What is the last remaining security risk? You already know? It can be your colleague, co-worker or even yourself.
I myself am a senior penetration tester, and in all my accompanied penetration tests, now over 100, there always remained a risk, which in the end led us to break into the target company using social engineering.
Over time, it became clear that corporations and governments, as well as medium-sized businesses, are doing a lot in the area of user awareness, but unfortunately this is often not properly implemented.
However, in addition to user awareness, i.e. the correct and conscious handling of IT by users, IT must also be able to detect IT security vulnerabilities.
Since we ourselves, as I'm sure you do, have the problem of a shortage of skilled workers, we decided to create our own IT security training, in German.
Even trained with the most common certifications like the OSCP, OSSTMM (Professional), PCI DSS Practioneer CEH and quite a few others, we have unfortunately been disappointed too often at the end of the day. With almost all of them, except the OSCP, there is only a simple theory exam - unfortunately not exactly realistic and too easy for the real world of penetration testing.
The OSCP, on the other hand, does some things well, but unfortunately it too ends up with a too light and unrealistic Lab, where you hack hands-on. There is not even an IPS system.
Together with the IHK Akademie Koblenz,
we have created a three-stage - several months long! - in-service training, at the end of which a practical examination must be passed.
The failure rate here is currently 71 percent, for the Junior Penetration Tester, because the certification is not given away. The three courses take a total of 3 months to complete. Nowhere else is there such a long and intensive training to become a penetration tester, and the whole thing is part-time, with senior penetration testers who have many years of training and extreme professional experience.