A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


MSSPs are great...and other lies I tell myself - Scott Thomas GrrCON 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

MSSPs are great...and other lies I tell myself
Scott Thomas
GrrCON 2019

Many orgs must deal with a MSSP at some point. They can be used for one-off pentests or up-to and including a managed front-to-back security service with a "virtual CISO?" It doesn't matter if you?re the junior analyst having to work side-by-side with them to accomplish your tasks or if you signed the contract and are responsible for paying them, there are things you should be sure they provide to you. I?ve worked with multiple MSSPs from small to very large and I?ve been an MSSP consultant. I will present some ideas on how to contract with one, some of the tricks they may use when working with you and how to ensure they are giving you what you?re paying for overall. If all else fails, I'll also detail some of the pain of the rip & replace method of switching MSSPs.

Back to GrrCON 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast