The business of hacking: creating, developing, and maintaining an effective penetration testing team
There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no litera...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Falls Church, VA, USA
Apress
[2024]
|
| Schlagworte: | |
| Online-Zugang: | DE-1050 |
| Zusammenfassung: | There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that. The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client's requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience. The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions |
| Beschreibung: | 1 Online-Ressource (xiii, 306 Seiten) |
| ISBN: | 9798868801747 |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV049773677 | ||
| 003 | DE-604 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 240709s2024 xx o|||| 00||| eng d | ||
| 020 | |a 9798868801747 |9 979-8-8688-0174-7 | ||
| 035 | |a (OCoLC)1446262406 | ||
| 035 | |a (DE-599)BVBBV049773677 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-1050 | ||
| 100 | 1 | |a Butler, Michael |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a The business of hacking |b creating, developing, and maintaining an effective penetration testing team |c Michael Butler, Jacob G. Oakley |
| 264 | 1 | |a Falls Church, VA, USA |b Apress |c [2024] | |
| 300 | |a 1 Online-Ressource (xiii, 306 Seiten) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 505 | 8 | |a Intro -- Table of Contents -- About the Authors -- Chapter 1: Introduction -- Hacking Is Different -- Bad Team, Good Team -- Why This Book Matters -- Chapter 2: The Service -- Definitions -- Offensive Cybersecurity Service (OCS) -- Team Types -- Penetration Testing Team -- Red Team -- Purple Team -- Team Differences -- Internal vs. Consultative -- Establishing the Service -- Vision -- Structure -- Lead -- Project -- Client -- Team -- Capability -- Team Structure -- Leadership -- Member Composition -- Chapter 3: Finding and Retaining Talent -- Sourcing Talent -- Community Engagement | |
| 505 | 8 | |a Referrals -- Job Requisition Postings -- Third-Party Recruiters -- Internal Recruiting Team -- Summary -- Assessing Candidates -- Conducting the Interview -- Technical Assessment -- Team Compatibility Assessment -- Retaining Talent -- The Mission Mindset -- Constructing a Mission -- Setting the Standard -- Lead -- Project -- Client -- Team -- Capability -- Technical Challenges -- Compensation -- Burnout -- Chapter 4: Team Management -- Time Management -- The System -- Rules -- Staffing -- Cheap and Scalable -- Handling Disruptions -- Team Coordination -- Preparing for Client Communication | |
| 505 | 8 | |a Daily Standup -- Vulnerability Sharing -- Retrospective -- Team Climate -- Getting Started -- All-Day Call -- Team Building Activities -- Negative Team Members -- Player Over Pawn: Transparent and Inclusive Management Practices -- Experimentation -- Chapter 5: Operational Management -- Client Management -- Initial Handoff -- Kickoff -- Engagement Time -- Outbrief -- Project Execution -- Single Point of Information -- Pre-engagement -- Scope Creep -- Daily Reporting -- Post-engagement -- Operational Checklists -- Good Penetration Testing vs. Effective Penetration Testing | |
| 505 | 8 | |a Chapter 6: Developing Hackers -- Disclaimer -- If You're Not Getting Better, You're Getting Worse and Fast -- Self-development Is Not Enough -- Building a Team Development Strategy -- Individual vs. Capability Development -- Setting Levels -- Level Baselines -- Capability Evolutions -- Capability Leads -- Core and Peripherial Capabilities -- Executing the Strategy -- Billable Time -- Resources and Tools -- Technical Conferences -- College -- Educational Courses -- On-the-Job Training -- Research -- Finishing the Story -- Final Thought -- Chapter 7: Understanding Clients -- Types of Clients | |
| 505 | 8 | |a Understanding Your Audience -- Internal Teams -- Commercial Clients -- Controlled Sectors -- Client Motivations and Concerns -- Required by Certification -- Security Concerns -- Hacking for Policy Change -- Previous Bad Experiences -- Helping the Client -- Industry Comparisons -- Alternative Approaches -- Change the Scope -- Client Relationship Pitfalls -- No Surprises -- Client Sabotage -- Chapter 8: Engagement Security -- Preventing Outages -- When Outages Occur -- Benefiting from an Outage -- Handling Negligent Pentesters -- Do No Harm -- Team Equipment -- Communication Security -- Data Creep | |
| 520 | |a There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that. The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client's requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience. The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions | ||
