Our Blog


A Cyber Rose by Any Other Name

A Cyber Rose by Any Other Name (might be an apricot). Does it ever frustrate you to hear about a company that contracted for a ‘Penetration Test’ and received something completely different? I recently worked with a prospect who paid for a penetration test, and yet, when I reviewed the deliverable -what he really got a fancy vulnerability scan. Now, there isn’t anything wrong with getting a vulnerability scan, as long as you aren’t paying very much for it, and you know what to do with the output.

However, in this prospect’s case, he paid a lot for a penetration test because that’s what he really needed, and in return received a substandard, mislabeled (and to my way of thinking, fraudulent) product. Sure, it came from a fancy cybersecurity company with lots of certifications but our guy didn’t know the difference.

Our industry is full of confusing terms and often these terms are coopted by marketers or salespeople and applied to things that look similar (to them) but have widely different meanings and value. Now before I get flooded with responses about how many knowledgeable, high integrity marketing or salespeople you know, I’m with you. I know a bunch too. My point is that our industry lacks real technical/objective specificity when we use terms to describe cybersecurity services.

For instance, wouldn’t it be nice for everyone (service providers and customers) to agree on the definition of a penetration test, an application penetration test and a vulnerability scan? That way, when a customer requests a quote for one of these services from multiple companies, we would all be providing the same type of service, with similar methods and outcomes. We could then differentiate on other things such as better process, quality guarantees, remediation services, etc. So, here’s a stab at defining the characteristics of three offerings (I’ve skipped other variants of penetration tests, including physical, social, WiFi, etc.):

Do you believe that there is consistency in the way that service providers label their offerings and provide customer value? Where do you think the greatest amount of education is required, at the service provider or consumer level?

CTO / Principal Engineer


David Hyde-Volpe

CTO / Principal Engineer




Cyber Risk Reduction

Request A Quote

request A consultation

Request A Quote


Business Operations Manager
Certified: GSEC, CompTIA A+
Education: BA, College of William and Mary
Areas of Focus: Project Management, Accounting, Logistics


CTO / Principal Engineer

Certified: GCIH, GSEC, GMON

Education: BS – Chemistry, Clemson University, Completed PhD coursework in Quantum Theoretical Chemistry – Georgia Institute of Technology, Completed PhD coursework in Statistical Mechanical Theoretical Chemistry – Clemson University.

Areas of Focus: Secure Coding, statistical modeling, penetration testing, security architecture


CEO / Principal Engineer
Certified: CISSP, GCIH, PMP, CRISC, CISA, CISM, CCSK; previous certifications include CCNP, CCSP, CCVP, CCDP
Education: University of MD. LaSalle University (BS/MS – Information Systems)
Areas of Focus: BC/DR, Quantitative Risk programs and analysis, 1/CISO and 1/CIO functions, security strategy and architecture

Subscribe to Vizius' newsletter
and access our FREE

Ramsomware Vaccine

Free Impact Assessment