Monthly pen testing and tabletop exercises boost Credit Human’s cyber resilience

By partnering with SHI, Credit Human upgraded its cybersecurity strategy from annual checkups to continuous vigilance.

Challenge:

In today’s fast-evolving threat landscape, annual penetration testing, while regulatory compliant, simply wasn’t cutting it for Credit Human’s Chief Information Security Officer, Joshua Light. As a financial institution responsible for safeguarding sensitive member data, Credit Human knew it needed to go beyond checkbox compliance and adopt a more continuous and proactive security posture. But more frequent penetration testing can be cost-prohibitive, and Joshua’s team was already stretched thin responding to everyday threats and incidents. What Credit Human needed wasn’t just another vendor. It needed a true partner.

Solution:

That partner was SHI. By introducing Credit Human to a new pen testing provider offering even better quality at significantly reduced costs, SHI enabled the organization to increase its testing cadence from once a year to once a month.

Each penetration test does more than expose risk. It fuels Credit Human’s continuous improvement loop by validating prior remediations and providing tailored recommendations. Insights from the reports are integrated directly into the risk register and ticketing systems, enabling cross-functional teams to prioritize and act swiftly.

SHI’s support didn’t stop there. Recognizing the importance of cyber preparedness beyond just tools and alerts, SHI also connected Credit Human with Critical Start, a vendor specializing in realistic tabletop exercises. These guided, scenario-based simulations put multiple internal teams through the paces of responding to sophisticated cyberattacks.

Outcome:

The partnership with SHI has delivered measurable value on multiple fronts. By helping Credit Human find a more cost-effective penetration testing partner, SHI enabled the organization to dramatically increase testing frequency without overextending the budget. This shift not only enhanced visibility into emerging threats but also created an ongoing feedback loop that validates previous mitigations and keeps infrastructure aligned with best practices. At the same time, SHI’s ongoing support, particularly during vendor escalations, has reduced operational friction, allowing internal teams to focus more on strategic improvements.

The insights generated from each test are immediately actionable and feed directly into Credit Human’s ticketing systems. This structured follow-through ensures that no findings are ignored and that security posture steadily improves over time. Meanwhile, the realistic and immersive tabletop exercises have bolstered the organization’s incident response capabilities, prompting tighter collaboration across departments and greater clarity in roles, responsibilities, and escalation procedures. As Joshua put it, “SHI has been a valuable partner…especially during escalations. That extra escalation point has been really helpful to be able to get assistance quicker.”

Credit Human now benefits from a mature, cyclical vulnerability management process that’s no longer reactive, but continuously evolving. With monthly penetration testing and annual tabletop exercises tailored to their environment, the organization has transformed its approach to security from point-in-time defense to always-on vigilance.