SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact Us
Organizations often delay penetration testing because they feel unprepared, fear the results, or believe compliance and tooling alone equal security. This talk challenges those assumptions head-on.
Drawing from real-world attacker behavior, breach patterns, and hands-on experience, the presentation reframes penetration testing not as a pass/fail exam but as a practical learning tool essential to building resilient security programs. It explores how compliance-driven strategies and "Security Jenga" (exceptions, undocumented workarounds, layered shortcuts) create a false sense of confidence, and how attackers exploit small oversights using common, built-in system capabilities rather than exotic malware.
Attendees will learn why "not ready" is never a valid reason to skip testing, and how pen tests uncover unknown risks, validate investments, educate teams, and align security with real business objectives. The core message: attackers don't wait for readiness, and neither should you.


Jon Gorenflo brings enterprise penetration testing, incident response, and security architecture experience to SANS. CEO of ATTACKD, he co-authored SEC560, teaches SEC504, and leads community learning through Hackers Teaching Hackers.
Read more about Jon Gorenflo