Making the most out of your investment in penetration testing #
Penetration testing is an intensive and counter-intuitive service, and can be hard to define in comparison to Vulnerability Scanning on the one side, and Red Teaming on the other.
An advisory service on how to use penetration testers most effectively #
This service is provided by Nick Drage, who has over a decade of experience as a penetration tester, and over two decades experience in the cyber security industry.
The pentest advisory service comes with considerable experience of penetration testing methodologies and history, helping you fit this unique security service among the other services you may be engaged with. Especially if a penetration testing programme is initiated due to compliance requirements, it can be used to increase your overall security posture, and give developers and system designers an insight into how their infrastructure may be broken, and what choices they can make in future. We will either recommend trusted pentesting experts to provide the actual pentesting service, and ensure their methodology and output fits into your wider requirements; or give you the right questions to ask your current provider.
The pentest methodology is inherently adversarial, and unlike any other aspect of normal business operation. Ideally the developers and system administrators will provide help and access to penetration testers, while those same pentesters seek to illustrate misconfigurations or errors. Setting the groundwork with all parties is essential to making the most of penetration testing services, we will advise on how to achieve this within your organisation, and in a way that succeeds beyond working with any single pentesting company.
It is as important to cover what is excluded from this service, and why. Operational management of penetration testing is not included, the customer will be expected to manage individual engagements and their scheduling. In our experience these factors should be handled directly by the customer, with as few intermediaries as possible, to ensure specific technical requirements are shared directly between the most appropriate staff.
Another solution is to find a penetration testing company that will act as a trusted partner. We can also advise on which companies you should consider, and give advice on building up a long term relationship with them.
Next step #
Contact us with your requirements and we’ll start working with you on what kind of service will suit your needs.