Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Q: What is the general timeline of an engagement?

This is a general order and timeline. After the first step, some of the phases run simultaneously. During a typical engagement, PEN Consultants will: meet (or teleconference) with you to discuss your needs and goals give you preliminary pricing based on your desired services send a mutual non-disclosure NDA, to protect both parties complete a detailed questionnaire to narrow down testing scope provide a detailed, no obligation , contract and statement of work (SOW) for your review perform testing/service (after execution of the final contract/SOW) after testing is complete, (1) "get noisy" so your SOC staff will see the attack(s) and get some IR experience out of it or (2) clean-up, restoring any and all modifications made during the testing (if applicable) create a detailed report explaining what key factors were discovered and provide recommendations for you to prevent and/or detect discovered attacks (at all layers), etc. (if applicable) follow up with a debrief - on-site or teleconference - to discuss/show what was found (if applicable) assist you with locating vendor products, determining a better use of current vendor products, acquiring qualified staff to carry out remediations, etc. (if applicable) remain engaged until you are 100% satisfied

Question 1