Cybersecurity is at the top of the list of priorities for organisations of all types, as our systems and data become ever more critical to how we operate on a daily basis, the risk posed by security threats, such as malware, data leakage and targeted attacks continues to grow and be even more complex.
The challenge in improving our security posture and ensuring we limit the vulnerabilities of our IT systems is a big one and not solved easily by one technology solution or the pressing of the big red security button. It is complex and like all complex problems often the hardest step in addressing it is knowing where to start? Like most challenges in IT, the starting point is to understand where you are right now, what systems you have and where they are vulnerable.
That is the focus of this week’s podcast as we discuss penetration testing. Pen tests, as they are often called, are designed to identify your system vulnerabilities and help to mitigate the risks they pose to your organisation. To help me explore this topic I’m joined by Phil Graham, Phil is a Director at security specialists Secora Consulting and has spent the last 8 years developing his pen testing skills.
We start our discussion by looking at what we mean by a pen test, what scope they have and the types of assessment you can expect a good pen tester to be able to help with. We discuss the importance of understanding how an IT security vulnerability can have a much wider business impact and how it’s crucial to understand that IT security is not just an IT problem.
Phil shares some thoughts on reasons why organisations do pen test and why, in some cases, they still don’t. He also provides examples of some of the wider areas the pen tests can cover, how they go beyond just the checking of external systems by providing a detailed assessment of internal systems, understanding your online presence or looking at how vulnerable your mobile devices are.
We wrap up our conversation with some tips on how a pen test can help you understand your environment, identify your vulnerabilities, help to prioritise your remediation tasks and the importance of regular assessment as well as how Phil and his team can help.
To find out more about pen testing check out the OWASP site and of course, you can find out more about Secora Consulting on their website and if you have questions for Phil you can reach him by email at firstname.lastname@example.org
Phil provided some great insights into the world of pen testing and I certainly learned a lot, hope you found it as useful as I did.
Thanks for listening.