Thanks for the feedback.

Fox

Thanks for the feedback. Actually, I think that the role of pentesting fits very well into a view of this. While doing an assessment, you can very easily articulate your findings into probabilistic phrases.

“Given an active adversary on a laptop on our network, I predict a 30% chance that this unpatched server will be found.”
“If these 6 vulnerabilities are fixed by my next engagement, I predict a 15% likelihood that I can move into the production subnet. If they are not fixed, I predict a 90% chance of success.”
“I predict a 1% detection rate of an adversary on this network, given that I have not seen any centralized logging or network detection infrastructure”.

Participating in things like the Good Judgement Open helps practice that phrasing.

Fox

Ryan McGeehan

Aug 19, 2018·1 min read

Ryan McGeehan

Writing about risk, security, and startups.

More from Ryan McGeehan

Writing about risk, security, and startups.

More From Medium

Quantifying your unknown risks.

Forecasting a headline risk: NetSpectre

Measuring “In the Wild” Exploitation

The next 50 years of cyber security.

Learning from cryptocurrency breaches

I Was Crushed When I Discovered I Was His “Third Tier” Girl

The GameStop Fiasco Proves We’re in a ‘Meme Stock’ Bubble

The 5 Habits That Will Help You Burn Fat Efficiently

About
Help
Legal

About

Help

Legal

Get the Medium app