Every single technology has its roots in the Pentagon.
Yet even the Pentagon has been hacked several times.
How could that have happened?
The Pentagon being the US highest security apparatus allows only US military personnel or ex-officers to do penetration testing on its network.
While that might appear a plausible position, the reality is those working within a system are less likely to observe its flaws.
This is the reason external penetration testers are preferable to internal penetration testers.
It makes sense to think that internal penetration testers are more likely to notice anomalies in the network because they are used to the network.
Au contraire, external penetration testers are more likely to notice anomalies than internal penetration testers.
Am I suggesting organisations do not use internal penetration testers?
Of course not.
Internal penetration testers are essential for successful cyber security monitoring.
However, organisations with internal penetration testers must call in external penetration testers from time to time to see if their assessment matches those of the internal penetration testers.