Your security people are an expensive and skilled resource, yet they will be spending a significant amount of time on administrative activities to support your penetration testing programme.
They will be engaging with project managers, establishing the type of testing required and the timescales for the work, identifying prerequisites and planning change control. They must liaise with your penetration testing suppliers, obtain proposals and subsequently monitor the tests and produce reports in your internal format. They will also follow up and track any remediation activity and update your risk register and GRC systems.
This administrative workload significantly reduces the time they have for strategic planning, research and ensuring the organisation’s cyber readiness.