Building PEN Testing Capability within your Security Department

Penetration Testing (a.k.a PEN-testing, pentest, Ethical Hacking) is a component of a well-defined cybersecurity portfolio aimed at testing whether an organization’s security measures are truly effective. Risk adverse entities such as insurance companies and PCI compliance look favorably on regular pentests. Universities tend to outsource this function rather than doing it in-house or a hybrid internal/external combination. Most likely due to the specialized skillset required and the difficulties of finding and/or training your security staff. In this presentation, I will speak on a new initiative at Thompson Rivers University to introduce PEN testing as part of TRU’s information security department. The talk will include getting started, a report template, and how to expose staff to the field of offensive security that may not have such a background.

Slide Deck

 

Speaker

JOHN CUZZOLA

Information Security Director | Thompson Rivers University

Formerly, the Network Manager and then Director of Information Technology for the Kamloops-Thompson School District No. 73 (SD73) since 2001 until March of 2021. From 2018, I have taught programming, Ethical Hacking, and Biometric Authentication as a TRU sessional instructor. I am also a research associate with Ryerson University's LS3 (Laboratory for Systems, Software and Semantics) division. My professional and academic interests include cybersecurity, penetration testing, deep learning artificial intelligence, and natural language processing. I hold a MSc. degree in Information Systems and a BSc. in Mathematics.