Sign up to save your podcasts
Or
Share From barking to Meow: mature pentesting (WHY2025)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
From barking to Meow: mature pentesting (WHY2025)
In a world of relentless cyber-threats, MIAUW (Methodology for Information Security Assessment with Audit Value) turns every pentest into a high-impact, traceable mission. This session reveals how its storyline-driven playbook fuses technical exploitation, legal rigor and forensic reporting into a reusable blueprint that regulators love and attackers fear. Expect war-stories, live-demo snippets, and a roadmap to weaponize compliance while clawing back control over risk.
This talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight.
We begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight.
MIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings.
In this session, we’ll cover:
- How MIAUW works: from the first conversation to the final deliverables.
Why including an auditor raises the bar for quality, traceability, and board-level trust.
- Real-world stories of organizations that transformed their security posture through structured offensive testing.
- How to get started with MIAUW, even when working with external testing partners.
Whether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/
about this event: https://program.why2025.org/why2025/talk/NLDDV7/
View all episodes
In a world of relentless cyber-threats, MIAUW (Methodology for Information Security Assessment with Audit Value) turns every pentest into a high-impact, traceable mission. This session reveals how its storyline-driven playbook fuses technical exploitation, legal rigor and forensic reporting into a reusable blueprint that regulators love and attackers fear. Expect war-stories, live-demo snippets, and a roadmap to weaponize compliance while clawing back control over risk.
This talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight.
We begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight.
MIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings.
In this session, we’ll cover:
- How MIAUW works: from the first conversation to the final deliverables.
Why including an auditor raises the bar for quality, traceability, and board-level trust.
- Real-world stories of organizations that transformed their security posture through structured offensive testing.
- How to get started with MIAUW, even when working with external testing partners.
Whether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/
about this event: https://program.why2025.org/why2025/talk/NLDDV7/