Ask Our Experts About Penetration Testing

Ask-An-Expert (AAE) provides the ability to submit unlimited requests to the IANS Faculty. Our clients frequently begin by requesting AAEs to cover a variety of penetration testing questions relating to strategy, policy & process, controls, implementation, and operational optimization. Our deep-domain security experts share industry best practices, provide recommendations based off of real-world experience, and help to strengthen the overall strategy of your program. 

David Kennedy
Dave Kennedy, IANS Faculty
 

Here is what our clients are asking:

What best practices or industry standards do IANS Faculty recommend around conducting manual penetration testing in production environments vs. dev/test environments?
In terms of the technical aspects of penetration testing, what are the critical steps that IANS Faculty believe the team should focus on when conducting penetration tests against the networks, apps, data and other digital components?
How have other IANS companies built out internal penetration testing programs and corresponding frameworks?
Exclusive of phishing simulation and physical security testing methods, what does IANS recommend in terms of what to test for, best practices, procedures and strategies in conducting penetration testing for both on-premise enterprise environments, and the organization’s virtual private cloud?
What would be the IANS Faculty’s first steps in standing up an internal Red Team, working with vendors for training, and scoping Red Team engagements?
Based on experience, what are the IANS Faculty recommendations for Breach Attack Simulation tools for testing defined TTP ‘use cases’ in a repeatable and automated fashion?
 
Success! Thanks for filling out our form! Loading animation

Looking for a Detailed Ask-An-Expert Example?

Fill out the form below to access a full Ask-An-Expert Writeup.

Ask-an-Expert Writeup icon
Ask-an-Expert
Writeup
Decide Where to Do Manual Penetration-Testing: Production or Dev/Test

Is it better to do manual penetration-testing against the production environment, or limit the scope to development/test? In this Ask-an-Expert written response, IANS Faculty Jake Williams says there is no easy answer but details some key issues to factor into the decision.

 Privacy Statement.*
 

* Required Fields

Thank you! See below for your sample.

Ask-an-Expert Writeup icon
Ask-an-Expert Writeup
Decide Where to Do Manual Penetration-Testing: Production or Dev/Test

Is it better to do manual penetration-testing against the production environment, or limit the scope to development/test? In this Ask-an-Expert written response, IANS Faculty Jake Williams says there is no easy answer but details some key issues to factor into the decision.

Download
 

Our Faculty

This group of over 60 hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance on achieving fast and successful results.

id
Chris Nickerson
chris-nickerson

Expertise:

  • Red Teaming
  • Penetration Testing
  • Risk Management
  • Compliance & Governance
  • Team Structure & Management

Chris Nickerson

IANS Faculty

Chris is the Co-Founder and CEO of LARES Consulting, an information security consulting firm that leverages a blend of assessment, testing, and coaching. He also serves on the Board of Directors at CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market.

Achievements & Noteworthy Contributions

  • Appeared on Tiger Team on TruTV
  • TEDx Presenter, Hackers are all about curiosity, and security is just a feeling
  • Founding member of the Penetration Testing Execution Standard (PTES)
  • Co-founder of the BSides security conferences
  • Speaker at information security conferences such as DEFCON, CyberWeek, and BlackHat
  • Author of Red Team Testing: Offensive Security Techniques for Network Defense (2016)
  • Collaborator with the Red Team Alliance Training Collective
  • Former Senior Information Security Compliance Manager at Sprint

Certifications & Credentials

  • IEM, IAM –National Security Agency(NSA)
  • CISA – ISACA
  • CISSP – (ISC)2
  • BS7799

Hobbies & Fun Facts

In his free time, Chris can be found out on the ski slopes or playing with his dogs.

id
Jake Williams
jake-williams

Expertise:

  • Incident Response
  • Digital Forensics
  • Threat Modeling
  • Penetration Testing
  • Security Architecture

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Achievements & Noteworthy Contributions

  • Two-Time Winner of the Annual DC3 Forensics Challenge
  • Speaker at information security conferences such as Black Hat, DEF CON, ShmooCon, RSA, and DC3
  • Designated a Master Computer Network Exploitation (CNE) Operator by the NSA
  • Former Vulnerability Analyst at US Department of Defense
  • Former Senior Systems Engineer at Dell Services

Certifications & Credentials

  • MSIA, Information Assurance –Capitol College
  • GSE, GSNA, GCFE, GREM, GCWN, GCIA, GCIH, GPEN, GCFA, GXPN, GSEC –GIAC

id
Joff Thyer
joff-thyer

Expertise:

  • Penetration Testing
  • Red Teaming
  • Malware Development
  • Machine Learning and Data Analytics

Joff Thyer

IANS Faculty

Joff is a Security Analyst and Penetration Testerat Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. He is also an Instructor at the SANS Institute where he primarily teaches the use of Python for information security purposes.

