• 1 min Read

When Penetration Testing Creates “Bad Optics”

Recently, we’ve been seeing a steady number of RFPs for Cyber Security solutions roll in that not only request items such as email security, firewall and end point protection but they also want penetration testing included with the solution.

When we don’t respond or no bid, sometimes we get asked why. Our explanation for not providing Pen testing along with the security solution is simple:

As an MSSP provider, testing the system that we put in place and manage creates a conflict.

Imagine the IRS allowing your accounting team to perform their own audit instead of doing it themselves or hiring an outside, unbiased third party. It’s kind of like letting the fox guard the hen house. Even if it’s a well fed, honest and well-mannered fox, it just doesn’t look good.

When you’ve already put out an RFP and a vendor includes penetration testing in their cyber security offering and it’s not from a 3rd party, if you really like that vendor and want to do business with them, we suggest that you take the extra time to amend your RFP and ask that vendor to provide a third-party solution instead or create a new, totally separate RFP.

Related Resources

Detecting Ransomware In Your Backups? It’s Already A Reality

In 2016, it was estimated that roughly 80 percent of U.S. companies have suffered a cyber-attack of...

Read More
CISA Test Failed to Penetrate Local Government Network Defended by ThinkGard

Security assessments by the Cybersecurity and Infrastructure Security Agency (CISA) are the gold...

Read More
Ways to Avoid a Cyber Disaster from Your Remote Workforce

At the office, you’re able to set up security on your users’ laptops. But how about the computers...

Read More