Working with us isn’t a black box or a “trust us, we’re hackers” pitch. There is a clear journey of what it looks like to engage with our team – from that first discovery call, to a concrete proposal, to testing, reporting, and ongoing support. We use the same disciplined mindset attackers rely on, but we channel it into a structured, transparent process that keeps you in control of scope, budget, and risk. Each stage is built to be predictable and painless for your team, so you can focus on business operations and not cybersecurity incidents.
Discovery call (30 – 60 minutes): We introduce our team, learn about your organization, clarify objectives, and walk you through a typical engagement from start to finish.
Project Intake Form (PIF): We walkthrough the PIF together so you can gather the correct details from IT, security, compliance, and business stakeholders.
Estimated Days of Effort (EDEs): Using your completed PIF, we calculate the number of days of hands‑on expert work needed to properly test your environment.
Technical diagnostics: Our team performs targeted diagnostics against the assets you identify to validate scope and complexity (IPs, applications, integrations, users, locations, testing type, and regulatory drivers).
Right‑sized scope: This prevents “cookie‑cutter” testing and ensures effort matches reality, not guesswork.
Effort‑based pricing: Your investment is simply
[ EDEs required ] × [ EDE rate for your tier ] = Your Project Cost
No surprises: Pricing is tied directly to validated workload – no hidden fees, no vague “package” levels, and no mid‑project change‑order games.
Proposal review: We walk through the proposal with you to confirm requirements, expectations, and any constraints before you sign.
Handover to delivery: Once signed, the project is handed to our delivery team, who reviews the statement of work to select the best‑fit tester(s) and specialists.
Kickoff call: We introduce both teams, finalize timelines, confirm rules of engagement, and validate communication and escalation paths.
Readiness check: Any remaining access, allow-lists, or logistics issues are addressed before testing begins.
Actionable testing: Our testers execute using advanced tactics, techniques, and procedures that mirror real‑world threats, aligned to the testing type, level, and objectives (network, web app, cloud, red team, etc.).
Safe by design: We design testing to avoid impacting system integrity and performance while still providing realistic attack coverage.
Ongoing updates: You receive regular status updates throughout, while critical findings are immediately escalated so you can respond in real time.
Formal report: At the conclusion, you receive a structured report with each vulnerability, business risk, and prioritized remediation guidance.
Secure delivery: Reports are delivered through our customer portal with appropriate access controls.
Review session: We offer a report review call to walk your team through key findings, attack paths, and recommended next steps.
Free retest: Within 60 days of report delivery, we can retest previously identified vulnerabilities to verify that remediations are effective.
Updated posture: The report is updated to reflect your improved security posture and residual risk.
Continued partnership: After the project ends, our team remains available as a security partner to answer questions, advise on remediation, and plan future testing.
Roadmap support: We help you prioritize future assessments and security investments based on your evolving environment and risk profile.
