PCI Recognizes PTES as a reference framework for Conducting Penetration Tests!
Chris Nickerson
CEO, Founder, Advisor, Investor, Executive, International Infosec leader, Creator of PTES and BSides.
https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
To all of my friends, colleagues and families who may not know a lot about my work life, this is a huge life accomplishment for me. 4+ years ago in absolute frustration and disgust in what my industry had made out of the term penetration test I sent a giant rant to about 15 of my close friends who I knew shared some of the same opinions. I begged and pleaded with all of them the help put aside some time and finally define what it is that we do during a penetration test so that the term could stop being so spoiled. We all agreed that something MUST be done to save our craft/trade! We needed something to force all of the ambulance chasing scanner monkeys.....who had been ripping off the public..... to be held to some sort of standard. So we began. A draft of ideas exploded into an inbox flooded with email. Once we realized that this could not be done without being in person to really hash it out we picked a spot. ShmooCon in DC. Many of us from the US and international community were going to be there and we sized the moment. Who would have thought.....that Social Engineering us a conference room (with impeccable service....and a few bottles of booze) would have given birth to such an amazing thing. Once the initial map was drawn ***which was about 5' x 5' drawn in pen/marker in sheets of stolen plotter paper**** it just took off. 1800+ revisions later and the tireless work of many people all across the world..... and we got it out there. It's still not pretty....it's not perfect... hell...it's not even complete..... but to sit here in an airport and see the very standard I was so enraged about referencing the term pentest.....use our work to define it.... well friends.... it just doesn't get any better than that. Www.pentest-standard.org is a work in progress.... just like pentest in is... it will evolve and morph and the more energy put into it...the more energy we will get back. Today.... today I am proud of my contribution to this industry and honored to have met and worked along side of those who cared enough to stand up and make a change.
Information Security Expert / Architect
9 年Awesome. Now we need to do something about Security in general. Most companies think that passing a PCI DSS audit means that they are secure, and don't need to do anything more. While nothing is further from the truth.
Cyber Security / Entrepreneur / CyberAlerts.io
9 年PTES is mentioned in all of my reports. Their reporting guidance also helped shape them. :)
Seeking customer-focused technical position
9 年Congrats!
Freelance security consultant and researcher, co-founder of SteelCon
9 年That was a fun first meeting, I need to find more time to get involved again.
Finally. Work that has not fallen on deaf ears!