2 hours 9 minutes
Oh, everybody and welcome back. So before we jump into the material, let's talk about a few disclaimers. I want you to pay special attention to what we're getting ready to talk about, because it could save you some trouble in the long run.
So when you're working on a pin test or something of that nature of security test, you're using tools. Keep in mind that there may be some laws and legal stuff that you need to be aware of. So in order to keep yourself out of jail, always make sure that you're doing work with permission explicitly that there's no room for kind of gray area, that you're doing everything within a
a kind of a scope of service or scope of work
and that, you know, that's protecting yourself. Any time you get ready to work on a system, make sure you've got some identification and damage control in place, kind of like with a surgeon before you, you know you're going to get a procedure done. They warn you about all the gruesome things that could happen, and it's just a way to cover yourself and make sure that there's no surprises,
and that your client is an upset or disturbed by, you know, kind of.
If something happens along the way,
if you've got a client that wants you to do, like a hat back like, Hey, I've been hat. Can you hack the hacker? Don't do it that can get you landed in jail. Just stay away from doing that type of retaliatory work.
License isn't. Certification may be applicable to your area, so just give those a look and make sure that you're doing everything you can to stay above board and that you don't run into any issues with respect to being legitimate in your world. Then you and your addiction can get a little fuzzy. If you're working on a New York on a pin test in South Carolina with systems in Pennsylvania,
you know, where's the
where's the line? In the sand? Where do you know? You know what the laws are? What you follow. Just figure those things out in your legal work in your contracts. Privacy issues. If you gain access to sensitive information such as P II, which is personally identifiable information or some type of confidential data,
what do you do? How do you react. How do you report that etcetera?
Who owns your reports and information is a big part of any contract and work that you do and duty to warn that should be defined in a contract with respect to how do you report a breach? Do you have an obligation to report a breach, etcetera? So just make sure that you're above board everything that you're doing and that you're using these tools responsibly.
Ultimately, what we're trying to do here is we're trying to stay out of jail because
I I for one, I don't like jail. I don't think jealous fun. I don't think it's anything that anybody wants to do. So let's just make sure as we move forward and we work together that we used these tools responsibly. So I look forward to working with you and let's go ahead and jump right into our material