Penetration Testing in a Sentence - UnixDaemon: In search of (a) life

Penetration testing is tactical. It provides tangible, actionable information – Ivan Arce

It’s been a while since I’ve been involved in pen testing but the above quote from Ivan is perfect and its meaning all too often overlooked. When you invest the time in something like pen testing or performance tuning you should always come away with a list of actionable tasks.

By doing this you ensure the work wasn’t pointless (or if it was avoid repeating the mistake) and have something you can present to stake holders to get buy in for the next time. It’s also easier to automate some of the scut work if you have a solid list of tasks and outcomes.

On the flip side it’s also worth considering how actionable some of your other automated processes are. Does every Nagios error have a solution to resolve it? Do actions emerge from your graphs or do they just add background noise?