Today’s attackers are devious, creative, and not held back by anything. Therefore, the defense against them has to be ironclad. Ensuring that your organization’s networks are secure is a good step in the right direction. Penetration testing, however, is a crucial part of maintaining the security of your networks. Hiring the right resources, therefore, to accomplish such testing is key to keeping hackers at bay.
According to a ZDNet article, hiring individuals and/or companies to test your organization’s systems is not as easy as it seems. Pentest individuals and companies range from razor-sharp, thorough and helpful, all the way to oversold, irresponsible and negligent. ZDNet, therefore, interviewed several experts in the field and compiled the following list of traits that one should look for when hiring penetration testers:
- Strong Communication Skills – A top pentester must have strong oral and written communication skills.
- Beware Of “Secret Sauce” Consultants – Find out how technically well versed your candidates are.
- Get Involved With The Security Community – Participate in local information security chapters and open source security tools development projects such as Github, OWASP etc.
- Reputation is everything – If a pentester comes out of nowhere, that’s a red flag.
- Technical acumen: Required – Conducting a technical interview (or lab test if available) is critical to verifying a candidate’s expertise.”
- Well-Rounded, Recent Experience – Any legitimate candidate should have penetration testing and administration experience as their most recent, primary roles.
- Hire Passionate Hackers – A consultant who isn’t passionate about their area of expertise is a recipe for disaster in any situation.
- A Willingness To Go Off-Script – Most organizations rated “creativity” as their top trait in the best pentesters.
- Know That A Pentest Is Only Part Of The Picture – Always combine audits, code reviews, and pen tests in order to provide better coverage of your security posture and get a more accurate risk tolerance.
- Don’t be afraid of pentesters – You need pentesters that are dedicated to the endgame– protecting your organization.
For more information regarding the traits your penetration testers should have, see the full ZDNet article.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.