Penetration testing: methods, impact and making the right choice
Welcome to this week’s Security Spotlight, in which we shine a light on:
New Q&A | Breaking in to keep hackers out: the essential work of penetration testers
Organisations hire ethical hackers – also known as penetration testers or pen testers – to identify vulnerabilities before cyber criminals can exploit them. But what exactly does this work involve? And how do you choose the right type of test for your organisation?
We speak to senior penetration tester Leon Teale about how pen tests are carried out, the different types of test available and how to prioritise based on risk.
In the interview:
Leon also explains why proving the real-world impact of a vulnerability – with screenshots and tailored remediation advice – can make all the difference.
New Q&A | Your CVSS questions answered
What is the CVSS (Common Vulnerability Scoring System), and how can organisations use it to assess the severity of software vulnerabilities?
Senior penetration tester Leon Teale explains how the CVSS works, when it should be used, its limitations and what’s new in version 4.0.
In this Q&A:
Leon also shares how metrics in the new version improve clarity and relevance for modern environments, including IoT and operational technology.
New Q&A | Boost your security posture with objective-based penetration testing
Not all penetration tests are created equal. So how do you know which approach is right for your organisation? We spoke with James Pickard, our head of security testing, about how different testing methods can help identify gaps, demonstrate assurance and strengthen your security programme.
In the interview:
Recommended by LinkedIn
James also shares how goal-oriented tests – tailored to your business’s specific concerns – can often deliver better value than a one-size-fits-all approach.
Free PDF download | Assured Security – Getting cyber secure with penetration testing
Information is the lifeblood of the modern business, so ensuring the security of that information should be a key goal for all organisations. To achieve that, business leaders must implement the right solutions to protect their assets from cyber threats.
Unfortunately for organisations, cyber attacks are extraordinarily cheap to conduct, which puts attackers at a significant advantage. Furthermore, the low costs make even the smallest business a potential target; there is no ‘security through anonymity’.
Luckily, to combat this, cyber security specialists have developed affordable, targeted methods of preventing such attacks from being successful.
Download this paper to discover:
Free webinar | Building a privacy career: moving into management and specialist roles Thursday, 10 April 2025, 15:00–16:00 (BST)
If you’re looking to take the next step in your privacy career, this webinar will help you transition from responsibility to accountability. Join our expert panel as they explore the certifications, leadership skills and strategies needed to move into specialist or managerial roles.
Free webinar | Data protection gap analysis: identifying weak spots before regulators do Wednesday, 16 April 2025, 15:00–16:00 (BST)
With regulatory scrutiny intensifying, organisations must proactively assess their compliance posture. This session outlines how to conduct effective gap analyses and highlights lessons learned from recent enforcement actions.
Speak to an expert
With 20+ years’ experience in information security and data privacy, we understand risk management.
Our experts have implemented security and compliance programmes for hundreds of organisations across a multitude of industries in both the private and public sectors.
New to the world of information security and data privacy, and need advice on how to get started?
Or updating an existing programme?
Our experts are here to help.