Project Manager Role During a Penetration Test

Penetration tests can range from a simple test that takes 1 day to complete up to an assessment with multiple different penetration testing services that takes weeks to complete. A project manager is a vital role during a penetration test to ensure that everything goes smoothly, timelines are met, and ultimately the client gets the expected deliverables. Today we explore the various tasks that a project manager completes during a penetration test. It is worth noting that every firm is different in the way they operate, so certain tasks mentioned below may fall on another team member.

Scheduling

  • Managing Project Calendar – The first step for the project manager once contracts are complete is scheduling the project. Some clients have a timeline that needs to be met (e.g. a penetration test completed within 2 weeks) and other projects that can be booked with more lead time. There should be no surprises to the client when reviewing the calendar, so oftentimes for complex projects, it is prudent to run the proposed schedule by the main point of contact prior to the formal review.
  • Managing Engineer(s) Calendar – Perhaps the most important role of the project manager is to manage the engineers’ calendars that are actually completing the work. You never want an engineer who is scheduled to be on-site with a client for a week to also be on 2 other projects, for example. This is the quickest way to burn out your staff and potentially perform a sub-par assessment for a client. A good working relationship between the engineers and project managers is key to ensuring they are on the same page as far as expected utilization rate, preferred schedules, etc.
  • Booking Travel – When a project requires travel, it is important that the project manager either helps book the travel for the engineer(s) or is privy to what they book. The last thing you want is for an engineer to show up on a Wednesday when in fact they were not supposed to arrive until the following Monday…

Client Coordination

  • Rules of Engagement – The Rules of Engagement are a vital piece of the puzzle for any penetration test and it is the project manager’s role to ensure that this document has been completed prior to project commencement. Without this document signed, the project cannot officially start and the test team could be facing delays right off the bat.
  • Invoicing – The project manager may also be responsible for triggering the invoicing process and fielding any client questions related to payment. This often times requires coordination with the Finance or Accounts Payable team at your client firm.
  • Ad-Hoc Requests – One thing we have learned doing hundreds of penetration tests is that you never know what may come up from a client before, during, or after a project. We rely on our project managers to determine what the next steps for any request should be, including routing it to the appropriate internal source, scheduling a call with the client if needed, or whatever other actions are necessary.

Project managers play a very important role during a penetration test and it is imperative that they remain focused to ensure the ship keeps moving forward. The Project Management Institute summed up a project managers role perfectly:

“They are organized, passionate and goal-oriented who understand what projects have in common, and their strategic role in how organizations succeed, learn and change.”

At Triaxiom, we understand the value our project managers bring to the team and appreciate that without them, the team could not execute at nearly the level that we are able to. Have any questions? Feel free to reach out today and we are happy to help!