Is your Pentester licensed?

by Steve Weingart

Most people don’t know it, but in Texas, any third-party computer security testing (such as penetration testing, forensic imaging or data recovery) where the tester could be exposed to your customer’s data, must be performed by a licensed Texas investigations company.

Not many security testing companies get licensed, but if they are exposed to 3rd party data to an extent that is more than inadvertent, the license is required.



You might think that this sounds crazy, but it actually makes a lot of sense. People who may get access to your (and your customer’s) data should be verified as being honest folks who are not criminals. While most security testing companies routinely perform background checks on their employees,unless your testing company is licensed, you never know for sure .

As part of the process for registering individuals as investigators, the person’s fingerprints and social security number are sent to both the state and the FBI. So any criminal record will be determined well in advance of anyone gaining access to your computers or data.

The real advantage for you is consumer protection. The Texas Private Security Board monitors the licensed investigators and will initiate action if an investigator violates the law, or if a complaint is filed against them.

So, is your Pentester licensed?