Penetration Testing is Stuck in 2010. Here’s How to Move On.
Today I stumbled across a companion blog post for a talk from BSIDES Atlanta 2010. A talk I was actually in the audience…
What Terence Tao’s Red Team Analogy Gets Right About Security
Terence Tao, often called the greatest living mathematician, recently wrote about the nature of red and blue teams — builders and breakers. Their…
How Pentest Vendors Hide Bad Work Behind Process
Most companies think buying a penetration test means getting real security insights. But too often, all you get is a PDF and a…
Auditors and CTOs Call Out Fake Pentests
Many SOC 2 “penetration tests” aren’t actually penetration tests — and real auditors, CISOs, and engineers are calling it out. In this video,…
Don’t Rewrite Your SOC 2 Controls — Get an Emergency Pentest and Finish Strong
So you’re halfway through your SOC 2 audit, and someone just asked, “Wait, where’s the penetration test report?” Panic sets in. Maybe you…
How to Milk a Penetration Test for Everything It’s Worth
Penetration testing takes time. It costs money. So if you’re doing it — you should milk it for everything it’s worth. In this…
“Vibe Hacking” and the Rise of the AI-Augmented Attacker
Zach wrote an article on HackerNoon about how generative AI is changing the game for both attackers and defenders. It looks at how…
What to Do If You Fail a Penetration Test
Failed your pentest? You’re not alone — and it’s not the end of the world. Maybe the report came back with critical issues…
5 Types of Bad Penetration Tests (& How to Avoid Them)
Not all penetration tests are created equal — and some are a complete waste of time and money. In this video, we break…
Why We Don’t Flinch When Someone Says Their Last Pen Test Was a Disaster
You can almost set your watch by it. We get on a call with a prospective client. Walk through the project. Exchange a…
