Our Blog

« BACK
image

A Cyber Rose by Any Other Name

Category: Cyber Security

Penetration Test

Small Business Security

Tagged: Application Penetration Test

cybersecurity

Pen Testing

Penetration Testing

Vulnerability Scan

January 8, 2022

A Cyber Rose by Any Other Name (might be an apricot). Does it ever frustrate you to hear about a company that contracted for a ‘Penetration Test’ and received something completely different? I recently worked with a prospect who paid for a penetration test, and yet, when I reviewed the deliverable -what he really got a fancy vulnerability scan. Now, there isn’t anything wrong with getting a vulnerability scan, as long as you aren’t paying very much for it, and you know what to do with the output.

However, in this prospect’s case, he paid a lot for a penetration test because that’s what he really needed, and in return received a substandard, mislabeled (and to my way of thinking, fraudulent) product. Sure, it came from a fancy cybersecurity company with lots of certifications but our guy didn’t know the difference.

Our industry is full of confusing terms and often these terms are coopted by marketers or salespeople and applied to things that look similar (to them) but have widely different meanings and value. Now before I get flooded with responses about how many knowledgeable, high integrity marketing or salespeople you know, I’m with you. I know a bunch too. My point is that our industry lacks real technical/objective specificity when we use terms to describe cybersecurity services.

For instance, wouldn’t it be nice for everyone (service providers and customers) to agree on the definition of a penetration test, an application penetration test and a vulnerability scan? That way, when a customer requests a quote for one of these services from multiple companies, we would all be providing the same type of service, with similar methods and outcomes. We could then differentiate on other things such as better process, quality guarantees, remediation services, etc. So, here’s a stab at defining the characteristics of three offerings (I’ve skipped other variants of penetration tests, including physical, social, WiFi, etc.):

Do you believe that there is consistency in the way that service providers label their offerings and provide customer value? Where do you think the greatest amount of education is required, at the service provider or consumer level?

CTO / Principal Engineer

 

David Hyde-Volpe

CTO / Principal Engineer

CONTACT
INFORMATION

image
141 Traction Street
Greenville, SC 29611
image
+1.864.800.0550
image
[email protected]

SECURITY MANAGED.
BACK TO BUSINESS!

FREE IMPACT ASSESSMENT

COST EFFECTIVE BUSINESS SECURITY

Cyber Risk Reduction

Request A Quote

request A consultation

Request A Quote

LAURA GRINDLEY

Business Operations Manager
470-222-5546
[email protected]
Certified: GSEC, CompTIA A+
Education: BA, College of William and Mary
Areas of Focus: Project Management, Accounting, Logistics

DAVID HYDE-VOLPE

CTO / Principal Engineer
864-214-5282
[email protected]

Certified: GCIH, GSEC, GMON

Education: BS – Chemistry, Clemson University, Completed PhD coursework in Quantum Theoretical Chemistry – Georgia Institute of Technology, Completed PhD coursework in Statistical Mechanical Theoretical Chemistry – Clemson University.

Areas of Focus: Secure Coding, statistical modeling, penetration testing, security architecture

GLENN JOHNSON

CEO / Principal Engineer
864.810.0630
[email protected]
Certified: CISSP, GCIH, PMP, CRISC, CISA, CISM, CCSK; previous certifications include CCNP, CCSP, CCVP, CCDP
Education: University of MD. LaSalle University (BS/MS – Information Systems)
Areas of Focus: BC/DR, Quantitative Risk programs and analysis, 1/CISO and 1/CIO functions, security strategy and architecture

Subscribe to Vizius' newsletter
and access our FREE

Ramsomware Vaccine
Roadmap

Free Impact Assessment