How are we redefining the scope and effectiveness of penetration testing?

In our latest installment of Super Cyber Friday "Hacking the Future of Pentesting: An hour of critical thinking about how to continuously manage your threat exposure," we focused on the limitations of traditional point-in-time penetration testing and integrating pentesting with attack surface management. Joining us for this discussion were Casey Cammilleri CEO and founder of Sprocket Security , and Stephen Harrison , CISO at MGM Resorts International .?

HUGE thanks to our sponsor, Sprocket Security

Watch the full video here:

Join us in two weeks, September 6th, 2024 for "Hacking Tabletop Exercises"

We're off for the Labor Day weekend, but we're coming back with another fun Super Cyber Friday. Our topic will be "Hacking Tabletop Exercises: An hour of critical thinking about enhancing incident response readiness.” It all starts at 1 PM ET/10 AM PT on Friday, September 6th, 2024. Join us!

>> REGISTER for 9-6-24 Super Cyber Friday "Hacking Tabletop Exercises" <<

Did you know that we have an events calendar? Visit our events page to subscribe so you can stay up to date on Super Cyber Friday and other CISO Series content.?

Best quotes from our guests

"Automation replaces a lot of the repetitive tasks in pen testing, but it cannot replace the nuanced understanding and adaptive strategies required for effective security testing." - Casey Cammilleri, Sprocket Security

"The challenge with automating penetration testing is ensuring it does not disrupt critical business operations or create new vulnerabilities." - Stephen Harrison, MGM Resorts International

"The thing about continuous pentesting is that it allows us to adapt as technologies and attack surfaces evolve, which is crucial in today's rapidly changing security landscape." - Casey Cammilleri, Sprocket Security

"We invite employees to report potential vulnerabilities, integrating them into our security culture and enhancing our overall security posture through continuous feedback." - Stephen Harrison, MGM Resorts International

Best quotes from the chat

“Let your development team shoulder surf a pentest so that they understand what the problem space really is.” - James S. , sr. DevOps contractor, Beacon Hill

"'If you see something, say something' is paramount to our program and is communicated to all new employees, consultants, etc. We have received so many good tips (things to look into) from our folks using this technique.” - Mathew Biby , CISO, Gogo | Satcom Direct

“One of my favorite accomplishments was creating a honeypot that had an automatic self-defense mechanism that would launch an automated attack using OSINT against any system outside our network that attempted to connect to it. It had 100% success in taking down the attacking systems.” - Andrew Aken, PhD, CISSP , vice president of infrastructure technology, Fox Rent A Car

“When performing post test de-briefing, ensure the tester speaks in business language with the Executives in the room, avoid technical fluff.” - Aman S. , cybersecurity business engagement, vp, 爱思唯尔