Managing Misfits: Lessons Learned from a decade leading a penetration testing team.

Discord - https://bit.ly/BSidesDFWDiscord Twitter - http://bit.ly/Nerbies Becoming a successful penetration tester can be extremely difficult. Building a successful penetration testing team, whether an internal corporate red team or a professional services penetration testing team, can seem impossible. Krissy and Nick both worked as junior penetration testers early in their careers and have since played integral roles in helping organizations build robust red team capabilities, but not without collecting some scar tissue along the way. In this presentation, Krissy and Nick will cover the aspect of penetration testing that gets significantly less attention than the latest attack techniques and tool drops – the business of red teaming. These red teamers turned business leaders will cover how they made the transition into leading their own teams; how they find, hire, build, develop, and retain top talent; how they work with their clients and internal corporate partners to manage penetration testing expectations; and most importantly of all… how they manage a team of misfits (because let’s be honest, we are all misfits here). Krissy Safi is the Attack & Penetration Testing Practice Lead at Protiviti (a global consulting firm). Prior to joining Protiviti, Krissy was the North American practice lead at IBM’s X-Force Red. Krissy has nearly two decades of Information Security experience across all domains of security in support of Fortune 500 companies and government agencies, working throughout numerous international locations. Has developed multi-million-dollar security practices for both the private and public sector. Krissy holds her CISSP, ISSAP, and CISM. @nerbies Nick Britton is the Attack & Penetration Testing lead in Dallas at Protiviti and specializes in managing and executing projects in red/purple teaming, application security, and vulnerability management. Nick has over nine years of experience in red teaming and consulting and has built a mature penetration testing practice in Dallas over the last six years. Nick holds his CISSP, OSCP, OSWP, AWS Certified Solutions Architect – Associate, and other certifications.