Continuous Phishing Model
The Observation After doing multiple phishing engagements, listening to client feedback, and having a customer pay to build phishing infrastructure for them, I’ve come to the realization that Phishing/Social Engineering pentest should move to a continuous subscription model and not just a point-in-time test. I still think point-in-time phishing engagements are a good thing, but I believe there is a huge value add for the client to phish throughout the year. Over the past couple of weeks, I have been building out the continuous phishing model. It is still in the rough draft stage, but the implementation is going to look like something below.
