tatersToday I get to meet with my 3rd party pentesters to go over the results of their test that, for the second engagement in a row, blatantly disregarded our agreed upon scope. I swear, the communications aspect of my job is the hardest - I just want to start the meeting with "Alright you knuckledragging fuckwits..."
b1sh0p@taters You had me at "knuckledragging fuckwits"
@willard haha. I mean come on, what part of "please do an external pentest, here's our IP ranges" meant "please harvest a list of our users and send them phishing messages? Or when I said "here's the urls for the webapp tests", I must have accidentally also said "please test all these other sites, including ones we don't own, and include them in the report". I'm just shit at this I guess!