| 650 | 4 | |a Penetration testing (Computer security) / Management | |
| 650 | 4 | |a Hacking | |
| 650 | 4 | |a Tests d'intrusion / Gestion | |
| 650 | 4 | |a Piratage informatique | |
| 700 | 1 | |a Oakley, Jacob G. |e Verfasser |0 (DE-588)1189767198 |4 aut | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe, pbk |z 979-8-8688-0173-0 |
| 912 | |a ZDB-30-PQE | ||
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-035114805 | |
| 966 | e | |u https://ebookcentral.proquest.com/lib/th-deggendorf/detail.action?docID=31460593 |l DE-1050 |p ZDB-30-PQE |q FHD01_PQE_Kauf |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1817582799175024640 |
|---|---|
| adam_text | |
| any_adam_object | |
| author | Butler, Michael Oakley, Jacob G. |
| author_GND | (DE-588)1189767198 |
| author_facet | Butler, Michael Oakley, Jacob G. |
| author_role | aut aut |
| author_sort | Butler, Michael |
| author_variant | m b mb j g o jg jgo |
| building | Verbundindex |
| bvnumber | BV049773677 |
| collection | ZDB-30-PQE |
| contents | Intro -- Table of Contents -- About the Authors -- Chapter 1: Introduction -- Hacking Is Different -- Bad Team, Good Team -- Why This Book Matters -- Chapter 2: The Service -- Definitions -- Offensive Cybersecurity Service (OCS) -- Team Types -- Penetration Testing Team -- Red Team -- Purple Team -- Team Differences -- Internal vs. Consultative -- Establishing the Service -- Vision -- Structure -- Lead -- Project -- Client -- Team -- Capability -- Team Structure -- Leadership -- Member Composition -- Chapter 3: Finding and Retaining Talent -- Sourcing Talent -- Community Engagement Referrals -- Job Requisition Postings -- Third-Party Recruiters -- Internal Recruiting Team -- Summary -- Assessing Candidates -- Conducting the Interview -- Technical Assessment -- Team Compatibility Assessment -- Retaining Talent -- The Mission Mindset -- Constructing a Mission -- Setting the Standard -- Lead -- Project -- Client -- Team -- Capability -- Technical Challenges -- Compensation -- Burnout -- Chapter 4: Team Management -- Time Management -- The System -- Rules -- Staffing -- Cheap and Scalable -- Handling Disruptions -- Team Coordination -- Preparing for Client Communication Daily Standup -- Vulnerability Sharing -- Retrospective -- Team Climate -- Getting Started -- All-Day Call -- Team Building Activities -- Negative Team Members -- Player Over Pawn: Transparent and Inclusive Management Practices -- Experimentation -- Chapter 5: Operational Management -- Client Management -- Initial Handoff -- Kickoff -- Engagement Time -- Outbrief -- Project Execution -- Single Point of Information -- Pre-engagement -- Scope Creep -- Daily Reporting -- Post-engagement -- Operational Checklists -- Good Penetration Testing vs. Effective Penetration Testing Chapter 6: Developing Hackers -- Disclaimer -- If You're Not Getting Better, You're Getting Worse and Fast -- Self-development Is Not Enough -- Building a Team Development Strategy -- Individual vs. Capability Development -- Setting Levels -- Level Baselines -- Capability Evolutions -- Capability Leads -- Core and Peripherial Capabilities -- Executing the Strategy -- Billable Time -- Resources and Tools -- Technical Conferences -- College -- Educational Courses -- On-the-Job Training -- Research -- Finishing the Story -- Final Thought -- Chapter 7: Understanding Clients -- Types of Clients Understanding Your Audience -- Internal Teams -- Commercial Clients -- Controlled Sectors -- Client Motivations and Concerns -- Required by Certification -- Security Concerns -- Hacking for Policy Change -- Previous Bad Experiences -- Helping the Client -- Industry Comparisons -- Alternative Approaches -- Change the Scope -- Client Relationship Pitfalls -- No Surprises -- Client Sabotage -- Chapter 8: Engagement Security -- Preventing Outages -- When Outages Occur -- Benefiting from an Outage -- Handling Negligent Pentesters -- Do No Harm -- Team Equipment -- Communication Security -- Data Creep |
