about
us

Whether you’re a multinational looking to protect yourself against an advanced cyber-attack, a medium-sized organisation being asked to supply evidence of security testing for compliance reasons (GDPR etc.) or a start-up looking for initial advice, Pentest are here to provide you with the information security assurances you need.

Founded in 2001, Pentest Limited provide offensive information security consultation, research led penetration testing & elite red teaming services, all supported by the full-service security portfolio of Shearwater Group plc.

We pride ourselves on our client-focused approach and act as a trusted adviser, not just a test provider. That is why our services are designed to not only uncover IT security vulnerabilities and provide proof of testing, but to support your ongoing information security efforts, to pass on our wealth of expertise and to increase the digital resilience of your business.

why clients choose us

Whatever your goals, we’re here to support you. It’s this support that truly sets us apart and it’s one of the key reasons clients come back to us time and time again. But it’s not the only reason clients choose us.

experience & expertise

Our team of security consultants come from a diverse range of backgrounds, have years of proven experience and a depth of expertise in information security testing. We invest significant time into security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.

integrity & trust

We act as a trusted adviser to our clients and as an independent vendor we are able to provide honest advice and recommendations. We pride ourselves on the accuracy of our scoping and will only invoice clients for work completed.

dedicated resource

Every client is appointed a dedicated account manager to oversee the process and we give clients access to consultants throughout the engagement. All of our consultants are directly employed by us and we do not engage with third-parties to deliver testing services.

tailored approach

No two organisations are the same and neither are our services. We work closely with our clients to fully understand their goals, the services under review, security challenges, operational needs and priorities before we undertake any work.

post-test support

Organisations regularly need additional support in understanding and fixing the vulnerabilities found during a test. We will continue to provide access to our consultants after the engagement to assist with the interpretation of report findings, to share our expert knowledge and to provide remediation support to internal development teams or external suppliers. We can also retest individual or multiple issues following the delivery of the report.

flexibility

Our resourcing model allows us to react to urgent client requirements wherever possible. We also understand that projects can often slip and we work with clients to minimise the impact of delays or cancellations.

range of services

As part of Shearwater Group plc, we can offer a wide range of additional services based around your digital resilience. This includes PCI DSS, ISO 27001, GDPR and Virtual Chief Information Security Officer (vCISO) solutions.

accreditations, certifications & memberships

CREST Penetration Test
CREST
ISO9001
ISO 9001
ISO27001
ISO 27001
Cyber Essentials Plus
Cyber Esssentials Plus
OSCP
Offensive Security Certified Professional

supporting our staff & the community

Our ethos of support doesn’t just apply to our clients. Pentest is a firm believer in supporting our staff and the communities in which we work. We set aside 25% of our consultant’s working time to training and development, research projects, pro bono work and to community education. Not only does this keep our consultant’s skills up to date but it also allows us to pass on our expertise.

staff training and development

Information security is a constantly evolving landscape and it’s vital that our consultants keep up to date with the latest threats, techniques and tools in order to provide our clients with the highest possible standard of work.

We set our consultants personal training and development goals, providing them with the time and resources they need, whether they are working towards industry recognised certifications or conducting individual study projects.

Time is also set aside time for our consultants to attend industry conferences such as BlackHat, Defcon, BSides and SteelCon to name a few. We see these as vital opportunities for our consultants to learn more about the latest developments in our industry.

Finally, we encourage our consultants to take part in high-profile Capture the Flag (CTF) challenges, such as the Hack-A-Sat challenge run by The United States Air Force. These challenges give us a chance to learn, develop our skills in new areas and to put ourselves to the test against some of the best CTF teams in the world.

research

Pentest consultants don’t just learn about the latest vulnerabilities, they discover them. We see research projects as a key development tool for our staff and employ a full-time Director of Research to co-ordinate our efforts.

To find out more about our latest research and advisories you can visit our labs page.

infosec community

The Information Security community is a close knit one and it’s one that openly encourages the sharing of knowledge and ideas to benefit everyone. We are proud members of this community and regularly speak at events such as DEFCON Glasgow, BSides Manchester & Scotland, OWASP Newcastle and many more.

We also contribute by designing and running CTF challenges for the community to take part in. Our CTFs are designed to mimic vulnerabilities that we find in our real-world penetration testing and red teaming engagements and seek to replicate them faithfully, allowing others to learn and develop their skills.

giving back

As a company we like to support good causes and initiatives in a number of ways:

pro bono work

Our aim is to provide over £20,000 of information security work on a pro bono basis annually and we work with organisations, and charities, which we believe are doing important work. Work that will benefit us all as a society.

Examples of the pro bono work we have conducted include:

> JoinZoe, Covid19 symptom tracker application
> Xploro, health information platform to deliver information to young patients
> The University of Edinburgh, Coronogenes study

charity

Due to the increase of bug bounty programmes, it is becoming increasingly common that our research disclosures come with a financial reward. In 2020, Pentest Ltd chose Barnardo’s as our sponsored charity and any bug bounty reward we receive is donated to the charity.

contact us

Want to find out more? Our team are on hand to provide you with all the information and support you need. Just fill out the form below and one of our team will be in touch.