Seamus Tuohy

Currently using a shell script to find all pdf's and printing needed sub-sections by hand. This will not do when giving a training with a quicker lead-time. For this we...

Create / Find Example Data Flow Diagram for Vuln Assessment training

1

These are to be used with the elevation of privilage activity.

Maybe there is a chance to develop an example that goes through the sections: found in network mapping, analyzed as a vulnerability, prioritized as important, recommendation formulated to mitigate its...

empathy is also important here in reporting, because otherwise it may read as “we are totally owned, but I don't even understand how”

A visual example of the risk matrix would be fantastic

Add guidace for reporting on how to determine what level of feedback to provide an organization.

1

Confirm with the host organization who they want/need to share it with - board, funders, trainers – and write sections accordingly The vulnerability analysis section creates a TON of content....

Maybe stress here that you should give yourself a walk or so to reflect on what to do here, it's a make or break moment for the organization, so it...

for this section, it would be great to add the top go to points for not so techy auditors: licenses, firewall, antivirus, etc.

ask the question of what users do when something is wrong with the device (e.g. if its their private laptop will they bring it to the IT admin or their...

Emphasise that there is a balance between being very empirical (“give me your device and let me run a few tests that you don't need to understand”) and very emphatic...