Explore how speed, quality pentesters, and effective communication help Cengage scale security testing.
Why Cengage Values Speed to Execution and Quality When it Comes to Pentesting
Cengage is an educational content, technology, and services company for the higher education, K-12, professional, and library markets. Cengage cares deeply about protecting their customers’ data and respecting their privacy. Eric Galis, VP of Compliance and Security, looks for strong security partners to provide best-in-class services to make sure they are doing the right things for their more than 10 million students.
With traditional pentesting, setup can be a time-consuming and labor-intensive process that just doesn’t keep pace with the speed of modern development. Organizations practicing modern development need a pentest partner that is ready when they are.
With Cobalt, Cengage is able to get a pentest easily up and running within 24 hours. This intersection of speed of execution and quality is what they value most about the Pentest as a Service (PtaaS) approach to security testing.
Cobalt takes care of sourcing and setup, connecting Cengage to the right pentesters, with the right skill sets, based on their specific testing needs. In addition, the pentesters communicate and partner with security, product, and engineering in order to close those vulnerabilities once they've been found. By ensuring that each team has an understanding of the risk at the product level, they can make decisions on prioritization and timing. This entire process gives Cengage the ability to easily scale security testing.
Cengage was looking for something more than a transactional relationship; they wanted a pentest partner, and that is exactly what they’ve received with Cobalt. They work together, and Cobalt functions as an extension of their security team.
“Cobalt to me is what any one of our good vendors in security is and that's a partner. It's not meant to be a transactional relationship where we're giving them money and they are giving us a service in return. But really, we work together and they work as an extension of our security team.”