A good penetration tester is curious, creative and persistent. We are unique, coming from many different walks of life, all driven by a desire to understand security weaknesses and risks – and how to keep others from exploiting them.
Our mission is not only to find vulnerabilities, but also to explain how we exploited them. Think Sherlock Holmes sitting behind a laptop computer. We’re here to help organizations strengthen their overall security posture by illuminating security gaps that they may have and determining the level of risk they present. We help organizations holistically understand what they should be most concerned about for their business, as it relates to security and risk. To do this, we rely on a diverse set of skills.
To start with, we understand systems from many diverse perspectives. People on our team have been IT directors, programmers, administrators and other technical support staff. This variety of experience augments our knowledge of the systems that we now infiltrate. If we didn’t understand them on such a granular level, we wouldn’t be able to access them.
Members of our team also hold a wide range of security certifications, everything from the Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), to the Certified Ethical Hacker (CEH) certification.
Our team is active within our industry, conducting research, contributing to journals, attending conferences and keep up with certifications. The more we are involved in our industry, the better we can address the needs of our customers. In fact, CDW experts created some of the most widely used security assessment tools available today.
Our team has been around for almost 20 years now, longer than many of today’s security vendors have even existed, and many of our experts have a long tenure with CDW. That longevity and experience have improved our consistency — customers know they can count on our trusted methodology and thorough reports.
Part of what drives the value that our team brings to a project is our broad range of backgrounds and interests. Our team members all come from diverse backgrounds, but we all share a strong common interest in the work that we do. We are all curious about how systems work, understanding their weak points and the way systems, traffic, and data flow. That constant curiosity with systems and their faults is what helps us understand and predict how malicious actors will attack them.
That kind of curiosity is contagious. It motivates us to push further in our understanding of how attackers think and behave — and it encourages us to share with each other, an essential element of our success. We share information and make use of the same tools and methodologies. With more than 1,500 assessments under our belt — including more than 200 in the past year — we’ve gathered a lot of great experience and continue to sharpen our assessment methodologies across a breadth of organizations that span government and commercial sectors. Attackers are not standing idle, using the same tactics over and over — and neither are we.
As always, feel free to leave a comment or question below.