Q4 testing
June is the month to start planning for your Q4 testing. Or, better yet, increase your ROI by moving it to another quarter. Auditors are generally understanding of this.
Don’t wait until Q4 to start planning for testing that must be completed by EOY! You might be able to get an automated scan done in time, but it would be hard to get a quality pen test performed in time.
Typical prep timeline:
- Schedule a scoping call
- Receive and approve the quote
- Receive and review a contract/SOW
- Execute the contract
- Make the necessary preparations for testing
- Schedule testing
Typical testing timeline:
- Prep (from above) starting in June: ~1-2 weeks per step, or 2-4 months total – as late as the end of September to complete
- Scheduling: 1-2 months, as testers generally are not just sitting around doing nothing (especially during the busiest quarter…Q4) – Mid to late November before testing starts
- Testing: 30-45 days – Mid to late December to complete testing
- Report delivery: Barely in time for your EOY deadline (and that’s if you start prep in June)
Although a reputable firm will do everything they can to deliver the same quality of test in Q4 – despite how busy that season is – the reality is, it can be difficult.
If possible, move your testing out of Q4. If you need testing in Q4, start planning now
Contact PEN Consultants to begin discussing your plans for Q4 testing!
If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: https://penconsultants.com/contact-us/