Today’s pentest industry is changing, and rapidly. Digitization across all industries is changing how people complete, organize, and manage work. This dramatic shift to the web significantly impacts cybersecurity. Yet, in this time of exponentially increasing cybersecurity risk, the state of the pentest industry is more precarious than ever. In fact, organizations like Gartner even question the ongoing relevance of pentesting as an industry, especially in light of red teaming and new technologies like automated scanners.
At the same time, pentesting is changing. 2020 brought numerous opportunities and challenges, ranging from increased cybersecurity risks across nearly every industry to new technology. And, Pentest-as-a-Service (PTaaS) platforms – or, cloud portals where pentesters can deliver pentest results in a subscription-like digital environment, complete with recurring assessments and findings-as-tickets – is one of the most significant of these.
While pentest-as-a-service platforms are on the rise, they are new. Our whitepaper investigates the need for PTaaS, which problems they solve, possible alternatives, as well as potential return-on-investment for pentest firms adopting these platforms.
These include:
How are changing work processes impacting pentesting? – With an estimated 30% of all organizations using only digital processes, shifting to work with traditional email and PDF pentesting processes can be difficult. How do pentest processes mesh with digital processes and what efficiencies could be created by shifting to the fully digital landscape represented in PTaaS?
How do Agile development trends impact pentesting? – Some 97% of new development projects use Agile. How does this impact the demand for pentesting? And, could pentesters better meet needs by shifting to “as-a-service” solutions?
Could work management solutions resolve understaffing issues? – With 47% of pentest firms reporting understaffing, workloads are a major problem throughout the industry. Our whitepaper researches and examines whether automation in Pentest-as-a-Service is a viable solution to this problem.
Is Pentest-as-a-Service a Viable Market Solution – Pentest-as-a-Service is a new market with few offerings and high pricing. Do platforms offer sufficient value to deliver a true return on investment to cybersecurity firms?
Is the Cybersecurity Market Ready for Digitization – Are pentesters, ethical hackers, and their clients ready to make the shift to digital platforms? Pentest-as-a-Service entails a completely new work process and delivery model – demanding more engagement and involvement from pentesters and developers alike. What problems do new work methodologies create or solve for the industry?
Our whitepaper examines these and other pressing industry questions, in an attempt to answer whether Pentest-as-a-Service represents a viable future for pentesters and other cyber security professionals.