Achieving DORA Threat-Led Penetration Testing Requirements

Gain in-depth view into DORA’s threat-led penetration testing framework with practical guidance on how to integrate offensive security services.

As the compliance deadline for the EU's Digital Operational Resilience Act (DORA) approaches in January 2025, financial institutions and their ICT providers must prepare to meet the regulation’s stringent Threat-Led Penetration Testing (TLPT) requirements.

We’ll provide an in-depth overview of DORA’s TLPT framework, offering practical guidance on how to integrate offensive security services to meet regulatory demands and ensure resilience against cyber threats through penetration testing. 

Attendees will gain a clear roadmap for achieving DORA compliance through a strategic approach to testing, threat intelligence, and vulnerability remediation.

Key Takeaways:

  • Detailed breakdown of DORA’s TLPT requirements and their implications financial services and ICT providers
  • How to design and implement a compliant TLPT framework that enhances organizational resilience
  • Key offensive security services that organizations should seek to fulfill DORA requirements
  • Best practices for selecting external testers and aligning testing processes with regulatory standards
Trevin Edgeworth

About the speaker, Trevin Edgeworth

Red Team Practice Director

Trevin Edgeworth is the Red Team Practice Director at Bishop Fox, where he focuses on building and leading best-in-class adversary emulation services to help customers of all sizes and industries strengthen their defenses against current and emerging threats.

Trevin has over 20 years of security experience; he has built and overseen red team programs for several Fortune 500 companies, including American Express, Capital One Financial, and Symantec Corporation. Other accomplishments include leading a security organization as Chief Security Officer (CSO) for a major security company. Trevin has led a variety of security functions in his career, including cyber threat intelligence, hunt, deception, insider threat, and others.

Trevin is an active member of the security community. He has presented at several industry conferences and been interviewed by leading publications on topics such as red teaming and threat intelligence.

More by Trevin
Rob Ragan

About the speaker, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob
Matt Twells

About the speaker, Matt Twells

Senior Solutions Architect

Matthew Twells is a Senior Solutions Architect at Bishop Fox focused on technical scoping of client engagements, training and development, and sales enablement. He graduated from the University of Reading in Reading, England with a B.A. (Hons) in Economics, and has spent time working in the British Army as a Secure Communications Engineer, working with the National Health Service as part of the Cyber Defense Operations Center (CDOC) team during the COVID-19 pandemic and subsequently in a variety of cybersecurity consulting, technical project management, internal audit, and penetration testing roles over the last 7 years.

More by Matt

Extend Your Knowledge

Check out these related resources.

Computer with financial services and security icons and blog title Navigating Dora compliance.
Industry

Sep 17, 2024

Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing

By Bishop Fox

Headshot of Harley Geiger, counsel at Venable LLP and title of blog
Industry

Aug 28, 2024

Offensive Security Under the EU Digital Operational Resilience Act (DORA)

By Harley Geiger

Preview of Bishop Fox Red teaming Guide cover page on dark purple background.
Guide

Getting Red Teaming Right: A How-to Guide

Read our eBook to learn how Red Teaming can provide the ultimate training ground for your defenses, assessing how well (or not) intrusions are detected and how an attacker can move throughout your network to achieve exfiltration.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.