SaaStock Sessions: 6 Steps to Building a Pentest Program for SOC 2 Compliance

Presented by

Alex Jones and Rory McEntee

About this talk

Welcome to SaaStock Sessions: 6 Steps to Building a Pentest Program for SOC 2 Compliance SOC 2’s COSO Principle 16 requires companies to select, develop, and perform ongoing and/or separate evaluations to test their security controls. Pentesting is an effective solution to this point, because it uncovers complex and chained exploits your scanners might have missed. What’s more, pentests can be standardized and linked into a formal program that systematically stress tests your systems monthly, quarterly, or as often as you need. But how do you set up a pentest program for SOC 2 compliance? That’s the question we’ve raised to Alex Jones, Information Security Manager at Cobalt, and Rory McEntee — Director of Application Security at SpringCM, a DocuSign company. In this webinar, you can expect to learn more from them about: ● The value of a pentest program, particularly in achieving SOC 2 compliance; ● How to set one up, from picking the right assets to deciding on how often to test; ● How a pentest program can help you prepare for SOC 2 audits; We'll finish up with a 20 minute networking session, just jump into the networking area to get automatically matched with another attendee at random, for a short speed-networking chat.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (19)
Subscribers (1450)
Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely. More than 800 organizations rely on Cobalt for their pentesting program needs. Customers include MuleSoft, GoDaddy, Verifone, HubSpot, PaloAlto, Cengage, Pendo, Axel Springer, and Credit Karma. To learn more about Cobalt, please visit