2 Sep
2013
2 Sep
'13
3:11 p.m.
Adam. I fully agree with you and shun any "security testers" who operate within the scope of "let me show you how it *could* happen" as opposed to "let me show you how it *will* happen". Template-based testers also leave organizations vulnerable missing out on the specific risk within the organization vis-a-vie the company's risk appetite. That's why frameworks like Octave-S/Allegro, NIST come into play to offer a holistic risk mitigation approach. Knowledge on what to look out for is also scanty though that's a debate for another day. Shoot me an email and we could engage further on this. -ty