Penetration tests are an important part of any security program. Indeed, most companies in the Fortune 200 – maybe even the Fortune 2000 – are well along in their security maturity model to include at least an annual pen tests, experts say.
Jim O'Gorman, chief content and strategy officer at Offensive Security, says the best pen tests are tailored to the company's goals, delivering actionable results that help it establish clearly identified next steps to continue improving their security.
"A tailored assessment ensures that what the assessment team looks into is what matters to your business," O'Gorman says. "It's really the difference between buying a product that's easy to deliver versus buying one that matches what your company needs to correctly improve its security posture."
Bottom line: It's not just about basic vulnerabilities. Pen tests should be for improving overall security posture. Anything less is not worth the time, effort, and money.
Here are some tips to get you started.