Compliance officials don’t always agree with security professionals on the enterprise spending priorities.
It’s no secret that a great deal of cyber security decisions are driven by compliance guidelines and regulatory demands. Regulation, as it comes with potential penalties, creates an “instant ROI” when investing in the necessary activities and controls.
On the flip side - we know that compliance does not equal security and the gap intensifies when new technologies appear. Regulators lag years behind leading-edge technologies that could potentially make compliance 10X cheaper to execute, easier to operate, and increase an organization’s security posture.
Such is the case with Automated Penetration Testing.
We need to be minded of the job of a CISO as the person who answers for PCI-DSS, HIPAA, CCPA, GDPR, and other regulations in addition to their primary job of making sure the business operation runs securely without too much security and authentication friction.
The gap between resources and responsibility is hitting an all-time high for the CISO in the corporate world. A role meant for more than one person, that falls into the lap of one.
Eventually, the CISO’s head is the one on the chopping board in the event of a major breach. Not only do they need to manage the crisis in the round-the-clock warlike dynamics of response and recovery, but in the aftermath, they’re also the ones most likely to be let go. Not fair!
A lot of respect and appreciation is due to today’s medical staff, there’s no doubt. But I would argue that we owe just as much to the cybersecurity teams keeping our businesses, economy, and in a sense, our livelihood, protected.
I call them Corporate Patriots™ - and they deserve our appreciation, gratitude, and respect during these hard times. The CISO’s role is one of the most difficult ones in the world. It’s a job for survivors.
During these pandemic days, the gap between the CISOs’ tasks and the means they have to perform them is reaching an all-time high. More attacks and more attack surfaces, with less budget and less staff. When you pile on the WFH challenges, I believe we can agree that this Cybertoon is actually an understatement of their realities.
It’s a zoo, some say it’s a jungle - there are more than fifty penetration testing tools and utilities that one needs to master to become a seasoned almighty pen-tester.
That would be fine if it could scale, but unfortunately - it can’t. Today, manual Penetration Testing is still an expensive, point-in-time and limited scope exercise.
It is time for automation. It is time for one platform that runs penetration testing with a few clicks and hides all this complexity and inter-tool information passing. It is time for a solution anyone can use continuously to conduct a week’s worth of a pen-test in an hour.
It is time for PenTera.