Slides

At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest.

Penetration Testers get paid for their reports.

For their explanations.

For their story of the environment as it appears to an attacker.

The scanning and testing and exploiting (and failing at those things) is nothing more than input for the report.

So if the job of pentesting is all about creating a good report, why is it so common to hear how much testers hate reporting? Is there any way to make it all less difficult, or more attractive?

Yes, there is.

Come see a better way to think about your report. See examples of common mistakes and missed opportunities in reporting and how you can do better. Consider how a small change in how you think about your report can make it easier to write.

We’ll wrap up with a demonstration of how a little time exploring MS Word features can pay you back immediately in saved time, reduced frustration, and improved consistency.

If you want to better understand what makes a pentest valuable and how you can make your own work more sought-after, come join us for this webcast. Join us on the BLACK HILLS INFOSEC Discord server for live interaction with Jason and your fellow attendees: https://discord.gg/bhis

Part 1 at BSides Cleveland: https://youtu.be/NUueNT1svb8

00:00:00 – PreShow Banter™

00:48:07 – FEATURE PRESENTATION

01:44:37 – Closing, Questions & Answers

We think BB is pretty cool …but we might be biased.

Why not find out for yourself and take a class with him?

Modern WebApp Pentesting

Available live/virtual and on-demand