Books+ Search Results
The business of hacking : creating, developing, and maintaining an effective penetration testing team
Author
Title
The business of hacking : creating, developing, and maintaining an effective penetration testing team / Michael Butler, Jacob G. Oakley.
ISBN
9798868801747
9798868801730
Publication
[New York, NY] : Apress, [2024]
Physical Description
1 online resource (xiii, 306 pages)
Local Notes
Access is available to the Yale community.
Notes
Place of publication from publisher's website.
Description based on online resource; title from digital title page (viewed on July 08, 2024).
Access and use
Access restricted by licensing agreement.
Summary
There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that. The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client's requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience. The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions.
Variant and related titles
O'Reilly Safari. OCLC KB.
Other formats
Original
Format
Books / Online
Language
English
Added to Catalog
October 30, 2024
Bibliography
Includes index.
Contents
Intro
Table of Contents
About the Authors
Chapter 1: Introduction
Hacking Is Different
Bad Team, Good Team
Why This Book Matters
Chapter 2: The Service
Definitions
Offensive Cybersecurity Service (OCS)
Team Types
Penetration Testing Team
Red Team
Purple Team
Team Differences
Internal vs. Consultative
Establishing the Service
Vision
Structure
Lead
Project
Client
Team
Capability
Team Structure
Leadership
Member Composition
Chapter 3: Finding and Retaining Talent
Sourcing Talent
Community Engagement
Referrals
Job Requisition Postings
Third-Party Recruiters
Internal Recruiting Team
Summary
Assessing Candidates
Conducting the Interview
Technical Assessment
Team Compatibility Assessment
Retaining Talent
The Mission Mindset
Constructing a Mission
Setting the Standard
Lead
Project
Client
Team
Capability
Technical Challenges
Compensation
Burnout
Chapter 4: Team Management
Time Management
The System
Rules
Staffing
Cheap and Scalable
Handling Disruptions
Team Coordination
Preparing for Client Communication
Daily Standup
Vulnerability Sharing
Retrospective
Team Climate
Getting Started
All-Day Call
Team Building Activities
Negative Team Members
Player Over Pawn: Transparent and Inclusive Management Practices
Experimentation
Chapter 5: Operational Management
Client Management
Initial Handoff
Kickoff
Engagement Time
Outbrief
Project Execution
Single Point of Information
Pre-engagement
Scope Creep
Daily Reporting
Post-engagement
Operational Checklists
Good Penetration Testing vs. Effective Penetration Testing
Chapter 6: Developing Hackers
Disclaimer
If You're Not Getting Better, You're Getting Worse and Fast
Self-development Is Not Enough
Building a Team Development Strategy
Individual vs. Capability Development
Setting Levels
Level Baselines
Capability Evolutions
Capability Leads
Core and Peripherial Capabilities
Executing the Strategy
Billable Time
Resources and Tools
Technical Conferences
College
Educational Courses
On-the-Job Training
Research
Finishing the Story
Final Thought
Chapter 7: Understanding Clients
Types of Clients
Understanding Your Audience
Internal Teams
Commercial Clients
Controlled Sectors
Client Motivations and Concerns
Required by Certification
Security Concerns
Hacking for Policy Change
Previous Bad Experiences
Helping the Client
Industry Comparisons
Alternative Approaches
Change the Scope
Client Relationship Pitfalls
No Surprises
Client Sabotage
Chapter 8: Engagement Security
Preventing Outages
When Outages Occur
Benefiting from an Outage
Handling Negligent Pentesters
Do No Harm
Team Equipment
Communication Security
Data Creep
Genre/Form
Electronic books.
Also listed under
Bookmark As
Citation
