Does A Frog Have Scorpion Nature? "Hunky Sales Dudes" with Dan Tentler
Mar 16, 2026
Dan Tentler, a security practitioner and conference speaker, tells technical and consultancy stories from penetration testing. He calls out fake pen tests, broken RFPs, and dangerous low-cost OT bids. He explains how scans can crash PLCs, the file-share landfill problem, honeytokens, and how conference hype and vaporware distort the industry.
AI Snips
Chapters
Transcript
Episode notes
Pen Tests Are Mostly Box Checking
- Pen tests are often checkbox exercises that prioritize sales and appearances over technical value.
- Dan describes firms sending junior hires and canned scans that produce long fluff reports with one real finding, leaving customers pissed and unsafe.
RFPs Misprice Complex Security Work
- RFPs frequently ask for unrealistic scope and low budgets because procurement writers don't understand security costs.
- Dan recounts an RFP that demanded extensive on-site OT assessments yet offered a fraction of normal rates.
Don't Nmap OT Networks With Default Fingerprinting
- Avoid aggressive network scanning in OT environments because malformed probes can crash PLCs and cause physical harm.
- Dan warns Nmap OS-fingerprinting packets can hang PLCs and trigger dangerous cascade failures.