From the course: Soft Skills for Information Security Professionals
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Writing and reporting
From the course: Soft Skills for Information Security Professionals
Writing and reporting
- When you're putting together a security presentation or a report, the entire point is to convey some idea to your target audience. The last thing you want them to do is to tune out before they get to page two. Take this example from an actual pen test I ran a few years back. During one of my pen tests, I routed web traffic from a PBX admin app through a local proxy, exploiting a command injection vulnerability so I could cat the /etc/passwd file on an internal Linux box. Now, if you're technical, you might dig that explanation. You can imagine yourself running through that series of actions, and more importantly, your mind may already be racing with all the other commands that you could run next. If you're not technical, you probably tuned out by the time I got to PBX. I may as well have been speaking a different language entirely, and whatever point I was hoping to convey got lost in translation. I found…