Oakley / Butler | The Business of Hacking | Buch | 979-8-8688-0173-0 | www.sack.de

Buch, Englisch, 306 Seiten, Format (B × H): 155 mm x 235 mm, Gewicht: 487 g

Oakley / Butler

The Business of Hacking

Creating, Developing, and Maintaining an Effective Penetration Testing Team
1. Auflage 2024
ISBN: 979-8-8688-0173-0
Verlag: Apress

Creating, Developing, and Maintaining an Effective Penetration Testing Team

Buch, Englisch, 306 Seiten, Format (B × H): 155 mm x 235 mm, Gewicht: 487 g

ISBN: 979-8-8688-0173-0
Verlag: Apress

There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that.

The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client’s requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience.

The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions.  

What you’ll learn

  • How to handle and ongoing develop client relationships in a high end industry
  • Team management and how the offensive security industry comes with its own unique challenges. Experience in other industries does not guarantee success in penetration testing.
  • How to identify, understand, and over-deliver on client expectations.
  • How to staff and develop talent within the team.
  • Marketing opportunities and how to use the pentesting team as a wedge for upsell opportunities.
  • The various structures of services available that they may present to their clients.

Who This Book Is For

This book is written for anyone curious who is interested in creating a penetration testing team or business. It is also relevant for anyone currently executing such a business and even for those simply participating in the business.

Oakley / Butler The Business of Hacking jetzt bestellen!

Zielgruppe

Professional/practitioner

Autoren/Hrsg.

Oakley, Jacob G.
Butler, Michael

Fachgebiete

Weitere Infos & Material

Introduction

Chapter 1: Finding and Retaining Talent

The unique challenges of finding and retaining talented hackers

Advertising positions

Identifying talented individuals beyond their resumes

The improved interview process

Retention through mission and collaboration

Chapter 2: Understanding Clients

The types of clients

Client point of view

Client requirements

Going beyond what a client thinks they want

Client relationship pitfalls

Chapter 3: Team Management

Time management

Operational management

Team climate

Transparent management practices

Experimentation

Chapter 4: Developing Hackers

Certifications and Training

Conferences

Development within the team

Development through challenge

Chapter 5: Engagement Management and Security

Do not degrade security

Information security

Communication security

Breaking an engagement down

The uses and limitations of operational checklists

Client interaction and communication

Chapter 6: Effective Web / Mobile Application Testing

Client goals

Scoping the assessment

Unique challenges of app testing

Safety concerns

Authenticated vs unauthenticed

Source code

Ensuring an effective test

Chapter 7: Effective Testing in Cloud Environments

Client goals

Scoping the assessment

Unique challenges of cloud environment testing

AWS, Azure, and GCP

Ensuring an effective test

Reporting what matters

Chapter 8: Effective Network Testing

Client goals

Scoping the assessment

Unique challenges of network testing

Safety concerns

Stealth or the lack thereof

Taking network testing to the next level

Ensuring an effective test

Chapter 9: Hacking Acquisitions

Different acquisition scenarios

Evaluating risks unique to acquisition scenarios (standard, supply chain, etc)

Client goals

Unique challenges of acquisition testing

Preventing an adversarial test

Chapter 10: Closing the Engagement

The importance of the report

How to make your reports look better than most

Handling “no finding” reports

How to not surprise the client

Outbrief format

Recommendations

Remediation testing

Follow up

Chapter 11: Adversary as a Service

Campaigns

Intelligence Creation

Adversarial Cost Benefit

Influence Study

Chapter 12: Scaling

Scaling operations

Scaling time management

Scaling team management

Scaling tester development

Metrics tracking

Example

Chapter 13: The Wedge

Hacking as a wedge

How to use the outbrief to upsell

Follow up services

Turning an on-time test into an ongoing relationship

Chapter 14: Regulated Sectors

Specific challenges of regulated sectors

HIPAA

Finance

Gov / RMF accredidation

FEDRAMP

Chapter 15: Practicality of cyber war

Legality Issues

Attribution Issues

Operational Constraints

Misconceptions

Chapter 16: the business of cyber war

Infrastructure

Exploits

Implants

Effects

Influence Operations

Chapter 17: new frontiers

Space systems

Attacking ML

Strategic security

Resilience

Chapter 18: Hacking and the infinite game / cost benefit

Understanding game classification

Gamification

Game Theory

Games within games

Michael Butler is a cybersecurity subject matter expert with 12 years of experience focusing on building, developing, and leading teams of ethical hackers. He is a primary instructor and developer of an offensive cloud security course taught both privately and at Blackhat conferences in the United States, Europe, and Asia. He has previously collaborated with Dr. Oakley as the technical reviewer for Professional Red Teaming and is the co-author of Theoretical Cybersecurity: Principles and Advanced Concepts (Apress, 2022).

Dr. Jacob G. Oakley is a cybersecurity author and subject matter expert with 16 years of experience focusing on strategic enterprise level cybersecurity architectures as well as offensive cybersecurity operations within government and commercial sectors. His previous technical books, Theoretical Cybersecurity, Professional Red Teaming, Waging Cyber War, and Cybersecurity for Space, are also published by Apress. Cybersecurity Engagements, as well as Waging Cyber War: Technical Challenges and Operational Constraints.   

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.