• 1 min Read

When Penetration Testing Creates “Bad Optics”

Recently, we’ve been seeing a steady number of RFPs for Cyber Security solutions roll in that not only request items such as email security, firewall and end point protection but they also want penetration testing included with the solution.

When we don’t respond or no bid, sometimes we get asked why. Our explanation for not providing Pen testing along with the security solution is simple:

As an MSSP provider, testing the system that we put in place and manage creates a conflict.

Imagine the IRS allowing your accounting team to perform their own audit instead of doing it themselves or hiring an outside, unbiased third party. It’s kind of like letting the fox guard the hen house. Even if it’s a well fed, honest and well-mannered fox, it just doesn’t look good.

When you’ve already put out an RFP and a vendor includes penetration testing in their cyber security offering and it’s not from a 3rd party, if you really like that vendor and want to do business with them, we suggest that you take the extra time to amend your RFP and ask that vendor to provide a third-party solution instead or create a new, totally separate RFP.

Related Resources

How Do These Breaches Keep Happening?

As someone who works in the cybersecurity industry and is a neighbor to the current headline news,...

Read More
How Much Priority Can an MSP Give Your Backups?

We love managed service providers (MSPs). They fill a huge void for companies with limited IT...

Read More
The DarkSide of IT

On Friday evening, I read the report that DarkSide threat group posted on their site they would be...

Read More