Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Not Ready for a Pen Test? Attackers Don't Care

  • Thu, Mar 5, 2026
  • 6:30PM - 7:30PM JST
  • English
  • Jon Gorenflo
  • Technical Presentation
Login to register
Webcast Hero

Organizations often delay penetration testing because they feel unprepared, fear the results, or believe compliance and tooling alone equal security. This talk challenges those assumptions head-on.

Drawing from real-world attacker behavior, breach patterns, and hands-on experience, the presentation reframes penetration testing not as a pass/fail exam but as a practical learning tool essential to building resilient security programs. It explores how compliance-driven strategies and "Security Jenga" (exceptions, undocumented workarounds, layered shortcuts) create a false sense of confidence, and how attackers exploit small oversights using common, built-in system capabilities rather than exotic malware.

Attendees will learn why "not ready" is never a valid reason to skip testing, and how pen tests uncover unknown risks, validate investments, educate teams, and align security with real business objectives. The core message: attackers don't wait for readiness, and neither should you.

Meet Your Speaker

Jon Gorenflo
Jon Gorenflo

Jon Gorenflo

Information Security Consultant

Jon Gorenflo has strengthened cybersecurity through leadership in pen testing, incident response, and security engineering. His dedication to mentoring and knowledge-sharing has empowered professionals and enhanced defenses industry-wide.

Read more about Jon Gorenflo