Hands-on, immersive CTI courses at the Cyber Threat Intelligence Summit & Training in January! Register for the free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Mind the Gap: going beyond penetration testing for security improvement

  • Tuesday, February 27, 2018 at 10:30 AM EST (2018-02-27 15:30:00 UTC)
  • Caspian Kilkelly


  • Rapid7 Inc.

You can now attend the webcast using your mobile device!



Security teams and leaders know the value of regular external and internal testing of technical controls for their organization's security program, but what about the other stuff? Subjects like IT security management, threat modeling, incident response and security architecture improvement aren't usually addressed in most penetration tests, and compliance driven audit processes rarely extend beyond the regulation or standard that is being audited. During this presentation, Caspian Kilkelly, senior advisory services consultant at Rapid7, will cover a few ways to examine, analyze, review and improve organizational and product-oriented security programs using data and experience from Rapid7's consulting teams. Drawing data and experience from penetration testing, research, incident response, and advisory services work, we'll examine common gaps in security programs, and ways of solving them using a cyclical approach to security improvement.

Speaker Bio

Caspian Kilkelly

Caspian Kilkelly (CISSP, CSM) has 20 years of experience in Security, IT operations and management. He has worked for international insurance, IT, health and entertainment organizations, large universities and cutting-edge startups. His security background includes event and organizational security consulting, asset management, physical security and crime prevention, digital forensics, incident response, and information security policy development. Caspian has spent the last 10 years of his career working as a volunteer with IHE and other medical informatics standards specialist groups in order to secure and audit medical devices and software entering the North American market. He is also part of the organizing committee for B-Sides Las Vegas and Defcon Skytalks. Caspian is a graduate of Concordia University’s Planning and Geography program in Montreal.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.