So you’ve finally made the decision to have your first penetration test. Maybe it’s because you’re getting your compliance house in order. Perhaps you’ve had customers ask you what you’re doing about cyber security within your organization. Perhaps even you’ve had customers perform their own penetration testing in your environment. Whatever your reason, it’s time to have someone come in to test your security. Most of the customers that we work with that are having their first penetration test, have apprehension. They worry what we will find or how we will report it. So I wanted to write something about what a new customer should expect.
I’ll start out by saying that typically for our basic penetration test, you’re probably not going to be surprised. That’s not to say that we won’t find vulnerabilities and areas of improvement or even egregious security violations. It is to say however, that if those things exist in your environment, you probably already know it and it shouldn’t come as a surprise. If you don’t take security seriously as an organization, if you haven’t put any security controls in place, if you haven’t trained any of your employees, you will have problems that will be uncovered in a penetration test.
But please, please, please don’t be worried. Whether you choose Decypher or one of our competitors, most penetration testing firms, are there to help you get better. We want to find vulnerabilities and then do what we can to help you fix them. Our staff don’t get kudos for how many vulnerabilities they find or how clever they were to get in. They get kudos for happy customers and repeat business. We have a reputation that we have to continue to earn everyday and that reputation is built on integrity and a genuine love of security. We want to help our customers get better so that their next penetration test has fewer findings.
So don’t wait until you think you have everything in order, engage a security firm now so that they can help you get to where you want to be.