BROADCASTS.com

The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, \u201cIs it our fault if they don\u2019t fix things?\u201d While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start.\nBut the real battle shouldn\u2019t be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? Do the defenders just not care or does the onus fall on the report? Everyone really wants the same thing: better security. To get there, the primary communication tool between consultant and client, offensive and defensive teams \u2014 the pentest report \u2014 must be consumable and actionable and tailored to the audience who receives it.\nIn the first half of this episode of Cyberwire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Hash Table members\xa0Amanda Fennell, the CIO and CSO of Relativity, and William MacMillan, the SVP of Security Product and Program Management at Salesforce. In the second half of the episode, Dan DeCloss, the Founder and CEO of episode sponsor PlexTrac, joins Dave Bittner discuss the politics around pentest reporting and how better reports can support real progress.\nLearn more about your ad choices. Visit megaphone.fm/adchoices