Sign up to save your podcasts
Or
Share The $65k Report That Missed Everything: Bang for Your Buck in Pen Testing
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The $65k Report That Missed Everything: Bang for Your Buck in Pen Testing
Penetration testing is crowded with great brands and even greater illusions.
In this episode, William Wright, CEO of Closed Door Security and UK Council member at CREST, breaks down the stark difference between real pen testing and glorified vulnerability scans.
We get into how to vet providers, what a good report actually looks like, why references matter, and how threat-led testing changes the game from “find issues” to “prove business-relevant risk.”
William shares war stories: a bank test that missed an IDOR exposing transactions, a $65k engagement that produced 70+ pages of screenshots but ignored systemic compromise, and how weak internal testing loops create “unknown unknowns” that later become ransomware incidents. If you buy, run, or rely on pen tests, this is your field guide to getting value and avoiding smoke and mirrors.
View all episodes
By James OakesPenetration testing is crowded with great brands and even greater illusions.
In this episode, William Wright, CEO of Closed Door Security and UK Council member at CREST, breaks down the stark difference between real pen testing and glorified vulnerability scans.
We get into how to vet providers, what a good report actually looks like, why references matter, and how threat-led testing changes the game from “find issues” to “prove business-relevant risk.”
William shares war stories: a bank test that missed an IDOR exposing transactions, a $65k engagement that produced 70+ pages of screenshots but ignored systemic compromise, and how weak internal testing loops create “unknown unknowns” that later become ransomware incidents. If you buy, run, or rely on pen tests, this is your field guide to getting value and avoiding smoke and mirrors.