Unfortunately the age old adage “you get what you pay for” has never been more true than in the penetration testing industry. We often hear from potential clients that are seeking a new penetration testing partner because they had previously gone with the cheapest quote and are now “paying the price” (pun intended). A response we […]
A lot of companies, from small businesses to Fortune 500s, have to deal with the Payment Card Industry Data Security Standard (PCI DSS). Depending on your size and business processes, a lot of your work with PCI could simply be verifying that third-party service providers maintain PCI compliance. But we’ve seen that even something so […]
We often get asked what is the easiest way to prepare in order to improve the results of your penetration test. Whether it be to ensure your regulatory compliance, provide a clean penetration test report to a potential customer, or just to better your overall security posture, having a penetration test with fewer critical findings […]
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) can be a daunting task for many organizations. Understanding what’s expected of you can be hard enough, but then deciding on a strategic path forward to reaching a state of compliance and maintaining that posture can be incredibly complex. If you don’t do it right, […]
One of the key differences we’ve seen between penetration testing quotes is the inclusion of a re-test. A re-test of discovered findings is one of those things in the security consulting industry that seems to have become a topic of fierce debate, as many organizations are trying to leverage it as a differentiator. Getting discovered […]
The phrase “partnering with you” is such a simple phrase, but it can have many different meanings. We do not view a partnership as providing someone with an 800 number or a line that goes to a corporate tree. We do not believe a partnership has an expiration date that corresponds with the last day […]
It can often be hard to know what makes someone qualified to perform penetration testing. There’s no such thing as a “licensed penetration tester” in the terms of an international, federal, or state approval, like a lawyer or medical professional. And if you’re not in the security industry, it can extremely difficult to decipher “acronym […]
Most have heard about the 2013 Target Data Breach. You know, the one that exposed the payment card data of over 40 million customers, resulted in the CEO resigning, and cost Target $252 million. Well did you know that the initial data breach leveraged credentials stolen from there Heating and Air Conditioning vendor? Of course there […]
So you just decided to pull the trigger and purchase that shiny new penetration test you’ve had your eye on for a while. You got organizational buy-in, a check has been cut, and you’re ready to see the vulnerabilities on your network and make some meaningful changes. But what exactly comes next? How do we […]
Perhaps an employee in your organization finds out that he or she is about to be fired and goes on a hacking spree. Or maybe Sally from accounting (sorry Sally) is always clicking on links that she receives in emails and you want to determine the risk to your network associated with that. An internal […]
