Simple Questions Make a Big Difference in Value

Simple questions make a big difference in value

I’ve seen quite a variety of penetration test reports over the years.  Some contain endless, brain-numbing pages from a tool like Metasploit or Nessus listing a pile of vulnerabilities that might apply to your network.  Others have arrogant proclamations from the hacker that “we got you” and breached your network.  How does either of those approaches help your business?  They don’t.  And frankly, that’s why many organizations balk at the idea of penetration testing.

There are many reasons a company might hire out a penetration test.  The top reasons we hear are that the test is needed to meet compliance like PCI or HIPAA, or because a business partner or customer requires it.  Regardless of these outside pressures to have a test completed, we’ve found that the most effective customers are the ones that use the exercise to materially improve their security.  These are the companies that are in our sweet spot - and we’re committed to improving the experience for them.  These companies use report findings to drive risk-informed security decisions for their business. They embrace and find value in the penetration testing experience. 

Now, on to those questions that make a big difference.  We’ve learned that circling back to our customer weeks or months after the completion of the engagement and asking simple questions give us great insight into how to provide significantly more value from our service.  

Beyond the standard “how did we do?” and “would you recommend our service?” questions, we are intensely curious about what happened next.  Did our engagement help their business?  We can learn that with questions such as:

• What did you do with the information we provided to you?
• Who did you communicate the results with (internal and external audiences)?
• How did the experience help you drive the security agenda in your organization?
• Where did you find challenges in acting on the information provided?

These are all basic questions, but by asking these of our customers and listening hard to their answers, we’re able to mature our deliverables to the point that they become an important part of our customers’ security strategy.  We’re able to tailor our content to the varied audiences that need this information including non-technical executives, customers, auditors, and the technical team that implements security improvements.  This way the report is valuable to multiple parties and helps them make well informed business security decisions.

We’re proud to have so many return customers that tell us that the NetWorks Group Full Scope Penetration Test is a critical component of driving their security maturity.  Interested to learn more?  We’d love to spend 20 minutes showing you through a sample deliverable report.  Reach out to sales@networksgroup.com or (888) 798-1012.