NODE://TRANSMISSIONS
Notes from the field.
Opinions from the people doing the work — on why a scanner is not a pentest, why you should buy incident response before you need it, and why good compliance starts by deleting scope. No vendor fluff.
A scanner is not a penetration test
If your "penetration test" was delivered the same day it started and the report is a recoloured Nessus export, you did not get a pentest. You got a false sense of security.
Read transmissionBuy incident response before you need it
The worst time to negotiate an incident-response contract is while an attacker is in your network. Prepaid hours mean the only call you make is the one that helps.
Read transmissionThe cheapest control is the one you delete
Most compliance projects start by writing policies. The good ones start by shrinking what is in scope — because the control you remove is the one you never have to maintain.
Read transmission