PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Year: 2021


Vulnerability Disclosure Policy

Vulnerabilities are everywhere. You can be assured your systems have them. There is a good chance the vulnerabilities in your systems may be discovered by an outside party. Do you have internal policies and procedures in place on how to deal with that when it happens? Do you have a public version of that posted? […]


Annual Team Meet-Up (2001)

PEN Consultants held its inaugural annual meet-up October 8th – 10th 2021, giving each team member (and their family) the ability to meet each other face-2-face (many for the first time), participate in team-building activities, and give back to the community. Here is a summary of that event. Friday Meeting up at the Neel’s house […]


Acquisition of PEN Consultants, LLC

Throughout most of 2021, we have been increasingly pursued by various business referral partners and investment firms, asking if we would be interested in merging with them or being acquired. This is our boilerplate statement, so as to not have to repeat ourselves. Thanks for reaching out! I don’t think we’re going to be interested […]


SmartVestor Pro Experience

On 08 Sep 2021, we utilized Ramsey Solutions’ SmartVestor Pro service to find a firm that could help maximize our investment strategy as both a business and personally. This is a review of our experience with that service. Thank You Thank you to Dave Ramsey and his team for providing this service! We’ve used their ELP service in the […]


Webcast: The Data-Planet

17 Sep 2021: Robert Neel of PEN Consultants joined Pete Martin and James Beecham on ALTR’s The Data-Planet to discuss data security challenges and best practices. Source: If you are interested to know how your network services and web apps would perform against these types of attacks, but you do not have the expertise or resources to do so, contact PEN Consultants today!


Responsible Vulnerability Disclosure

An ongoing responsible (but frustrating) vulnerability disclosure with a well-known cybersecurity vendor. After reading through this, please leave your feedback at one of the following polls: The vulnerability risk scores somewhere between a 4.0 and 4.2 on a CVSS calculation (ex., so not a huge deal. We could certainly develop a working PoC (with time), […]


User Enumeration vs Password Spraying

What do you call a User Enumeration attack against a login service (i.e. username + password)? Based on recent polling (Source_1, Source_2), it would appear our industry peers call this a password spray attack (by a 3-to-1 margin), despite the purpose clearly being for user enumeration. This article will explain why we are taking a minority […]


How do I get into Cybersecurity?

I’m often asked questions such as, “How do I get into Cybersecurity?” or “How do I get from an IT role a cybersecurity role?”. This is a copy/paste, with a few edits, from previous emails. Bottom Line up Front (BLUF) I’d lean towards a shorter/cheaper tech degree in the field you want to go into […]