To Pen Test or not to Pen Test (and how justify it where you work)

Viewing 3 reply threads
  • Author
    Posts
    • #3662
      timmedin
      Participant

      Seems that a reoccuring question is how do I get someone to pay for my training in the area of ethical hacking or pen testing. The short answer is, you have to justify it to the business.

      The people that sign off on the training first have to believe that a pen test will provide value to your organization. They need to learn that a trusted person finding an issue is way better than a bad guy. Once they realize that a pen test can help secure your organization you are only a small hop away from convincing them that training you is cheaper than spending all the money on someone else (of course a 3rd party look from a seasoned veteran is never bad).

      Here is a good post on the value of a pen test and how to answer those tough questions.

      http://howisthatassuranceevidence.blogspot.com/2009/04/to-pen-test-or-not-to-pen-test-that-is.html

    • #23592
      Dark_Knight
      Participant

      Nice find. Thanks for the link.

      I also found this http://isc.sans.org/diary.html?storyid=6133

    • #23593
      impelse
      Participant

      Good link timmedin.

      I always like that kind of arguments.

    • #23594
      crk
      Participant

      Thanks for that. Should come in pretty handy

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?