The mysterious art of penetration testing shouldn’t be a mystery to us information security professionals, in fact it should be a staple of our infosec diet along with policies and awareness campaigns. Yet for many charities the thought of paying for what is properly termed ‘ethical hacking’ is often deemed a step too far. Perhaps it’s the thought of what will appear on the invoice, or what will appear in the report and need fixing. For some, ignorance may be preferable to bliss. But as a means to seriously raise the stakes when you know that your external facing defences may be a little flaky, the power of the pentest can be second to none. To know that your firewall isn’t properly configured will give you the chance to address that particular problem before some curious outsider makes off with a copy of your company confidentials. Getting a proper pentest carried out may cost a bob or two, but even a simple and free ‘do it yourself’ scan will give you valuable insight into how you appear to the outside world. And if the results don’t make much sense, your colleagues in the CSF are dab hands at translating and interpreting the contents into an action plan. Or helping you celebrate the security of your organisation!