a content heavy afternoon. This is also a great time to meet some of your neighbors before we get started.
1:00 pm - 2:30 pm - Sessions
- What Pen Testing Is(n’t) – Many companies who buy a pen test don’t have a testing goal. Learn the differences between Vulnerability Assessment and Pen Testing, and reflect on your own company’s cybersecurity and coverage needs to have an accurate view of the state of your security posture.
- Scoping Pitfalls – Proper scoping requires a proper mindset. Learn what to look for while scoping, how to prepare for a scope with a third party tester, what kind of reporting is available, and how to avoid that scope creep.
- Getting the Most Out of Your Testing – Building a comprehensive security program is a marathon, not a sprint. Pen test reports can be overwhelming, not just because of the amount of data but also the sense of responsibility. Learn how to effectively, and calmly, leverage your test results and maximize your deliverable to build a better security program.
- The Multi-Headed Beast – Unlike most of us, pen testing has many heads. Get an overview of the pen testing world and the different areas of testing available to better your security posture and to help you discover security gaps that may be putting your company at risk.
- Pen Tester Foundations – While pen testing has many heads, basic commonalities exist across the testing disciplines. From discovering targets to threat modeling, we’ll walk you through the mind of an expert pen tester and what you can expect to happen when testing your own company’s cybersecurity.
- Careful with That Axe, Eugene – Self-testing should be part of a standard cybersecurity operations, but it’s not the only testing a security team should conduct. Uncover the potential gotchas of self-testing and what can bring more weight to your pen tests.
- The Attacker Perspective – RedLegg has encountered many challenges in conducting pen tests and we have some examples to share about network systems, web apps, physical, and social pen testing. Learn those challenges, solutions, and common defenses your company can use to improve your security posture, and also learn how attackers may get around those defenses.
2:30 pm - 3:45 pm - Breakout Session
- Build Your Threat Model – Are competitors interested in your business goals, products, secret sauce? Are you potentially seen as a way into a business partner’s network? 40-60% of companies don’t have, or don’t know, their own threat model. This particular piece of the cybersecurity puzzle helps companies know what testing they may actually need to improve their security posture. Work through this hands-on threat modeling exercise in our breakout session and walk away with a tool you can use to better protect your company from a breach.
4:00 pm - 4:30 pm - Workshop Wrap-Up
- Say it isn't so! We'll close out the day with some final thoughts, but if you want to stick around, we're happy to help answer any questions.
4:30 pm - 6:30 pm - Happy Hour (Optional)
- Join the RedLegg team to unwind and close the day out!