Penetration testing is one of the main standards in which organizations measure their security. We all know the drill. Spend a week or more “testing like a bad guy” and provide a report to the client indicating the findings. While this works for satisfying clients requirements defined by regulators and compliance, it produces little value for increasing their security. It is time to take another look at how penetration testing engagements can evolve with the client in mind. In this session, James will discuss how pen tests are typically consumed and ways to enhance the experience. How we can, as consultants, maximize the value of these tests.
James Jardine is the CEO of Jardine Software Inc. James has over 12 years of software development experience with over half of that focusing on application security. During his long development history, he has had the opportunity to write both large enterprise applications, thick clients, and mobile applications. He has held many roles including senior developer, software architect, application security expert, and principal security consultant. In addition, James was an instructor and author for the SANS Institute. He is also a contributing blogger for the Jardine Software blog, and the DevelopSec blog. James has performed a number of trainings and presentations for both public events and internal clients. James taught the Dev544: Secure Coding in .Net course at the SANS Institute. He was also a contributing author for that course. He has also presented on multiple webcasts, at the Kentucky ISSA InfoSec Summit, DerbyCon, Hacker Halted and the ISC2 Security Congress. He has also taught courses at BlackHat and DerbyCon. In addition, James is the host of the DevelopSec podcast and co-host of the Down the Security Rabbithole podcast.