Image

You just wait until your Father gets home
Don’t threaten IT staff with test findings. Penetration testers are professionals. They will find a way in. You wouldn’t call a locksmith and then get angry when they opened a door, would you? Foster partnerships instead of using the report as a threat. Engineers and penetration testers should work together to understand where to focus security efforts. Make the test into a game where everyone wins by making the environment more secure.Open your kimono
Don’t hide anything. Someone knows where the gremlins are. Work with the penetration testing team to evaluate fears. Address demons head on. Partner with the penetration tester to discover the full scope of problems. Leverage their findings to inform leaders of security risks. Sometimes it doesn’t matter how many times an organization hears an issue; it may only become a priority when an outsider presents it.Microscoping
Scope reduction does no one any favors. You may get a clean report, but it won’t help your security posture. Penetration testers can help find the missed nooks and crannies criminals use to compromise systems.Peak behind the curtain
Ask to speak to the wizard. Companies rarely ask to have findings presented. Many penetration testers love to share “how they did it” and how they could be stopped. Take advantage of their advice and apply it. Keep these tips in mind when planning your next penetration test. If you integrate these concepts, the reaper’s harvest will be a bounty you can use instead of a failed crop.Image
