Security Services for Companies That Need to Know Where They Stand

Penetration testing, compliance assessments, and advisory services for mid-market financial services, healthcare, and SaaS organizations.

Get a Quote

What We Do

Penetration Testing

Web apps, networks, cloud, APIs, Active Directory. Delivery in 2–8 days.

View services ↓

Compliance Testing

PCI-DSS, SOC 2, HIPAA, NIST. Attestation-ready reports.

View services ↓

Advisory Services

vCISO, incident response retainers, tabletop exercises. Ongoing or project-based.

View services ↓

Penetration Testing

We test what attackers target. Web applications, external perimeters, internal networks, cloud configurations, and Active Directory environments.

Web Application Pen Test

OWASP Top 10, business logic flaws, multi-role authorization, session management, and API security testing.

Starter
from $5,000
Up to 20 pages/endpoints · 2–3 days
Standard
Scoped to fit
20–75 pages/endpoints · 3–5 days
Advanced
Scoped to fit
75+ pages, multi-role, complex logic · 5–8 days

External Network Pen Test

Internet-facing infrastructure, exposed services, misconfigurations, and vulnerability exploitation.

Up to 10 IPs
from $5,000
2–3 days
11–50 IPs
Scoped to fit
3–7 days

Internal Network Pen Test

Lateral movement, privilege escalation, segmentation controls, and domain compromise paths.

SMB
from $5,000
3–5 days
Mid-Market
Scoped to fit
5–8 days

API Security Assessment

OWASP API Top 10, authentication, BOLA/IDOR, rate limiting, and data exposure testing.

Up to 20 Endpoints
from $5,000
2–3 days
50–100+ Endpoints
Scoped to fit
5–8 days

Cloud Security Configuration Review

AWS, Azure, or GCP. IAM policies, networking, storage, encryption, and logging configuration.

Single Subscription
from $5,000
2–3 days

Active Directory Assessment

Kerberos attacks, NTLM relay, lateral movement paths, privilege escalation, and Group Policy weaknesses.

SMB
from $5,000
2–3 days
Mid-Market
Scoped to fit
3–5 days

Planning multiple assessments this year? Annual commitments receive preferred pricing across all pen testing services. Ask during your scoping call.

Compliance Testing

Our reports are formatted for auditor review. Compliance mappings are standard in every engagement, not an add-on.

PCI-DSS Annual Penetration Testing Program

One package. Full year of PCI-DSS v4.0 Requirement 11.4 compliance. External pen test, internal pen test, and segmentation validation — on the cadence the standard requires. Attestation-ready documentation and QSA-ready evidence packages included with every test. Components also available individually.

PCI External
Scoped to fit
Req 11.4.1 · Internet-facing infrastructure · Annual · 2–3 days
PCI Internal
Scoped to fit
Req 11.4.2 · CDE lateral movement & privilege escalation · Annual · 2–3 days
Segmentation Validation
Scoped to fit
Req 11.4.5/11.4.6 · CDE isolation under real attack conditions · Annual or biannual · 1–2 days
Full PCI Package
from $20,000/yr
All requirements · Full year of coverage · 5–8 days total
  • Covers your full compliance year — annual pen tests (Req 11.4.1, 11.4.2) plus segmentation validation at the cadence your entity type requires: annually for merchants (Req 11.4.5), every six months for service providers (Req 11.4.6)
  • Segmentation testing validates that your firewall rules and network isolation actually prevent cross-boundary compromise — not just that the policy exists on paper
  • QSA-ready from day one — separate reports for each requirement, formatted for auditor review, delivered on your audit timeline. We coordinate directly with your QSA.

Compliance Gap Analysis

PCI-DSS, SOC 2, HIPAA, NIST 800-53, GDPR. Gap findings mapped to your control framework. 2–3 day delivery.

Security Architecture Review

Board-level readiness assessment. M&A diligence. New CISO/CTO baseline. 1–2 day delivery.

SOC Maturity Assessment

Evaluate your security operations center against defined maturity tiers. 1–2 day delivery.

Advisory Services

Senior security leadership and incident preparedness, without the full-time hire.

vCISO Services

Senior security leadership on a fractional basis. Advisory, program management, or strategic leadership tiers available monthly.

Monthly Retainer
from $3,000/mo

Incident Response Retainer

Pre-positioned incident response. Standard (4-hour SLA) or Premium (2-hour SLA) retainers. Activate before you need it.

Tabletop Exercises

Run the scenario before the real thing happens. Half-day, full-day, or multi-session formats. Board-ready if needed.

Security Awareness & Phishing

Targeted phishing campaigns and security awareness training tailored to your organization's risk profile.

Every Engagement Includes

Get a Quote for Your Engagement

Tell us what you're protecting and we'll have a proposal to you within 48 hours.

Schedule a Scoping Call