Achievements & Noteworthy Contributions

  • Co-host on the Security Weekly podcast
  • Speaker at information security conferences such as DerbyCon
  • Former Senior Security Consultant at NWN Corporation, a security innovation SaaS platform
  • Former Senior Network Security Architect & Pen Tester at University of North Carolina, Greensboro

Certifications & Credentials

  • MS, Computer Science – University of North Carolina, Greensboro
  • BS, Mathematics – University of North Carolina, Greensboro
  • GPEN, GWAPT, GXPN, GCIA, GCIA Gold–GIAC

Hobbies & Fun Facts

When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.

id
John Strand
john-strand

Expertise:

  • Penetration Testing
  • Threat Hunting
  • Log Analysis
  • Incident Response
  • Cloud Security Assessments

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Achievements & Noteworthy Contributions

  • Co-author of Offensive Countermeasures: The Art of Active Defense (2013)
  • Contributor to the Penetration Testing Execution Standard (PTES)
  • Contributor to the 20 Critical Controls frameworks
  • Former co-host of Hack Naked TV and Security Weekly podcasts
  • Presenter at information security conferences such as RSA and Black Hat
  • Author of Black Hat’s "Active Defense, Offensive Countermeasures, and Hacking Back" course
  • Author of SANS Institute’s "Hacker Tools, Techniques, Exploits and Incident Handling" course
  • Former Information Assurance lead at Northrop Grumman and Accenture Certifications & Credentials

Certifications & Credentials

  • CISSP – (ISC)2
  • GCIH – GIAC

Hobbies & Fun Facts

In his free time, John enjoys mountain biking, AT Skinning (or Ski Touring) and ranching.

id
Tim Medin
tim-medin

Expertise:

  • Penetration Testing
  • Red Teaming
  • Adversary Emulation

Tim Medin

IANS Faculty

Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as BSides, Wild West Hacking Fest, DerbyCon, and ShmooCon
  • Creator of Kerberoasting, a technique to extract Kerberos tickets in order to offline attack the password of enterprise service accounts
  • Former Senior Security Consultant at FishNet Security (now Optiv)
  • Former Senior Technical Analyst at AgStar Financial Services (now Compeer) and Counter Hack
  • Former Network Engineer at LeTourneau University
  • Former Software Engineer at Tegron

Certifications & Credentials

  • MBA – University of Texas, Tyler
  • BS, Electrical Engineering – LeTourneau University
  • GWAPT, GPEN, GMOB, GCED, GCIH – GIAC

Hobbies & Fun Facts

In his free time, Tim enjoys traveling and watching football.

id
Dave Kennedy
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

id
Kevin Johnson
kevin-johnson

Expertise:

  • Penetration Testing
  • Application Security
  • Training

Kevin Johnson

IANS Faculty

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis.

Achievements & Noteworthy Contributions

  • Presenter at information security conferences such as Blackt Hat, DEF CON, and ShmooCon in addition to organizations such as Infragard, ISACA, and ISSA
  • Former SANS Institute Senior Instructor (8 years)
  • Author of SANS Course, Security 542: Web Application Penetration Testing and Ethical Hacking
  • Former Senior Security Consultant for InGardians, an independent information security consultancy
  • Former Technical Architecture Engineer at Blue Cross Blue Shield of Florida
  • Former Programmer at ANC Rental Corp, Orlando.com, and eSiteCreation

Hobbies & Fun Facts

Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion, a Star Wars charity group.

id
Bill Dean
bill-dean

Expertise:

  • Digital Forensics
  • Incident Response
  • Penetration Testing
  • Tabletop Exercises
  • Purple Teaming

Bill Dean

IANS Faculty

Bill is a Shareholder at LBMC Information Security,where he is responsible for security assessments, incident response, digital forensics, electronic discovery and overall litigation support. He also serves as an expert witness in federal courts and numerous state courts and has conducted digital forensic investigations and electronic discovery services to support litigation efforts. He is also an active member of the International Society for Forensic Computer Examiners and Board Member in East Tennessee’s InfraGard Chapter.

