Pentest Management software, which allows you to deliver Pentest-as-a-Service, is increasingly popular. In 2019, there were two real options on the market. Today, there are more than 3 times that. That’s important as Pentesters are increasingly pushed towards modernization and digitization. Pentest management software delivers project management, oversight, and visibility for clients, the pentest pipeline, and project progress.
While this undeniably makes it easier to plan, manage and deliver pentests, change is difficult. Adopting a Pentest Management platform means changing work processes, pushing adoption to everyone in the organization, and helping clients to make the shift. Change management can be difficult and expensive, which can prevent many organizations from adopting something as big as pentest management.
At the same time, pentest management software delivers undeniable returns in terms of reduced manual repetitive work, improved client collaboration, and improved visibility and oversight of the pentest pipeline.
This blog walks you through the process of adopting a pentest platform like Cyver, with the intent of minimizing the learning curve, reducing waste time, and reducing the costs of change.
Steps to Getting Started with Cyver
Getting started with Cyver is, in theory, relatively simple, especially with full support from our team at every step. However, the process of getting teams to actually use the software means changing how they work.
- Get buy-in. Convince everyone in the organization that moving to Cyver is necessary and will have benefits. We offer plenty of arguments in our blog and in our free Whitepaper.
- Set up a change-management plan. You won’t be able to transition existing clients over right away. You shouldn’t transfer existing projects in mid-way until you know how it works. For example, having all relevant stakeholders sit in on the product demo, going through the Support Portal, or setting aside a few hours to set up and deliver a test pentest inside the system to see how it works.
- Complete setup fully. Ask for support if necessary. We recommend following the full startup process which includes branding your interface, onboarding people and teams, assigning roles, setting up pentest templates, setting up pentest report templates, and onboarding a client. Click here to see our full documentation for this process. Why? A full setup allows you to get the most from the platform.
- Build work processes around Cyver. For example, you could establish, as a best practice, to upload exports as they’re available. This ensures XML files and findings don’t get lost and that Cyver does the work of managing and keeping up with findings. Here, it’s important that you keep track of process inside Cyver. The Pipeline Wizard is one way to do so. Cyver also offers Checklists for methodology and tasks. Building new work processes inside Cyver should be a first priority to ensure adoption. Here, processes will heavily depend on which version of Cyver you’ve chosen.
- Do a trial run. Complete a single project, start to finish, inside Cyver. This means:
- Handling all client communication inside Cyver
- Using the planning and project management tools
- Assigning roles and delegating tasks (If available with your subscription)
- Make sure the client has assets and permissions uploaded in the platform
- Use the checklists (if available with your subscription)
- Upload findings files as they are available – publish and release them in your own time
- Keep track of which processes are seamless and which are not
Eventually, you’ll want to migrate all your clients, including new prospects, to the platform. Doing so can mean sending emails to help them migrate, introducing new processes, and offering onboarding support. Cyver offers a full client portal guide to that extent. We’re also available to deliver individual client support where needed.
Eventually, onboarding to Cyver can save you considerable time on pentest management, reporting, and project planning. Our whitepaper shows that users save an average of 15% of time on every Pentest. That makes sense if you can launch a pentest based on a template, with client assets, assigned teams, and assigned roles already in place. With less overhead, you spend less time planning and setting up and more time doing the work. Uploading findings to one place means you no longer have to manually copy-paste, grep, or compile reports, you don’t have to worry about losing XML files, and everything is in one place. Plus, the findings library means findings are stored for the long-term, so you can track and re-use vulnerabilities across projects for the same client, without rewriting them every time.
Delivering Pentest-as-a-Service with Pentest Management is a powerful way to offer value to your clients, to adapt to a digitizing world, and to reduce your own costs and time expenditure. However, you will have to move through that critical period of onboarding and adoption to get there. Cyver is built to be intuitive. Hopefully, you can move through this phase quickly and start saving time and money on every project.