| ctrlnum | (OCoLC)1446262406 (DE-599)BVBBV049773677 |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000 c 4500</leader><controlfield tag="001">BV049773677</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">240709s2024 xx o|||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9798868801747</subfield><subfield code="9">979-8-8688-0174-7</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1446262406</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV049773677</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1050</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Butler, Michael</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The business of hacking</subfield><subfield code="b">creating, developing, and maintaining an effective penetration testing team</subfield><subfield code="c">Michael Butler, Jacob G. Oakley</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Falls Church, VA, USA</subfield><subfield code="b">Apress</subfield><subfield code="c">[2024]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (xiii, 306 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Intro -- Table of Contents -- About the Authors -- Chapter 1: Introduction -- Hacking Is Different -- Bad Team, Good Team -- Why This Book Matters -- Chapter 2: The Service -- Definitions -- Offensive Cybersecurity Service (OCS) -- Team Types -- Penetration Testing Team -- Red Team -- Purple Team -- Team Differences -- Internal vs. Consultative -- Establishing the Service -- Vision -- Structure -- Lead -- Project -- Client -- Team -- Capability -- Team Structure -- Leadership -- Member Composition -- Chapter 3: Finding and Retaining Talent -- Sourcing Talent -- Community Engagement</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Referrals -- Job Requisition Postings -- Third-Party Recruiters -- Internal Recruiting Team -- Summary -- Assessing Candidates -- Conducting the Interview -- Technical Assessment -- Team Compatibility Assessment -- Retaining Talent -- The Mission Mindset -- Constructing a Mission -- Setting the Standard -- Lead -- Project -- Client -- Team -- Capability -- Technical Challenges -- Compensation -- Burnout -- Chapter 4: Team Management -- Time Management -- The System -- Rules -- Staffing -- Cheap and Scalable -- Handling Disruptions -- Team Coordination -- Preparing for Client Communication</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Daily Standup -- Vulnerability Sharing -- Retrospective -- Team Climate -- Getting Started -- All-Day Call -- Team Building Activities -- Negative Team Members -- Player Over Pawn: Transparent and Inclusive Management Practices -- Experimentation -- Chapter 5: Operational Management -- Client Management -- Initial Handoff -- Kickoff -- Engagement Time -- Outbrief -- Project Execution -- Single Point of Information -- Pre-engagement -- Scope Creep -- Daily Reporting -- Post-engagement -- Operational Checklists -- Good Penetration Testing vs. Effective Penetration Testing</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 6: Developing Hackers -- Disclaimer -- If You're Not Getting Better, You're Getting Worse and Fast -- Self-development Is Not Enough -- Building a Team Development Strategy -- Individual vs. Capability Development -- Setting Levels -- Level Baselines -- Capability Evolutions -- Capability Leads -- Core and Peripherial Capabilities -- Executing the Strategy -- Billable Time -- Resources and Tools -- Technical Conferences -- College -- Educational Courses -- On-the-Job Training -- Research -- Finishing the Story -- Final Thought -- Chapter 7: Understanding Clients -- Types of Clients</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Understanding Your Audience -- Internal Teams -- Commercial Clients -- Controlled Sectors -- Client Motivations and Concerns -- Required by Certification -- Security Concerns -- Hacking for Policy Change -- Previous Bad Experiences -- Helping the Client -- Industry Comparisons -- Alternative Approaches -- Change the Scope -- Client Relationship Pitfalls -- No Surprises -- Client Sabotage -- Chapter 8: Engagement Security -- Preventing Outages -- When Outages Occur -- Benefiting from an Outage -- Handling Negligent Pentesters -- Do No Harm -- Team Equipment -- Communication Security -- Data Creep</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that. The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client's requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience. The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Penetration testing (Computer security) / Management</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Hacking</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Tests d'intrusion / Gestion</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Piratage informatique</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Oakley, Jacob G.</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1189767198</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe, pbk</subfield><subfield code="z">979-8-8688-0173-0</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035114805</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/th-deggendorf/detail.action?docID=31460593</subfield><subfield code="l">DE-1050</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">FHD01_PQE_Kauf</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV049773677 |
