Making sure your company has the right kind of cybersecurity can be a daunting task. To make sure you are protected from the latest cyber threats, you might want to consider hiring a penetration testing company.
What is Penetration Testing?
Penetration testing, or pentest, is a simulated cyberattack against a computer system that looks for weak links and vulnerabilities. Pentesters attempt to attack APIs and servers, and their findings are used to tweak your security policies and strengthen your company’s online protection.
A penetration test is typically five stages: planning, scanning, launching the attack, maintaining access, and analysis. More often than not, the WAF (or web application firewall) is configured to boost security, and then tests are run again.
If you have determined that your business needs a penetration testing company, here are some things to consider:
Must-Have Skills for Pentest Providers
Technical skills:
- In-depth knowledge of operating systems
- Programming and development
- Systems and Security administration
- Scripting
- Computer forensics
- Knowledge of database systems and password management
Other skills:
- Verbal and written communication
- Creativity
- Background in behavioral analysis
- Persistence in solving problems
- Analytical thinker
Other Things to Keep in Mind When Looking for a Penetration Testing Company
- Look for someone that does not rely on checklists or rigid methodologies.
Pentesting is more of an art than a science, and checklists should only be a small part of the process. If a pentesting company tries to sell you on its checklists and methods, they’re probably not that experienced with manual testing.
- Do not judge pentesters based on certifications.
Pentesters should be certified as an Ethical Hacker (CEH), GIAC (Global Information Assurance Certification) Penetration Tester, Certified Expert Penetration Tester, Computer Hacking Forensic Investigator, or similar. This can assure you that they’ve gone through some level of training in cybersecurity. However, that alone is not a testament to how good they are at their job. An accomplished pentesting company will be highly respected in the community, and you will be able to see that on their Github page or in their reviews from past clients.
- Assess if they truly care.
More often than not, pentesters will simply ask you a few questions that take you down to their checklist. This rigid adherence to protocol can feel too robotic and leave you wondering if the company truly cares about your security. A company that is truly invested in your security will ask questions tailored to your business and proceed with specific follow-ups that apply only to you. Their assessment will likely feel more like a conversation and will have plenty of space for you to explain what you need from them.
Conclusion
A penetration tester, also known as a computer hacking forensic investigator or ethical hacker, is an expert at making sure your business’s online presence is safe from cyberattacks. However, aside from technical skills, a good penetration tester must also have intrapersonal and interpersonal skills to correctly determine a solution to a company’s specific cybersecurity concerns.
