Presentations

The CPTC presentations occur only in the final round and involves a team presenting a set of slides as well as the pentest report to the board. These presentations are 10 minutes and all members are required to speak.

Example Presentations

Global CPTC has a few years of examples of presentations made by the final teams: https://github.com/globalcptc/report_examples

There are also several videos of these presentations on their YouTube channel: https://www.youtube.com/@globalcptc/videos

These are excellent places to look if you want to get an idea of what the best teams do.

How to Make a Good Presentation for CPTC

This section is primarily based on this post by Dan Borges, but also includes some comments from myself.

  • Remember that your presentation should always be appropriate for the person you are speaking to. Some people want a technical presentation and others want one that discusses business risks.

  • The primary goal should be to highlight overall risk

    • Make sure to mention what steps can be taken to remediate any vulnerabilities found.
    • The more specific your advice is, the better. Make sure that all recommendations apply to the company you are pentesting and show the true impact in a way that is easy to understand.

  • Dress appropriately for the audience.

  • "Keep eye contact"

  • Talk about issues in the retest as well as things that have been remediated successfully by the company.

  • Most of the presentation should be about the key findings and suggested remediations

My Views on Presentations

The following are things that most winning teams seem to include in their presentations:

  • Intro of the team
  • Very short description of methodology + some blurb about being holistic
  • Summary of vulnerabilities found as well as of how many vulnerabilities were remediated
  • Discussion of key findings
  • Compliance violations and recommendations (don't go overboard here)
  • Short and Long-Term recommendations for remediating vulnerabilities
  • A summary of all points at the end of the presentation
  • Leave around 2 minutes for questions at the end
  • Cite parts of the pentest (H.2 for 2nd High vuln) in the presentation)

results matching ""

    No results matching ""