The Business of Hacking Creating, Developing, and Maintaining an Effective Penetration Testing Team

There is a plethora of literature on the topic of penetration testing, hacking, and related fields. These books are almost exclusively concerned with the technical execution of penetration testing and occasionally the thought process of the penetration tester themselves. There is little to no literature on the unique challenges presented by creating, developing, and managing a penetration testing team that is both effective and scalable. In addition, there is little to no literature on the subject of developing contractual client relationships, marketing, finding and developing talent, and how to drive penetration test execution to achieve client needs. This book changes all that.

The Business of Hacking is a one-of-a-kind book detailing the lessons the authors learned while building penetrating testing teams from the ground up, making them profitable, and constructing management principles that ensure team scalability. You will discover both the challenges you face as you develop your team of offensive security professionals and an understanding of how to overcome them. You will gain an understanding of the client’s requirements, how to meet them, and how to surpass them to provide clients with a uniquely professional experience.

The authors have spent combined decades working in various aspects of cybersecurity with a focus on offensive cybersecurity. Their experience spans military, government, and commercial industries with most of that time spent in senior leadership positions.  

What you’ll learn

• How to handle and ongoing develop client relationships in a high end industry
• Team management and how the offensive security industry comes with its own unique challenges. Experience in other industries does not guarantee success in penetration testing.
• How to identify, understand, and over-deliver on client expectations.
• How to staff and develop talent within the team.
• Marketing opportunities and how to use the pentesting team as a wedge for upsell opportunities.
• The various structures of services available that they may present to their clients.

Who This Book Is For

This book is written for anyone curious who is interested in creating a penetration testing team or business. It is also relevant for anyone currently executing such a business and even for those simply participating in the business.

Chapter 1: Introduction. -Chapter 2: The Capability.- Chapter 3: Finding and Retaining Talent.- Chapter 4: Team Management.- Chapter 5: Operational Management.- Chapter 6: Developing Hackers.- Chapter 7: Understanding Clients.- Chapter 8: Engagement Management and Security.- Chapter 9: Effective Web and Mobile Application Testing.- Chapter 10: Effective Testing in Cloud Environments.- Chapter 11: Effective Network Testing.- Chapter 12: Reporting.- Chapter 13: The Wedge.- Chapter 14: The Cyber Arms Dealer.- Chapter 15: New Frontiers.- Chapter 16: Infinite Cost Benefit.

Michael Butler is a cybersecurity subject matter expert with 12 years of experience focusing on building, developing, and leading teams of ethical hackers. He is a primary instructor and developer of an offensive cloud security course taught both privately and at Blackhat conferences in the United States, Europe, and Asia. He has previously collaborated with Dr. Oakley as the technical reviewer for Professional Red Teaming and is the co-author of Theoretical Cybersecurity: Principles and Advanced Concepts (Apress, 2022).

Dr. Jacob G. Oakley is a cybersecurity author and subject matter expert with 16 years of experience focusing on strategic enterprise level cybersecurity architectures as well as offensive cybersecurity operations within government and commercial sectors. His previous technical books, Theoretical Cybersecurity, Professional Red Teaming, Waging Cyber War, and Cybersecurity for Space, are also published by Apress. Cybersecurity Engagements, as well as Waging Cyber War: Technical Challenges and Operational Constraints.