Achievements & Noteworthy Contributions

  • Former Director of Computer Forensics and Security Assessments at Sword & Shield Enterprise Security
  • Former Founder of Forensic Discoveries before merging with Sword & Shield Enterprise Security
  • Former Senior Systems Analyst at Covenant Health
  • Former Systems Manager at Citizens Bank of Tennessee

Certifications & Credentials

  • BS, Information Technology –East Tennessee State University
  • AS, Computer Science –Walters State Community College
  • Certified Computer Examiner –International Society of Forensic Computer Examiners
  • GPEN, GCIH, GCFA – GIAC
  • PCI Professional – PCI Security Standards Council

Hobbies & Fun Facts

In his free time, Bill enjoys boating, UT Football, and hanging out with his two sons.

id
Kevin Beaver
kevin-beaver

Expertise:

  • Network Security
  • Application Security
  • Incident Response
  • Compliance & Governance
  • Security Strategy & Leadership

Kevin Beaver

IANS Faculty

Kevin is the Founder and Principle Consultant of Atlanta-based Principle Logic, LLC an independent information security company that focuses on vulnerability and penetration testing, security operations reviews, and virtual CISO services. He also serves on the Industry Advisory Board for Computer Engineering at Kennesaw State University – Southern Polytechnic College of Engineering and Engineering Technology. Kevin has served in many information technology and security roles for healthcare, e-commerce, finance, education, and consulting organizations. Kevin is also a prominent writer having written over 1,000 articles on information security.

Achievements & Noteworthy Contributions

  • Author of Hacking for Dummies (2004, 2007, 2010, 2011, 2015, 2018)
  • Co-Author of Hacking Wireless Networks for Dummies (2011), Laptop Encryption for Dummies (2007), PCI Cardholder Data Protection for Dummies (2010), Identity & Access Management for Dummies (2011), Next-Generation IPS for Dummies (2013), Point-of-Sale Security for Dummies (2015), Securing the Mobile Enterprise for Dummies (2006)
  • Co-Author of The Practical Guide to HIPAA Privacy and Security Compliance (2014)
  • Author of white paper Implementation Strategies for Fulfilling and Maintaining IT Compliance (2011)
  • Contributor to TechTarget's SearchSecurity.com, Ziff Davis's Toolbox.com, and Iron Mountain’s InfoGOTo.com
  • Speaker at information security conferences such as RSA, ISACA, and Gartner
  • Appeared as a security expert on CNN Television and CBS Radio
  • Quoted as a security professional in Wall Street Journal, Entrepreneur Magazine, Fortune Small Business, Men’s Health, Women’s Health, Woman’s Day, and Inc. Magazine’s IncTechnology.com

Certifications & Credentials

  • MS, Management of Technology – Georgia Tech | Dupree College of Business
  • BS, Computer Engineering Technology – Southern College of Technology
  • CISSP – (ISC)2

Hobbies & Fun Facts

For fun, Kevin enjoys road racing his Mazda Miata in the Spec Miata class with the Sports Car Club of America (SCCA), riding dirt bikes, and snow skiing.

id
Jason Gillam
jason-gillam

Expertise:

  • Penetration Testing
  • Secure Software Development (SDLC)
  • Cloud Security -Amazon Web Services (AWS)
  • Security Awareness& Employee Behavior
  • Web Application Security (APIs, tokens, CORS, etc.)

