Every so often, a report gets presented which looks like it was written by the work experience student that was employed by the intern.
So what’s the best way to respond? I went on twitter to ask the opinion of folk who have to deal with this kind of thing on a regular basis, and distilled their wisdom into 15 tips.
Other honourable mentions go to:
— Mo Amin (@infosecmo) December 6, 2016
— Luushanah (@luushanah) December 6, 2016
@J4vv4D Cannot accept this finding. Please provide more information and evidence. If they explain it better, yay, if they can’t we’re done
— B Miller (@Securithid) December 6, 2016
@J4vv4D ask “what’s the risk”
— EoinKeary (@EoinKeary) December 6, 2016
@J4vv4D dear auditor this is my implementation plan: # rm -rf /audit , hope you understand my point
— Juanes (@hcjuan04) December 6, 2016
— BrianHonan (@BrianHonan) December 6, 2016