Just wanted to remind you all that I'll be needing your WSU material and write-ups. I'm working on the base template for the reports this year and will send that out when I have it ready. I'll taking some of the things I liked about the format last year and making some new changes as well.

If you had a SANS control, please follow last year's format of: MATURITY SCORE: w/ reference to last year's score and any change

ASSESSMENT FINDINGS:

TESTS AND METRICS:

RECOMMENDATIONS:

REFERENCES:

COMMENTS (optional): Any editorializing or other information you wish to offer the institution that doesn't fit in the above sections.

Otherwise, please just organize your pen-test findings, screenshots, tool reports, etc.

Maybe something like:

FINDINGS: ie, what you were able to do, get to, etc.

TESTS: How you did it.

RECOMMENDATIONS: w/ a tie-back to specific SANS controls that would mitigate your attack vector.

Thanks, Andrew