The purpose of this presentation is to discuss the current state of security assessments and how their success is inhibited by improper scoping due to poor regulations, loose controls, misinterpretations of them and most importantly, consulting firms not acting as experienced and trusted advisors. Scoping is something that is learned throughout one's career and should be an open dialogue between the client and the consultant. It is truly an "art form" that must be learned and practiced.
<p>Too often an engagement is driven by the wrong means and consultants don't take the opportunity to educate their prospective client on where improvements could be made. In the end, a lackluster service is executed and the client is left with a false sense of security. This is either because the consultant lacked the experience to effectively perform one, or the client doesn't understand the benefits of having an improved approach. This discussion will review some of those common pitfalls in consulting and provide solutions on how to improve project scopes, overall security services, and reporting. This will not only develop stronger relationships between the client and the consultants, but start to weed out those commodity based firms and begin to highlight those that stand out as pioneers in today's Infosec market.</p>
Highly qualified, trained, and certified Ethical Hacker with over 13 years of experience in the IT/IS industry. In depth focus on helping companies to design, implement, and improve their security controls resulting in better protection of their critical information assets. Well versed in a variety of Risk Assessment services enabling clients to meet compliance with local laws, government regulations, and corporate initiatives. Experienced in network and application level vulnerability assessments, penetration testing, threat assessments, social engineering, wireless audits, architecture review, system hardening, and policy/ procedural development.