Security through obscurity means better operational security
What I personally like so much about being a penetration tester, is
that (I'd like to think that) we make the world a safer place. Better
security means better privacy means more democracy.
It's not about telling people what "they" did wrong. On the contrary,
it's a learning process for all of us. No single application, network
or system is the same. Each company has its own risk model, which
means that there often is no one-size-fits-all solution.
It's about "how can we improve the security" for everybody. That's why I think it's so important that penetration testers should lead by example. Apply proper operation security procedures themselves.
Recently my first Pluralsight course was published, operational security for penetration testers. It deals with what opsec is, and how to apply it to your penetration testing workflow. The trailer of the course can be found at https://www.youtube.com/watch?v=DSF6XbCxYGY. The course itself can be found on Pluralsight's site, https://www.pluralsight.com/courses/opsec-penetration-testers
As beautifully stated by the third law of OPSEC: "If you are not protecting it, the adversary wins".
more ...