Darylin McLaughlin, Information Security Officer, PC Richard & Son, talks about her experiences working with the Rapid7 professional services team.
Our company is a privately held firm, so PCI is all that we really are required to follow right now. We're not Sarbanes-Oxley shop. We're not a HIPAA shop. However, we do have HIPAA information, so we are concerned with keeping our employees data private. We have about 3,500 employees from frontline employees to corporate employees, and there are about 350 people in the corporate office right now.Show more Show less
As a retail firm, we are mandated to follow PCI standards. PCI requires a penetration test to be done annually by a third-party vendor. We contacted several companies for professional services to do the penetration testing, and we met with Rapid7, and we really liked the team and the people who they were going to bring in and the consultants and everyone who was going to do the hands-on work. So we were very comfortable with them, and we decided to go forward with them.
The Rapid7 offerings that we have currently used are all professional services. So, we've had a penetration test done. We're currently looking at web application testing and some other testing, namely POS testing.
The experience with using Rapid7 has been really great. We enjoyed the team that came on site and worked with us, as well as the remote team that we had working on our penetration test. The results were awesome, and we have hopes of continuing the relationship to move forward with other endeavors.
I would absolutely recommend working with Rapid7 professional services because of their professionalism, because of the expertise that they brought to the table and because they were so flexible with our needs and even with the scope creep that we might have thrown in at the end of it.