Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Exploring the practicalities and quality of pentesting at scale : Globally, pentest coverage is increasing but remains insufficient
Cyber Security: A Peer-Reviewed Journal,
7
(1),
24-32
(2023)
Abstract
Over the course of the last two years, we have seen cybercrime increase during the COVID-19 pandemic and beyond. But despite this increase, most organisations do not do enough pentesting to combat cyberattacks. This paper explores the practicalities and quality of pentesting at scale to help organisations understand the importance of implementing a pentesting programme. Too often, development, security and operations work in silos. Organisations must work together to create a cohesive partnership. As an industry, we must decide that we want to fix things, and then we have to do it. It is not going to be easy, but it is simple. We need to work together — security practitioners and engineers — to collaboratively decide that it is important enough to get asset inventory right. Organisations must decide that it is important enough to update their software, install patches when software is vulnerable and implement a pentest programme. Security leaders must decide to look for the vulnerabilities that are exploitable and find them and fix them.
Keywords: cyber breaches; security testing; pentest; pentest program; pentesting-as-a-service; PtaaS
The full article is available to subscribers to the journal.
Author's Biography
Caroline Wong is the Chief Strategy Officer at Cobalt. She has 15+ years’ cyber security leadership, including practitioner, product and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner’s Guide. She teaches cyber security courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.
