OwlTail

Cover image of Adrian Sanabria

Adrian Sanabria Podcasts

Read more

7 of The Best Podcast Episodes for Adrian Sanabria. A collection of podcasts episodes with or about Adrian Sanabria, often where they are interviewed.

Read more

7 of The Best Podcast Episodes for Adrian Sanabria. A collection of podcasts episodes with or about Adrian Sanabria, often where they are interviewed.

Updated daily with the latest episodes

Episode artwork

Enterprise Deception - Adrian Sanabria - ESW #160

Play
Read more

Adrian is an Advocate at Thinkst, the company behind the awesome and much loved Thinkst Canary. A former practitioner, PCI QSA, penetration tester, industry analyst and entrepreneur, he has explored many angles of the security industry, attempting to understand what makes it tick and what makes it fail. Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the industry, tell stories and still sees the glass as half full.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160

Nov 08 2019 · 26mins
Episode artwork

Enterprise Deception - Adrian Sanabria - ESW #160

Play
Read more

Adrian is an Advocate at Thinkst, the company behind the awesome and much loved Thinkst Canary. A former practitioner, PCI QSA, penetration tester, industry analyst and entrepreneur, he has explored many angles of the security industry, attempting to understand what makes it tick and what makes it fail. Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the industry, tell stories and still sees the glass as half full.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160

Nov 08 2019 · 26mins

Similar People

John Strand

Michael Bazzell

Ron Gula

Chris Sanders

Troy Hunt

Jeff Man

Gabe Gumbs

Mike Nichols

Sumedh Thakar

Ryan Hays

Mehul Revankar

Brian Ventura

John Loucaides

Lesley Carhart

Chris Morales

Episode artwork

Episode 31 – Killing the Pen Test with Adrian Sanabria

Play
Read more

The penetration test, or pen test as it's commonly referred to, is one of the great necessary evils in Infosec today.  My guest for this episode is Adrian Sanabria, who has an interesting thought - let's kill the pen test!  Adrian has been in the industry for quite some time in quite a variety of roles, so he has some great experience and insights to share.  Let's see what his replacement for a pen test entitles! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

May 20 2018 · 49mins
Episode artwork

Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)

Play
Read more

Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)

Advanced Persistent Security Podcast

Episode 44

Guests: Adrian Sanabria

April 26, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)

Show Notes

In this episode, Joe is joined by Adrian Sanabria. Adrian is a co-organizer of BSides Knoxville and one of the founders of dc865. We discuss Adrian’s background in technology and how he came into security in the days before PCI. Adrian talks about his transition into working at 451 Research in terms of terminology and industry analysis.

Joe and Adrian talk about Savage Security and RSA Conference. Adrian tells us about his (then forthcoming) presentation at RSA Conference. Adrian’s presentation is called It is Time to Kill the Pen Test and why it is important. He cites Haroon Meer’s Keynote at 44con in 2011 as a thought provoking idea that spawned this.

Pen testing as a skill is not the problem, it is the service offering that is. Adrian cites inefficiencies like vulnerability scanning and reporting at the same rate as the test. We talk about the advanced attacks versus sticking to the basics. Adrian talks about prioritizing breach simulations and ransomware simulations over a pen test.

We talk about the scoping documents of pen tests and how they are relative to actual attacks and their objectives. The fact that not all adversaries attempt to get domain admin, while others try to perform defacement or exfiltration. Adrian mentions Haroon’s quote:

Pen testers are not emulating attackers. They are emulating other pen testers.

Adrian talks about the lack of responsiveness of blue teams during pen tests. We talk about the mentality of many attackers of wanting to “pwn the world” vice enhance the security of an organization. Adrian calls for more “white box testing.” Joe mentions the lack of analysis of OSINT as another inefficiency in pen testing. We also discuss the fact that dwell time is so high that expecting a black box test is almost unrealistic.

Adrian talks about some metrics associated with MSSPs detecting him when doing breach simulations. We talk about C2 and other indicators such as the use of TOR. We talk about how to make the industry better.

About Adrian:

Adrian Sanabria is Co-Founder and Director of Research at Savage Security. Sanabria’s past experience includes 13 years as a Defender and Consultant building security programs, defending large financial organizations and performing penetration tests. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Sanabria learned the business side of the industry as a research analyst for 451 Research, working closely with vendors and investors. He is an outspoken researcher and doesn’t shy away from the truth or being proven wrong. Sanabria loves to write about the industry, tell stories and still sees the glass as half full.

Contacting Adrian:

Twitter: @sawaba
Blog

BSides Knoxville:

Website
Registration
Date: May 18, 2018
Locations: Scruffy City Hall, Preservation Pub, Knoxville Entrepreneurial Center
8:00 AM – 6:00 PM

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

The post Killing the Pen Test & BSides Knoxville (with Adrian Sanabria) first appeared on Advanced Persistent Security.

Apr 26 2018 · 59mins

Most Popular

Elon Musk

Barack Obama

Bill Gates

LeBron James

Mark Cuban

Michelle Obama

Melinda Gates

Arnold Schwarzenegger

Kevin Hart

Terry Crews

Mike Tyson

Episode artwork

Adrian Sanabria, Savage Security - Paul's Security Weekly #556

Play
Read more

Adrian is the Research Director and Co-Founder of Savage Security. He spent a decade building security programs and defending large financial firms. He also spent many years as a consultant, performing penetration tests, PCI audits and other security-related assessments. He joins Paul and the crew this week for an interview!

Full Show Notes: https://wiki.securityweekly.com/Episode556 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Apr 22 2018 · 53mins
Episode artwork

Adrian Sanabria, Savage Security - Paul's Security Weekly #556

Play
Read more

Adrian is the Research Director and Co-Founder of Savage Security. He spent a decade building security programs and defending large financial firms. He also spent many years as a consultant, performing penetration tests, PCI audits and other security-related assessments. He joins Paul and the crew this week for an interview!

Full Show Notes: https://wiki.securityweekly.com/Episode556 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Apr 21 2018 · 53mins
Episode artwork

Episode 13: Navigating the Complex Security Marketplace with Adrian Sanabria

Play
Read more
Welcome to Episode 13 of the Digital Guardian Podcast! Special guest Adrian Sanabria joins our hosts Will Gragido and Thomas Fischer to discuss the current state of the security market and how buyers and professionals alike can help increase transparency in the industry.
Sep 12 2017 · 46mins