EPISODE · Aug 11, 2025 · 48 MIN
From barking to Meow: mature pentesting (WHY2025)
from Chaos Computer Club - recent audio-only feed · host Mischa Rick van Geelen, Brenno de Winter
In a world of relentless cyber-threats, MIAUW (Methodology for Information Security Assessment with Audit Value) turns every pentest into a high-impact, traceable mission. This session reveals how its storyline-driven playbook fuses technical exploitation, legal rigor and forensic reporting into a reusable blueprint that regulators love and attackers fear. Expect war-stories, live-demo snippets, and a roadmap to weaponize compliance while clawing back control over risk. This talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight. We begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight. MIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings. In this session, we’ll cover: - How MIAUW works: from the first conversation to the final deliverables. Why including an auditor raises the bar for quality, traceability, and board-level trust. - Real-world stories of organizations that transformed their security posture through structured offensive testing. - How to get started with MIAUW, even when working with external testing partners. Whether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/NLDDV7/
What this episode covers
In a world of relentless cyber-threats, MIAUW (Methodology for Information Security Assessment with Audit Value) turns every pentest into a high-impact, traceable mission. This session reveals how its storyline-driven playbook fuses technical exploitation, legal rigor and forensic reporting into a reusable blueprint that regulators love and attackers fear. Expect war-stories, live-demo snippets, and a roadmap to weaponize compliance while clawing back control over risk. This talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight. We begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight. MIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings. In this session, we’ll cover: - How MIAUW works: from the first conversation to the final deliverables. Why including an auditor raises the bar for quality, traceability, and board-level trust. - Real-world stories of organizations that transformed their security posture through structured offensive testing. - How to get started with MIAUW, even when working with external testing partners. Whether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/NLDDV7/
NOW PLAYING
From barking to Meow: mature pentesting (WHY2025)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Feb 8, 2026 ·4m
Jan 30, 2026 ·6m
Jan 2, 2026 ·47m