Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]

CyberWire Daily

N2K Networks, Inc.

News, Tech News, Daily News, Technology

4.8 • 1.1K Ratings

🗓️ 9 October 2022

⏱️ 37 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, “Is it our fault if they don’t fix things?” While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start. But the real battle shouldn’t be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? Do the defenders just not care or does the onus fall on the report? Everyone really wants the same thing: better security. To get there, the primary communication tool between consultant and client, offensive and defensive teams — the pentest report — must be consumable and actionable and tailored to the audience who receives it. In the first half of this episode of Cyberwire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Hash Table members Amanda Fennell, the CIO and CSO of Relativity, and William MacMillan, the SVP of Security Product and Program Management at Salesforce. In the second half of the episode, Dan DeCloss, the Founder and CEO of episode sponsor PlexTrac, joins Dave Bittner discuss the politics around pentest reporting and how better reports can support real progress. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire X, a series of specials where we highlight important
0:24.6	security topics affecting security professionals worldwide. I'm Rick Howard
0:29.2	the Chief Security Officer, Chief Analyst and Senior Fellow at the
0:32.4	CyberWire in today's episode is called
0:35.4	Pin Test Reporting and the Remediation Cycle.
0:38.4	Why are we making progress?
0:40.7	A program note, each CyberWireX special features two segments.
0:44.7	In the first part we'll hear from a couple of industry experts on the topic at hand, and
0:48.8	the second part we'll hear from our show's sponsor for their point of view.
0:52.5	And since I brought it up, here's a word from today's sponsor,
0:55.5	Plex Track. The Cyberwar is never ending.
1:05.0	The Cyberwar is never ending.
1:07.0	Plex Track, the Proactive Security Management Platform,
1:11.0	helps teams win the right battles by boosting efficiency and effectiveness and cutting
1:15.7	reporting time in half. Flex Track clients report an average 20% time savings and 30% increase in efficiency.
1:24.0	Flex tracks streamlines and automates workflows through the full cyber security life cycle.
1:29.0	Key integrations with popular tools means all your data can be easily aggregated in one place.
1:35.0	Robust analytics provide insight into security posture and inform prioritization.
1:40.0	A library of finding write-ups and custom-templating facilitate efficient consistent reporting.
1:47.0	Remediation tracking ensures measurable progress.
1:50.0	All in all, Plex-track provides a single source of truth for all stakeholders.
1:55.0	Plex Track can help your team aggregate your data, gain visibility into your security
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.