| illustrated | Not Illustrated |
| indexdate | 2024-12-05T07:00:32Z |
| institution | BVB |
| isbn | 9798868801747 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-035114805 |
| oclc_num | 1446262406 |
| open_access_boolean | |
| owner | DE-1050 |
| owner_facet | DE-1050 |
| physical | 1 Online-Ressource (xiii, 306 Seiten) |
| psigel | ZDB-30-PQE ZDB-30-PQE FHD01_PQE_Kauf |
| publishDate | 2024 |
| publishDateSearch | 2024 |
| publishDateSort | 2024 |
| publisher | Apress |
| record_format | marc |
| spelling | Butler, Michael Verfasser aut The business of hacking creating, developing, and maintaining an effective penetration testing team Michael Butler, Jacob G. Oakley Falls Church, VA, USA Apress [2024] 1 Online-Ressource (xiii, 306 Seiten) txt rdacontent c rdamedia cr rdacarrier Intro -- Table of Contents -- About the Authors -- Chapter 1: Introduction -- Hacking Is Different -- Bad Team, Good Team -- Why This Book Matters -- Chapter 2: The Service -- Definitions -- Offensive Cybersecurity Service (OCS) -- Team Types -- Penetration Testing Team -- Red Team -- Purple Team -- Team Differences -- Internal vs. Consultative -- Establishing the Service -- Vision -- Structure -- Lead -- Project -- Client -- Team -- Capability -- Team Structure -- Leadership -- Member Composition -- Chapter 3: Finding and Retaining Talent -- Sourcing Talent -- Community Engagement Referrals -- Job Requisition Postings -- Third-Party Recruiters -- Internal Recruiting Team -- Summary -- Assessing Candidates -- Conducting the Interview -- Technical Assessment -- Team Compatibility Assessment -- Retaining Talent -- The Mission Mindset -- Constructing a Mission -- Setting the Standard -- Lead -- Project -- Client -- Team -- Capability -- Technical Challenges -- Compensation -- Burnout -- Chapter 4: Team Management -- Time Management -- The System -- Rules -- Staffing -- Cheap and Scalable -- Handling Disruptions -- Team Coordination -- Preparing for Client Communication Daily Standup -- Vulnerability Sharing -- Retrospective -- Team Climate -- Getting Started -- All-Day Call -- Team Building Activities -- Negative Team Members -- Player Over Pawn: Transparent and Inclusive Management Practices -- Experimentation -- Chapter 5: Operational Management -- Client Management -- Initial Handoff -- Kickoff -- Engagement Time -- Outbrief -- Project Execution -- Single Point of Information -- Pre-engagement -- Scope Creep -- Daily Reporting -- Post-engagement -- Operational Checklists -- Good Penetration Testing vs. Effective Penetration Testing Chapter 6: Developing Hackers -- Disclaimer -- If You're Not Getting Better, You're Getting Worse and Fast -- Self-development Is Not Enough -- Building a Team Development Strategy -- Individual vs. Capability Development -- Setting Levels -- Level Baselines -- Capability Evolutions -- Capability Leads -- Core and Peripherial Capabilities -- Executing the Strategy -- Billable Time -- Resources and Tools -- Technical Conferences -- College -- Educational Courses -- On-the-Job Training -- Research -- Finishing the Story -- Final Thought -- Chapter 7: Understanding Clients -- Types of Clients Understanding Your Audience -- Internal Teams -- Commercial Clients -- Controlled Sectors -- Client Motivations and Concerns -- Required by Certification -- Security Concerns -- Hacking for Policy Change -- Previous Bad Experiences -- Helping the Client -- Industry Comparisons -- Alternative Approaches -- Change the Scope -- Client Relationship Pitfalls -- No Surprises -- Client Sabotage -- Chapter 8: Engagement Security -- Preventing Outages -- When Outages Occur -- Benefiting from an Outage -- Handling Negligent Pentesters -- Do No Harm -- Team Equipment -- Communication Security -- Data Creep There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that. The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client's requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience. The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions Penetration testing (Computer security) / Management Hacking Tests d'intrusion / Gestion Piratage informatique Oakley, Jacob G. Verfasser (DE-588)1189767198 aut Erscheint auch als Druck-Ausgabe, pbk 979-8-8688-0173-0 |
