IT Leadership is beginning to realize that one Pentest a year is not enough. What happens if an engineer makes a configuration mistake exposing your systems environment one week after your Pentest has been completed? You are basically exposed for a whole year if your vulnerability scans do not detect the issue.
Pentesting as a service is currently offered by a number of companies in this automated fashion. It’s only a matter of time before industry leaders start taking advantage of these technologies. Unfortunately, many organizations only implement the tools required for compliance, but those organizations who are serious about data security will gravitate towards these sorts of technologies that make your security program more effective.