Audit +++

Joerg Simon

Seats Sold Out

Trainer Name: Joerg Simon
Title: Audit +++
Duration: 2 Days
Date: 4th and 5th February 2015


When it comes down to Information - Security, have you ever felt the need to stay unbiased and to stay out of the Compliance and Risk business or vice-versa if you are a Compliance - or Risk - Manager do you really understand the technical findings that you get from your testers?

Have you ever wondered if there is a better way to measure security and trusts, other than with threat-models?

Have you ever thought that just "capture the flag" might not be enough as a Security Test Result?

Are your unsatisfied by the security - solution industry?

As a brilliant technical mind, do you want to learn how to report technical findings in a way that management understands?

As a Security Manager, do you want to learn what you should demand from future Security-Tests and how to calculate the benefits from your Security-Projects?

This Training will give you answers and fits for all types of security professionals - the Security Tester as well as the Information Security Officer. Every lesson provides two kinds of exercises you can choose from whether technical or non-technical.

Certification Exam Available

Special offer only for nullcon - ISECOM, the creators and maintainers of the OSSTMM will provide the OPSE certification exam, OSSTMM Professional Security Expert with an discount of more than 60% - Special price of $199 for anyone who takes this training.
Get more details on it at

Topics covered

Security Test Demands and Standards in the International Enterprise

  • State of Security Test Compliance in the Enterprise
  • ISO and why it does not work for Security Tests & Research
  • Compliance Killer an Intro to alternate, new Methods and Standards
  • Exercises to compare methods and to think out of the box
What to expect?
  • You will learn what Enterprises use in their organizations, how they implement IT - Security and Compliance - Why and where they fail and where they benefit from Compliance and Standards.
  • You learn where you benefit from supporting methods like the OSSTMM, OpenDeem and others to enhance the Security Management Lifecycle in your Enterprise Organizations

Fedora Security Lab (FSL) as a Security Test Platform

  • Intro to the platform
  • Hand on Exercises
  • Fedora Security Test Bench
  • Setting up the Platform (hands-on)
What to expect?
  • You will learn how to handle FSL as one possible test - platform and to set up the test-environment based on Fedora Security Test Bench.

The Open Source Security Test Methodology Manual (OSSTMM)

  • The OSSTMM Testing Steps
  • Pre-Test(Sales & Marketing, Pre-Assessment), Contracts & Testplan, Legislation & Ethics, Testing and Limits, Report
  • Lessons learned from Exercises 1 and 2
  • Security Channels
  • Induction - deep dive + exercises
  • Inquest - deep dive + exercises
  • Interaction - deep dive + exercises
  • Intervention - deep dive + exercises exercise along the 4point process
  • The Risk Assessment Values
    • OSSTMM Risk Assessment Value vs Thread Modeling
    • Deep Dive + Analysis according to the OSSTMM RAV
  • Hacking Trust
  • Trust-Analysis and Trust-Verification

Insider - Preview to the OSSTMM 4!

What to expect?
  • This teaching get's you started with the international de - facto Standard for Security Tests, the OSSTMM. Learn your way around the most important parts of the OSSTMM and how you can use it to improve your work as a Penetration Tester and how it helps the Security - Manager as a catalyst to keep the Information Security Management going.

OpenDeem as a part of the Fedora Security Lab (this fast - track is given by the creator of Open Deem, Marcel Reifenberger)

  • Introduction to Open Dynamic Efficiency Evaluation Methodology as a Method and Metric to calculate the financial value/risk of a project or any activity where financial risks is involved.
  • Excersizes on the Metric
What to expect?
  • Learn how to identify the maximum justified investment limit and how to quantify the efficiency of your Security - Projects.

Skill and knowledge required

Technical or non - technical Security Professional, does not really matter
  • be willing to think out of the box and do some mind - twisting new stuff.
Prepare yourself with
If you want to take the exam you might want to focus on:
Technical folks might want to visit
What not to expect?
  • Pure technical hands - on training.
  • The boring Standard&Guidelines Theory.
  • Printed Books and Handouts.
What you will need to bring

a current Laptop which is able to boot FSL from USB - Key Pen and Paper might help as well

About the Trainer

Joerg Simon is an active contributor to various Open Source Projects. You can see results of his work as a ISECOM team - member, where he created the OSSTMM - Lab as a platform for teaching security - and within the Fedora-Project, where he works on Security Test Applications like dsniff, unicornscan or others. He maintains the official Fedora-Security - Spin and left his traces as the former FAmSCo Chair and a member of the Fedora Board. He is in charge at HIC AG on Audit - Services, Research and Development.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved