I’m often skeptical of survey results, but a recent survey from the 2017 HIMSS (health sector) conference, which suggests that penetration testing is a top priority, caught my eye. Add to this Gartner’s global cyber security group estimate of a 14 percent uptick in “security testing,” as well as an 8.5 percent increase in “consulting.” Combined, these projections imply that many organizations may be readier to prioritize budget towards penetrating testing. That’s great, if we understand the limits and the proper role of pen testing an overarching security strategy.Never trust a test that says you’re perfectAt a conceptual level, penetration testing is a great way to help manage security in an organization. It’s great at evaluating the efficacy of your security system’s detection and response mechanisms, and it’s a fantastic tool when you want to build a case to affect meaningful internal change and/or ask for a larger security budget.