This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will:

  1. meet (or teleconference) with you to discuss your needs and goals
  2. give you preliminary pricing based on your desired services
  3. send a mutual non-disclosure NDA, to protect both parties
  4. complete a detailed questionnaire to narrow down testing scope
  5. provide a detailed, no obligation, contract and statement of work (SOW) for your review
  6. perform testing/service (after execution of the final contract/SOW)
  7. after testing is complete, (1) “get noisy” so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable)
  8. create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable)
  9. follow up with a debrief – on-site or teleconference – to discuss/show what was found (if applicable)
  10. assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable)
  11. remain engaged until you are 100% satisfied

Categories:


© PEN Consultants, LLC 2013 -