The most common objection I receive when talking to prospective clients is, “We already have an IT Department”. Often, as the conversation progresses, they realize that my role isn’t to replace their IT team, but rather to ensure that all of the security measures they have implemented are working as intended. After this clarification, I usually meet the leader of the IT team. The most common objection I hear then is, “We don’t need a third party, we’ve got it all covered. This would be a waste of money.”
I understand why I consistently encounter this response. No one likes to have someone looking over their shoulder, pointing out their mistakes. However, this reaction could be mitigated if priorities were correctly aligned.
During my time in the Marine Corps, I worked in a CH-53D squadron, dealing with all sorts of equipment. After completing our tasks, someone from QA would review our work. They often seemed nitpicky and it always felt like we were being criticized. I often displayed my displeasure with them, and occasionally, they would find something I missed that needed adjusting or fixing.
One day, one of my favorite Gunnery Sergeants, Gunny Bruchman, noticed my attitude. He said, “Snader, if you were more concerned about making sure everyone in that chopper was safe than you are with your own ego, you’d have no problem with my QA guys.” That was the moment it clicked.
The same realization must occur for many IT professionals. I’ve been in the industry for 23 years, so I understand the sentiment! The cold, hard truth is that our businesses are under constant assault from hackers. Both IT support and ethical hackers are necessary to ensure business safety. Ultimately, our primary concern must be keeping our businesses operational and ensuring the security of employee data.
I should note that I have a track record of making IT professionals look good. The IT pros who are open and accepting of help are the ones who are prepared for the storm. Arrogance and complacency can lead to serious consequences in today’s world of cybercriminals.
Here’s a list of five reasons IT Teams will benefit from working with me:
1) **Strengthening Security**
Ethical hackers identify system vulnerabilities that malicious actors could exploit. They use the same methods and tools as their ill-intentioned counterparts, but their goal is to strengthen systems, not compromise them. IT teams can leverage these insights to patch vulnerabilities and enhance their organization’s security.
2) **Providing A Fresh Perspective**
IT teams are intimately familiar with their organization’s systems, which can sometimes lead to blind spots. Ethical hackers, with their outsider perspective, can see what the internal team might miss, ensuring a more comprehensive security review.
3) **Training and Education**
Ethical hackers often possess specialized training and skills that many IT professionals lack. By working alongside ethical hackers, IT staff can learn new techniques, enhance their skills, and stay up-to-date on the latest cybersecurity threats and mitigation strategies.
4) **Validation of Internal Controls**
If an ethical hacker is unable to breach an organization’s defenses, it’s a strong indicator that the internal controls are effective. This validation can reassure IT teams and provide tangible evidence of robust security measures to stakeholders.
5) **Regulatory Compliance**
Many regulations now require periodic penetration testing, vulnerability assessments, and security audits. Non-compliance can be much costlier than the price of a cybersecurity assessment and penetration test.