During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.

Overview Offensive Security has released several new courses recently, including Evasion Techniques and Breaching Defenses (PEN-300), which primarily focuses on “penetration tests against mature organizations with an established security function.” After reading that overview on the website, I was excited to take on the challenge and expand my knowledge base in preparation for obtaining the OSEP certification.