Transparency

Learn about our commitment to Transparency. Our public pricing, detailed service descriptions, and real-time notes provide clients with unprecedented clarity & insight into our processes, ensuring trust, clarity, & insight for our clients every step of the way.

Source: https://youtu.be/sALegq1-PDs

VIDEO TRANSCRIPT

INTERVIEWER QUESTION: 
Tell me more about the Transparency you mentioned.

ROBERT:
In terms of our Transparency and Clarity…
Our detailed service descriptions and SOWs
We don’t just give general, unqualified service descriptions like “penetration test”
A term that is used by many in this industry to describe an automated vulnerability scan
we give details about our process on our website
and spelled out in even greater detail in each SOW
so we’re contractually obligating ourselves to that
This is not necessarily completely unique
but very rare to see
Our Public Pricing listed on our website
Almost no pentest firm we know of does this
those that do are typically not reputable
or otherwise providing misleading pricing 
or in one case we know of
“Starting from $X”
or otherwise have some pretty significant caveats
We have our hourly pricing & estimated service pricing
posted online
for most commonly scoped engagements
The real-time/Live notes
I know of no one who does this
Largely due to intellectual property concerns
but also the time and cost of it
Every detail of our testing is available to the client
including every individual test completed
our todo list
even the full commands we run for some common tool or utility
most all of it is in real-time
in fact, often documented just before running it (so before)
most of it is in a journal-style format
raw
unfiltered
all timestamped
there is nothing we have done
are doing
or plan to do
down to the tool and command level
that the client does not have access to
REAL-TIME, LIVE
It makes sense why we are the only ones I know of that does this
it is essentially giving up some intellectual property
the details of how we do things
but in our minds, transparency trumps
intellectual property concerns
and costs
and it is an important benefit to our clients
Some of our clients
do not look at these that often
but some monitor these very closely 
Those clients
that monitor these notes closely
they actually reach out to us
on occasion
in the middle of testing
and will ask if it would help to have additional access to
something they see us digging into
based on our notes
or shoot a text something along the lines of
“i’m glad you found this, we’ve struggled to get funding to fix it, hit us hard on it”