Please join us on Friday, March 19th, 2021 for “Hacking Pentesting: An hour of critical thinking to convert red team exercises into risk reduction”.


Everytime I speak with a pentester they tell me the story of pentesting the same company year over year and writing an identical report. The same vulnerabilities the target company was warned about last year are still there. Could this be happening because they had a regulatory requirement to conduct a pentest but had no plan for remediation of the results?

Joining me for this discussion will be:

In preparation for our discussion, think about the following:

  • Why are you pentesting? What role does it serve? 
  • Should pentesting be a requirement?
  • How do we marry the security framework with tactics and techniques?
  • How do we define scope as it relates to security program maturity
  • Iterative pentesting vs. annual pentesting
  • In house vs. outside pentesting

It all starts at 10 AM Pacific/1 PM Eastern. At the end of the hour [11 AM Pacific/2 PM Eastern] we’ll switch gears into a series of impromptu 1-on-1 five-minute meetings where everyone will be randomly paired. Nothing to prepare, we’ll do the matching.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor PlexTrac


  • Best bad ideas get first responses in “Department of YES” or “Beat the Bad Idea”.
  • Other bad ideas featured in “What’s Worse?!” game.
  • The BEST bad idea wins an award and a really awesome CISO Series sweatshirt (repeat winners get a $25 Amazon gift card).

The CISO Series Video Chats are open discussion where all viewers and listeners are welcome to become participants. Before the scheduled event, connect your webcam and microphone (avoid Bluetooth) and test your equipment here. During the discussion, if you have a question or comment, let it be known in the chat room and our producer will do his best to get as many of you into the conversation. We look forward to you joining us.