"The Only Constant is Change..."
That old adage is not only true but also the challenge of every network technician, administrator, manager, and CTO. With the goal of maintaining and supporting a stable and secure infrastructure, the pressure of accommodating change has become increasingly more important as the pace of technological advancement and its newest threats increases.
Embracing Flexibility
Advances in cloud architecture and infrastructure management have dissolved the very concept of a static environment – the number of VMs and IPs, their architecture, and how they are managed can change moment by moment.
A skilled administrator must embrace and adopt flexibility as part of the portfolio of skills needed to manage a robust and secure environment. As we depend more and more on automation and intelligence-driven actions within our network spaces, we must also adopt a more flexible and robust approach to ensuring our security posture.
The criticality of the IT infrastructure demands a diverse approach to ensuring and maintaining its security. A flexible approach to choosing and applying the correct tools and controls is needed to protect an organization’s number one non-human asset – its data. As diversity and flexibility are the keys to a well-balanced and healthy workforce, they are also key to a well-maintained and secure infrastructure.
Change is Good
At Online, we work with our clients to ensure that both flexibility and diversity are embedded in their security strategies. For penetration testing, we rotate the test engineers assigned to client projects each year, quarter, or iteration. This allows for a fresh set of eyes and possibly a new toolset or methodology to perform testing as each test engineer may have a slightly different approach to ethical hacking.
We may bring a twist or new resource into the mix for QA reviews, use different tools, or simply work with our clients to explore new threat vectors due to recent infrastructure changes or advances in the threat landscape.
Embracing change and advances in technology is the ONLY way to survive in today’s world of threats and exploitation. We work with our clients to ensure that your security posture is as robust as it can be and maximizes the diversity of resources available. Organizations that routinely use the same person – or sometimes the same company – to perform their penetration testing cycle after cycle may be at risk of having some vulnerabilities left unexposed due to bias, blind spots, limited methodology, or possibly skill set.
The Right Tools for the Job
Ultimately, it’s about choosing the right tool for the job. Today, that job is the inclusion of diverse resources, approaches, and new ways of looking at how to insert the right controls into your IT security strategy and programs. Bringing diversity and flexibility to testing those controls is just as important – and at Online, it’s just how we do things.
---
Questions? Ask an Offensive Security Expert
Let our Online’s Offensive Security Services team know when you are ready for change! We'd love to help you find new ways to strengthen your security posture using the knowledge and experience of our technicians. We’d be happy to answer any questions you have.
Send us your thoughts// connect@obsglobal.com
About the Author
Mark Van Patten
Mark is the Director, Offensive Security Services with us here at Online Business Systems. Prior to their current role, Mark has held various positions such as Technical Development Lead at US Bank, Consultant - General Program Manager at Airship VTOL, and Director of PMO and Governance at Denali Advanced Integration. Additionally, Mark has experience as a Principal Management Analyst - Senior Project Manager at the City of Portland and Founding Chair at Willamette Innovators Network and holds a Bachelor of Arts in Psychology from Indiana University, ABD in Organizational Knowledge & Performance, and a Master of Science in Human Ecology - Personal and Organizational Systems from the University of Tennessee.
Submit a Comment