Red Team
We are 2 members of the pentesting team at Target. In an organization of our size, there is no shortage of apps to test so the question becomes: how do you decide which apps are the most critical? This presentation will cover the main considerations we make when trying to answer this question and how we used data analysis to refine our algorithm. We will share our journey from drowning in pentest requests to curating our workload. This is not a topic we found much public material on when evaluating how other organizations overcame this challenge. It’s our hope that we can give internal pentest teams some guidance instead of making the same mistakes we did.
Emerson is an accomplished Penetration Tester and security professional with over 7 years of experience working in the InfoSec space. His passion for finding and exploiting vulnerabilities, coupled with a strong business acumen has allowed him to provide deep value to clients and employers when evaluating application security posture and driving remediation efforts. Emerson is a graduate of Minnesota State University Mankato, where he and Dan Salmon frequently collaborated and deepened their hacking knowledge. Outside of work, Emerson's hobbies include competing in Track and Field, cooking, and reading.
Dan is a hacker with 5 years of professional experience in web security testing. He leverages development knowledge to aide in source code analysis as well as building new offensive tooling for his team. He has published many open-source security tools including a printer honeypot, a popular S3 bucket scanner, and a dataset of scraped Venmo transactions that received a lot of tech media attention and a Wired opinion piece. Dan enjoys learning new tech and finding interesting ways to break it. You can find him blogging about silly projects at danthesalmon.com.
We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!
