The Evolution of Offensive Security: Insights from Dave Mayer

The Evolution of Offensive Security: Insights from Dave Mayer

06/29/2023 | Phillip Wylie |

About The Guest(s):
Dave Mayer is an Offensive Security professional with extensive experience in Red Teaming and Penetration Testing. He has a background in computer science and has worked for companies like Citibank and Grim before founding Neuvik. Dave is also a mentor and educator in the field of Offensive Security.

Summary:
Dave Mayer, an experienced Red Team professional, shares his journey in the field of Offensive Security. He discusses his background in computer science, his transition from development to Red Teaming, and his work at Citibank and other consulting firms. Dave emphasizes the difference between Red Teaming and Penetration Testing, highlighting the intent and level of detail involved in each. He also provides insights into when organizations should consider conducting a Red Team operation and the importance of cloud security in today's hybrid environments. Dave recommends learning programming and scripting languages like Python and PowerShell to excel in Offensive Security. He also discusses the role of bug bounties and disclosure programs in finding vulnerabilities and improving security.

Key Takeaways:

  • Red Teaming is focused on remaining undetected and achieving a specific objective, while Penetration Testing aims to find as many vulnerabilities as possible across multiple systems.
  • Red Teaming should be conducted after organizations have matured their vulnerability scanning and Penetration Testing processes.
  • Cloud security is crucial in today's hybrid environments, and understanding cloud platforms and APIs is essential for Offensive Security professionals.
  • Learning programming and scripting languages like Python and PowerShell is important for automating tasks and building tools in Offensive Security.
  • Bug bounties and disclosure programs can be valuable for finding vulnerabilities and improving security, but organizations should provide clear contact information for researchers to report vulnerabilities.

Dave's social media and Neuvik website:

https://twitter.com/dmay3r

https://www.linkedin.com/in/dmay3r/

https://www.neuvik.com/

Podcast: Play in new window | Download