TotalTest Simulations 2 Oh! From Exploits to Economics
Nebu Varghese
DEF CON 33 · Day 1 · Main Stage
In his DEF CON talk, "TotalTest Simulations 2 Oh! From Exploits to Economics," Nebu Varghese, a Senior Director in FDI Consulting's cybersecurity practice, presented a compelling framework designed to transform how organizations approach security testing. Moving beyond the limitations of traditional, one-off penetration tests and red team engagements, Varghese advocates for a continuous, data-driven methodology that not only identifies vulnerabilities but also quantifies their business impact and the return on security investment (ROSI).
AI review
A competent consultant repackages well-trodden ideas about continuous red teaming and security ROI into a proprietary framework with a name. Nothing here is new, the 'financial quantification' model is undergraduate-level arithmetic dressed up as innovation, and the closest thing to a technical contribution is mentioning BloodHound and Red Elk by name.