Dradis Course: Lesson 7

How to spend more time on creative hacking in every project

How to spend more time on creative hacking in every project

This lesson is really more of an assignment than anything instructional. I'm also going to tell you about the additional content and resources I'll be sending you over the next few days.

My hope is that what I've covered has opened your eyes. The fact is, there are lots of small things you can do on a day to day basis to shift the focus from the repetitious tasks to the fun parts. When you add all these small changes together, you'll significantly shift the balance of time you're spending in your projects to the more enjoyable creative hacking side of things. Granted, this shift doesn't happen overnight. Like with anything worth doing, it takes time. But if you work at it and are OK with experimenting, you will be able to significantly increase the time you spend doing what you love most.

I've done IT Security consulting for over 10 years. Some of the strategies covered over the last few days I had to learn the hard way. But, as I began to learn them, two interesting things happened:

  1. My team and I became more successful. Clients that had worked with us started asking our consulting company to assign our team to their projects whenever possible.

  2. Our clients became more successful too. By focusing on the goal of the assessment, focusing on the value of the deliverable, and maximizing the time spent in creative hacking, we were providing a much better service to our clients and their organizations. This shifted our relationship from "one of our vendors" to a true partnership. It became easier to close deals and we started getting a lot more referrals and repeat clients.

Why cutting the time you spend doing busy work is so important

When I started my career in InfoSec, there were no collaboration or reporting tools. We were not doing things with pen and paper, but we weren't much more evolved than that.

I soon realised I was spending an unreasonable amount of time on tasks that were adding zero value. I was spending hours manually crafting each report, sorting through my teammate's notes trying to extract all the individual findings without any duplication, etc.

I wasn't happy, my teammates weren't happy. Uur clients were paying for our time, and we were wasting it. And worse, all this overhead was eating into my "hacking time" for the project. That is why I created the Dradis Framework in 2007. There had to be a better way.

Fast forward 7 years

My colleagues and I were using Dradis on every project. Everyone was working together as a team, sharing our findings instantly and seamlessly. Reports rarely took more than half an hour to generate.

Our team could spend most of the time allocated to the engagement hacking, and a only a tiny fraction to reporting and busy work. Morale was up, our Technical Directors were happy that their consultants were happy, we found more bugs for our clients, and they were happier. It was win-win-win all around.

I've been working on Dradis every day for the last 10 years because I want others to experience that same liberation. Never-ending email threads, days spent reporting, and hours sunk doing repetitive tasks is not the only way for InfoSec professionals to work. A more fulfilling way exists.

That's why I shifted my focus from consulting to building Dradis Professional so I could help other teams discover a way to work better, together.

What's next:

I hope you got a lot out of this free course.

My goal was to help you get a good grasp of the strategy behind Dradis. This means focusing your efforts on the high impact areas to cut busywork and simultaneously increasing the value your clients receive. As I mentioned above, mastering this has helped me tremendously both personally and professionally. But, it's not really something that a lot of IT Security experts are all that familiar with.

Did you get something out of this course? Do you think others would also benefit? If so:

1. Could I get your review?

I put a lot into creating courses like this, so if you have a few minutes, I'd love for you to send me an email with what you thought of the course and what you plan on doing next.

2. Could you share this on Facebook and Twitter?

You probably know other InfoSec professionals, so would you mind sharing this free course with your friends and followers? I'd love for as many InfoSec aficionados as possible to learn about this stuff! Let's face it, a rising tide lifts all boats. The more people who practice these strategies, the more likely we'll all be to work with better and more knowledgable clients in the future.

Here's the link for "Mastering the Dradis Framework": https://dradis.com/academy/dradis-course/

Thanks, I appreciate it.

I'd love to hear your review (I read every email I get) and I'd greatly appreciate you sharing this course with your friends and peers on Facebook/Twitter.

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.