Mar 23rd, 2018
A presentation by Paul Midian, CISO of Dixons Carphone and ex-chairman of CREST
The talk will address the reasons that a lot of good security consulting advice does not seem to get acted on by clients.
All too often penetration testers find themselves frustrated when they do a test, find some cool things, provide recommendations to the client to mitigate findings…….only to go back six months later to retest and find the same again.
Not only is this somewhat tedious for the penetration tester, but it leaves you wondering what is going wrong in the client. Are they not listening? Not interested? Not bothered? Do they not understand how awesome the report is? Or is there something else going on?