Sign up to save your podcasts
Or
Share Security Assessment vs Pen Test: What’s the Difference?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security Assessment vs Pen Test: What’s the Difference?
In this episode, Ed Nell is joined again by Leanne Wilson, Senior Technical Delivery Manager and Security Consultant at Vertali. They dive into the world of mainframe security assessments and penetration testing, clarifying the differences between the two, when to use them, and why they’re both essential. Leanne shares real-world examples and explains how combining both approaches offers the most complete picture of an organization’s security posture.
Key Takeaways
Security Assessments = The Full Check-Up: Think of it like an MOT for your mainframe. Security assessments give a structured, holistic review of systems and controls, revealing gaps and offering remediation plans.
Pen Testing = Real-World Attack Simulation: Pen tests mimic a cyber attack using limited access, testing how far a bad actor could go by exploiting weaknesses, such as low-privileged user accounts.
Know the Difference: Assessments show what’s in place. Pen tests show if it works. Both are essential, but they answer different questions.
Used Together, They’re Powerful: An assessment identifies vulnerabilities. A pen test checks if those issues can actually be exploited. One informs the other, ideally, assessments come first.
Real-World Risk & Remediation: The findings are prioritized with clear action steps. But the value only comes when organizations act on the results; this isn’t just a compliance tick-box.
Best Moments
"Security assessments show what controls are in place. Pen tests show if those controls actually work."
"Many attacks don’t come from the outside, they come from compromised credentials. You need to know what an insider could do."
"Marking your own homework rarely works. A fresh pair of eyes often spots issues you’ve overlooked."
"We’ve seen clients do annual pen tests but never fix the vulnerabilities, security should be about improvement, not just compliance."
"We cracked an account by chaining three small oversights: an old database copy, visible password rules, and a predictable naming pattern. Individually, harmless. Together? A breach."
About Vertali
Vertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.
100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.
Find Out More: https://vertali.com/
About Leanne Wilson
With more than a decade’s experience in mainframes, systems engineering and cyber security, Leanne leads Vertali’s technical delivery of mainframe security and infrastructure projects. Her focus is on helping organizations to secure, protect and optimize their infrastructure and related applications. An ISACA Certified Information Security Manager (CISM), Leanne has an MSC in cyber security, regularly presents at industry events, and writes articles for channels including SHARE’d Intelligence, Planet Mainframe and TechChannel.
Hosted on Acast. See acast.com/privacy for more information.
View all episodes
By VertaliIn this episode, Ed Nell is joined again by Leanne Wilson, Senior Technical Delivery Manager and Security Consultant at Vertali. They dive into the world of mainframe security assessments and penetration testing, clarifying the differences between the two, when to use them, and why they’re both essential. Leanne shares real-world examples and explains how combining both approaches offers the most complete picture of an organization’s security posture.
Key Takeaways
Security Assessments = The Full Check-Up: Think of it like an MOT for your mainframe. Security assessments give a structured, holistic review of systems and controls, revealing gaps and offering remediation plans.
Pen Testing = Real-World Attack Simulation: Pen tests mimic a cyber attack using limited access, testing how far a bad actor could go by exploiting weaknesses, such as low-privileged user accounts.
Know the Difference: Assessments show what’s in place. Pen tests show if it works. Both are essential, but they answer different questions.
Used Together, They’re Powerful: An assessment identifies vulnerabilities. A pen test checks if those issues can actually be exploited. One informs the other, ideally, assessments come first.
Real-World Risk & Remediation: The findings are prioritized with clear action steps. But the value only comes when organizations act on the results; this isn’t just a compliance tick-box.
Best Moments
"Security assessments show what controls are in place. Pen tests show if those controls actually work."
"Many attacks don’t come from the outside, they come from compromised credentials. You need to know what an insider could do."
"Marking your own homework rarely works. A fresh pair of eyes often spots issues you’ve overlooked."
"We’ve seen clients do annual pen tests but never fix the vulnerabilities, security should be about improvement, not just compliance."
"We cracked an account by chaining three small oversights: an old database copy, visible password rules, and a predictable naming pattern. Individually, harmless. Together? A breach."
About Vertali
Vertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.
100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.
Find Out More: https://vertali.com/
About Leanne Wilson
With more than a decade’s experience in mainframes, systems engineering and cyber security, Leanne leads Vertali’s technical delivery of mainframe security and infrastructure projects. Her focus is on helping organizations to secure, protect and optimize their infrastructure and related applications. An ISACA Certified Information Security Manager (CISM), Leanne has an MSC in cyber security, regularly presents at industry events, and writes articles for channels including SHARE’d Intelligence, Planet Mainframe and TechChannel.
Hosted on Acast. See acast.com/privacy for more information.