In previous versions of the OSSTMM a primary focus was on what we do as security testers. Due to the success

of those releases and the OSSTMM’s growing approval amongst the IT security community, I have had the

continued pleasure to expand upon the OSSTMM. To help deliver this methodology, I created the OSSTMM

Professional Security Tester (OPST) and Analyst (OPSA) certifications. I’ve had the pleasure to teach these now

on a number of occasions, and it has been during some of these classes that I have observed a growing

requirement to define why we do security testing.