The Cyber Threat Perspective Episode 88: Budgeting for Security: Optimizing Penetration Testing Investments
Apr 17, 2024
Explore the critical role of budgeting for penetration testing. Discover how to evaluate risks and compliance needs while planning. Learn tips for ensuring quality and value in pen testing services. Understand the importance of identifying public assets and the types of tests to prioritize based on organizational maturity. Communication and clear expectations with testing providers are key themes, along with practical strategies for effective remediation and validation of findings.
AI Snips
Chapters
Transcript
Episode notes
Pen Testing As An Investment
- Pen tests are an investment in security posture, not just a compliance checkbox.
- They validate internal processes like asset and patch management and reveal unknown resources and gaps.
Forgotten Servers Full Of Malware
- Brad often finds forgotten servers that were thought to be turned off but are full of malware.
- These discovered assets demonstrate why independent testing uncovers critical blind spots.
Study Before The Final Exam
- Prepare before the pen test by improving asset inventory, patching, and vulnerability management.
- Treat the pen test as a final exam and validate the controls you already have in place.