Extra, extra. Read all about it!

Every day there seems to be a report of some new vulnerability or large-scale information security breach.

Reminders of cybersecurity’s importance are highly justified, but for large enterprises – inundated by product and solutions to protect their systems – it’s often difficult to determine where to begin in boosting their security confidence.

The Value of Penetration Testing

Penetration testing is the elite technical assessment. Organizations must consider weak spots and gaps before purchasing specific security products. Technically evaluating systems and networks provides insight into what is actually needed for the best protection, instead of bolting on the latest security product.

Penetration tester’s evaluation provides a comprehensive and prioritized view of systems. Once penetration testing has exposed security gaps, the experienced testers (also cybersecurity experts) also make recommendations on how to close the inequities.

Selecting the Right Provider

Having the required skills in house to carry out an effective penetration testing strategy is a luxury for any enterprise. As a result, many turn to third-party providers. However, knowing who to choose can be tricky.

Fortunately, industry standards act as a seal of quality and compliance – helping you select the right penetration testing company for your needs.

Next, you must look at the bigger picture. Which of those companies have the knowledge, services, and resources to help you fix the issues uncovered in the penetration testing phase?

Find a company well equipped to provide the end-to-end security service. Vulnerability assessment(s), penetration testing, and gap identification together provide the information necessary to implement the correct solution. Not only does this close those gaps, but also proactively ensures the organization is prepared to fend off future attacks and threats.

How Often

The process should be continuous, not cyclical. Most organizations conduct penetration testing annually, at the end of the year. As a result, a would be hacker aware of organizational processes, may elect to attack at some other time of the year, when they are not as prepared to guard against such an attack.

Penetration testing should be an on-going process – especially when new partners, technologies, or tools are added to the mix. This way, penetration testing becomes an important and regular part of an organization’s standard cybersecurity risk management program.

Cybersecurity programs may adapt as new vulnerabilities emerge or the organization grows. But, proper security culture, a standards based framework to define the program, and robust, continuous processes – like penetration testing – keep you aware of risk and set your enterprise for cybersecurity confidence.


Want more from our CISO?

Part I: Starting Your Cybersecurity Program
Part II: Implementing Your Cybersecurity Program



Dana Pickett serves as former Edwards Principal of Cybersecurity and CISO. He is experienced in managing programs with a focus on both business and technical risk management for cybersecurity, audit and privacy/compliance with diverse requirements. While being a member of various task forces for industry and state government cyber security, risk management and compliance initiatives, Dana has proven to be effective in communicating to executive management, various senior executive boards and councils, and Audit Committees to achieve sponsorship and governance.