Learning Center Home > Data Security > Penetration Testing: The Humanity Behind the Hacking

Penetration Testing: The Humanity Behind the Hacking

Data Security

Having issues accessing the video above? Watch the video here.

SecurityMetrics Podcast | 10

Penetration Testing: The Humanity Behind the Hacking

Paul Poh (CISSP, CISM, CRISC, CIPP/US) has had an interest in cybersecurity since before the internet as we know it existed. From his first exposure to the “Morris Worm” in the early ‘90s as a software engineer at Tufts University, to his current role as Partner at Radical Security, Paul’s mixture of curiosity and wisdom have helped him maintain the perspective needed to be a successful penetration tester. He shares his insights with our Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) on why it’s the small things that can take down an organization’s security. 

“Your Software Development, Engineering, and DevOps can all be great. But a malicious actor can still break a password, attack your source code, and insert a backdoor that would then be pushed into production. You can do a great job protecting production, but if a hacker can find something small, they will.”

Listen in to learn:

  • Case studies that compare typical security measures to actual threats and vulnerabilities

  • Penetration testing requirements, preparation, tips, timing, timeline, and best practices 

  • Tips for choosing a penetration testing firm and the surprising qualities that make for a good pentester


Paul Poh on LinkedIn

Download our Guide to PCI Compliance! - https://info.securitymetrics.com/pci-guide-2020

Download our Guide to HIPAA Compliance! - https://info.securitymetrics.com/hipaa-guide-2020

SecurityMetrics Podcast: The latest in data security and compliance


This podcast is available on all your favorite podcast platforms, such as:

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.