Jason Gillam

IANS Faculty

Jason is a Principal Security Consultant and CIO at Secure Ideas, a boutique information security consultancy that focuses on penetration testing and training, where he leverages his software design, architecture, and security testing experience. He is also the author of many extensions for Burp Suite and is a contributor to several other projects including SamuraiWTF, MobiSec, and Laudanum.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as BSides and ISSA Charlotte
  • Former Lead Security by Design Engineer at Bank of America
  • Former Software Engineer Team Lead at Vignette and Epicentric

Certifications & Credentials

  • BE, Engineering –Royal Military College of Canada
  • CISSP –(ISC)2

Hobbies & Fun Facts

In his free time, Jason enjoys running, homebrewing, and spending time with his wife and two kids.

id
Dave Shackleford
dave-shackleford

Expertise:

  • Cloud Security
  • Virtualization and Container Security
  • Network Architecture and Security Monitoring
  • Security Operations
  • Event Log Management and Monitoring

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Achievements & Noteworthy Contributions

  • Former CSO for Configuresoft
  • Former CTO for the Center for Internet Security
  • Speaker at information security conferences such as RSA, DEF CON, and BSides
  • Author of Virtualization Security: Protecting Virtualized Environments (2012)

Certifications & Credentials

  • MBA – Georgia State University
  • BS, Computer Information Systems – Kennesaw State University
  • BS, Psychology & Microbiology – Georgia State University
  • CISSP – (ISC)2

Hobbies & Fun Facts

In his free time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

See all Faculty
 

Consulting Engagements with Our Faculty

Penetration testing is only as good as the tester. Inexperienced consultants using standard tools provide little value when defending against sophisticated adversaries. You need testers as skilled as your attackers. IANS’ Penetration Tests are all led by leaders — and with many experts to choose from, each with their own tactics and techniques, you can regularly rotate pen testers without the inconvenience of switching providers.

 

IANS Penetration Tests Are Customized for Your Environment

No two companies’ needs are alike, so our Faculty will discuss your objectives as a first step, ensuring that we tailor each engagement to meet the needs, concerns, and environment of your organization. We can identify vulnerabilities and provide information on the risk and impact across:

  • External and Internal Networks
  • Hardware and Devices (including Mobile)
  • Physical Security
  • Social Engineering
  • Web Applications
  • Wireless Networks

We test according to industry standards such as PCI-DSS, OWASP, ISO27001, NIST, and others. Our approach is tailored to client needs, including:

Blackbox

We request no reconnaissance information from the client and approach the test as would a malicious attacker.

Greybox

Clients provide basic reconnaissance information like IP ranges, applications, and domain names.

Whitebox

Reconnaissance information is provided by the client, saving time and associated costs.

 

Project Deliverables

Executive Summary

History, purpose and overview of engagement — suitable for non-technical and executive audiences to understand scope and outcome of project.

Purpose & Methodology

The technical reasons for the testing as well as the methodology used.

Findings

All vulnerabilities identified by root cause, sorted by severity, potential threats, likelihood of attack, and business impact. Findings are delivered in PDF and CSV formats to simplify integration with your tracking tools.

Recommendations

Practical, actionable, and prioritized short-term and long-term remediation guidance appropriate to the organization’s operations and technical environment.

Project Approach

Reconnaissance

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Mapping

Testers will map the target’s network architecture and systems/software, including open ports and system responses to identify potential targets.

Discovery

IANS will use the information gathered during the mapping phase to focus our staff and, using commercial, open source, and custom tools and scripts, discover vulnerabilities to exploit the systems.

Exploitation

IANS will attack systems and applications to prove that exploitation is possible and gain access to the targeted data and assets. If in scope, we will develop social engineering and phishing exercises to test employee security awareness. Any critical findings are communicated to clients immediately.

Remediation Guidance

Technical details are provided on root causes of vulnerabilities, recommended remediation actions based on severity and business impact, and (when appropriate) compensating controls.

Reporting and Delivery

Included is an Executive Summary with technical details related to the findings, delivered via a final teleconference/meeting with key stakeholders and/or client technical teams.
 

The IANS Difference

Security Focus
We focus solely on improving our clients’ security, risk, and compliance programs by helping them make more trusted and vetted security decisions.
Actionable Guidance
We guide clients to the best resources for their goals with a Faculty of over 60 expert practitioners.
Industry Experts
All projects are staffed by industry-recognized information security experts with deep, hands-on domain and technical experience.
Clear and Concise
Our guidance is actionable and practical. It is designed to communicate issues clearly to executives, and to reduce risk.
Customized
We work with organizations of all sizes and adjust projects to be appropriate to the business goals and technical maturity of each organization.
 
 

Want to know more? Let us know how we can help you.

Success! Thanks for filling out our form! Loading animation
 Privacy Statement.*
 

* Required Fields