Brian King Penetration Tester, Black Hills Information Security
Brian King has been pentesting webapps since 2008. He was the second hire into his employer's application security team at a time when "PCI" was brand new and long before bug bounty programs - when experienced webapp pentesters had to be made, not found. His internal training and coaching efforts built a successful team of 30 testers, few of whom had significant security experience before joining the team. Brian believes that webapps are the best targets for pentesting because although they all look familiar on the surface, they're all different and often in surprising ways. Each webapp is a collection of puzzles for a pentester and the first puzzle is figuring out where the other puzzles are! Once you get started, each test can be an engaging chance to practice your problem-solving skills and dive into new technologies.