| spellingShingle | Butler, Michael Oakley, Jacob G. The business of hacking creating, developing, and maintaining an effective penetration testing team Intro -- Table of Contents -- About the Authors -- Chapter 1: Introduction -- Hacking Is Different -- Bad Team, Good Team -- Why This Book Matters -- Chapter 2: The Service -- Definitions -- Offensive Cybersecurity Service (OCS) -- Team Types -- Penetration Testing Team -- Red Team -- Purple Team -- Team Differences -- Internal vs. Consultative -- Establishing the Service -- Vision -- Structure -- Lead -- Project -- Client -- Team -- Capability -- Team Structure -- Leadership -- Member Composition -- Chapter 3: Finding and Retaining Talent -- Sourcing Talent -- Community Engagement Referrals -- Job Requisition Postings -- Third-Party Recruiters -- Internal Recruiting Team -- Summary -- Assessing Candidates -- Conducting the Interview -- Technical Assessment -- Team Compatibility Assessment -- Retaining Talent -- The Mission Mindset -- Constructing a Mission -- Setting the Standard -- Lead -- Project -- Client -- Team -- Capability -- Technical Challenges -- Compensation -- Burnout -- Chapter 4: Team Management -- Time Management -- The System -- Rules -- Staffing -- Cheap and Scalable -- Handling Disruptions -- Team Coordination -- Preparing for Client Communication Daily Standup -- Vulnerability Sharing -- Retrospective -- Team Climate -- Getting Started -- All-Day Call -- Team Building Activities -- Negative Team Members -- Player Over Pawn: Transparent and Inclusive Management Practices -- Experimentation -- Chapter 5: Operational Management -- Client Management -- Initial Handoff -- Kickoff -- Engagement Time -- Outbrief -- Project Execution -- Single Point of Information -- Pre-engagement -- Scope Creep -- Daily Reporting -- Post-engagement -- Operational Checklists -- Good Penetration Testing vs. Effective Penetration Testing Chapter 6: Developing Hackers -- Disclaimer -- If You're Not Getting Better, You're Getting Worse and Fast -- Self-development Is Not Enough -- Building a Team Development Strategy -- Individual vs. Capability Development -- Setting Levels -- Level Baselines -- Capability Evolutions -- Capability Leads -- Core and Peripherial Capabilities -- Executing the Strategy -- Billable Time -- Resources and Tools -- Technical Conferences -- College -- Educational Courses -- On-the-Job Training -- Research -- Finishing the Story -- Final Thought -- Chapter 7: Understanding Clients -- Types of Clients Understanding Your Audience -- Internal Teams -- Commercial Clients -- Controlled Sectors -- Client Motivations and Concerns -- Required by Certification -- Security Concerns -- Hacking for Policy Change -- Previous Bad Experiences -- Helping the Client -- Industry Comparisons -- Alternative Approaches -- Change the Scope -- Client Relationship Pitfalls -- No Surprises -- Client Sabotage -- Chapter 8: Engagement Security -- Preventing Outages -- When Outages Occur -- Benefiting from an Outage -- Handling Negligent Pentesters -- Do No Harm -- Team Equipment -- Communication Security -- Data Creep Penetration testing (Computer security) / Management Hacking Tests d'intrusion / Gestion Piratage informatique |
| title | The business of hacking creating, developing, and maintaining an effective penetration testing team |
| title_auth | The business of hacking creating, developing, and maintaining an effective penetration testing team |
| title_exact_search | The business of hacking creating, developing, and maintaining an effective penetration testing team |
| title_full | The business of hacking creating, developing, and maintaining an effective penetration testing team Michael Butler, Jacob G. Oakley |
| title_fullStr | The business of hacking creating, developing, and maintaining an effective penetration testing team Michael Butler, Jacob G. Oakley |
| title_full_unstemmed | The business of hacking creating, developing, and maintaining an effective penetration testing team Michael Butler, Jacob G. Oakley |
| title_short | The business of hacking |
| title_sort | the business of hacking creating developing and maintaining an effective penetration testing team |
| title_sub | creating, developing, and maintaining an effective penetration testing team |
| topic | Penetration testing (Computer security) / Management Hacking Tests d'intrusion / Gestion Piratage informatique |
| topic_facet | Penetration testing (Computer security) / Management Hacking Tests d'intrusion / Gestion Piratage informatique |
| work_keys_str_mv | AT butlermichael thebusinessofhackingcreatingdevelopingandmaintaininganeffectivepenetrationtestingteam AT oakleyjacobg thebusinessofhackingcreatingdevelopingandmaintaininganeffectivepenetrationtestingteam |