Tuesday, September 10th | Downtown Chicago

Pen Testing Workshops with RedLegg is a regional event series for cybersecurity professionals looking to build and expand their security strategies to grow and better protect their businesses.

Join RedLegg’s Pen Testing team for discussions around threat modeling, how to maximize your pen test and its deliverables, and ways you can expose blind spots in your security infrastructure. This workshop will cover how to go about pen testing with the right test, in the right way, and at the right time. Understand the pen testing ecosystem and what pen testing can do for your security.

You’ll walk away with breadth-and-depth knowledge, yes, but also samples, direction, and your own threat model!



If you're beginning to think about pen testing, workshop topics will cover the breadth of pen testing, elevating your sense of how your people, processes, and technology work together as well as how testing helps you see the bigger picture of your cybersecurity efforts.



Bring your laptops, tools, and be ready to pop the hood as you create a threat model. We'll have a secure and strong WiFi connection if you want to refer to your own company details and access points. Walk away with a better idea of how to handle your attackers.



RedLegg's team of expert pen testers will be onsite leading sessions, guiding groups in the break out session, and performing deep dives. Come ready with the hardest roadblocks and questions you have and hear a few of their crazy pen testing stories as well.



If you've been around the block with pen testing, this workshop will help you better understand how to build a relationship with your vendor, how to read and apply your results for remediation, and how to see your cybersecurity from the attacker's perspective.


11:30 am - 12:00 pm - Registration Open

  • Sign in and grab some RedLegg swag! We’ll also have lunch served for you to fuel up and meet some of your neighbors before we get started.

12:00 pm - 1:00 pm - Kick-off & Lunch

  • We’ll also serve lunch to fuel you up for a content heavy afternoon. This is also a great time to meet some of your neighbors before we get started.

1:00 pm - 2:30 pm - Sessions

  • What Pen Testing Is(n’t) – Many companies who buy a pen test don’t have a testing goal. Learn the differences between Vulnerability Assessment and Pen Testing, and reflect on your own company’s cybersecurity and coverage needs to have an accurate view of the state of your security posture.
  • Scoping Pitfalls – Proper scoping requires a proper mindset. Learn what to look for while scoping, how to prepare for a scope with a third party tester, what kind of reporting is available, and how to avoid that scope creep.
  • Getting the Most Out of Your Testing – Building a comprehensive security program is a marathon, not a sprint. Pen test reports can be overwhelming, not just because of the amount of data but also the sense of responsibility. Learn how to effectively, and calmly, leverage your test results and maximize your deliverable to build a better security program.
  • The Multi-Headed Beast – Unlike most of us, pen testing has many heads. Get an overview of the pen testing world and the different areas of testing available to better your security posture and to help you discover security gaps that may be putting your company at risk.
  • Pen Tester Foundations – While pen testing has many heads, basic commonalities exist across the testing disciplines. From discovering targets to threat modeling, we’ll walk you through the mind of an expert pen tester and what you can expect to happen when testing your own company’s cybersecurity.
  • Careful with That Axe, Eugene – Self-testing should be part of a standard cybersecurity operations, but it’s not the only testing a security team should conduct. Uncover the potential gotchas of self-testing and what can bring more weight to your pen tests.
  • The Attacker Perspective – RedLegg has encountered many challenges in conducting pen tests and we have some examples to share about network systems, web apps, physical, and social pen testing. Learn those challenges, solutions, and common defenses your company can use to improve your security posture, and also learn how attackers may get around those defenses.

2:30 pm - 3:45 pm - Breakout Session

  • Build Your Threat Model – Are competitors interested in your business goals, products, secret sauce? Are you potentially seen as a way into a business partner’s network? 40-60% of companies don’t have, or don’t know, their own threat model. This particular piece of the cybersecurity puzzle helps companies know what testing they may actually need to improve their security posture. Work through this hands-on threat modeling exercise in our breakout session and walk away with a tool you can use to better protect your company from a breach.

4:00 pm - 4:30 pm - Workshop Wrap-Up

  • Say it isn't so! We'll close out the day with some final thoughts, but if you want to stick around, we're happy to help answer any questions.

4:30 pm - 6:30 pm - Happy Hour (Optional)

  • Join the RedLegg team to unwind and close the day out!


Phil Grimes, Director of TradeCraft Labs, uses his extensive knowledge of the digital world (and how to break it) to deliver comprehensive security assessments and penetration services. With hands-on experience dismantling systems and identifying weaknesses in application, physical, digital and mobile security, Phil is a valuable ally for domestic and global organizations. A sought after speaker, Phil has shared his expertise with OWASP and ISSA as well as at several security and technology conferences.
William Stoner is a Senior Security Consultant with TradeCraft Labs and has over 30 years experience in IT with a majority dedicated to network, web, and mobile application security. As a graduate from The Ohio State University with a focus on linguistics and IT, Bill brings a unique background to cybersecurity and testing. He is passionate about learning new technologies and assisting customers in consistently bettering their security stances in an ever-changing world.



(it's free!)