At Secure Ideas, we take pride in providing customized, reliable, and effective penetration testing services. Our methodology is based on a thorough and rigorous approach, which is tailored to the specific needs and objectives of each client engagement. In this article, we will provide an end-to-end overview of our process, highlighting the key steps involved in each phase of the engagement. Our expertise in testing includes decades of work for organizations across all verticals and we can leverage this to make sure that a proposal includes exactly what you need and nothing you don’t.
Before we begin any engagement, we work closely with our clients to define the scope of the engagement. We typically have an initial scoping call to discuss the client's needs, goals, and requirements. Based on this call, we then develop a customized Statement of Work (SoW) that outlines the scope of the engagement, the type of test to be performed, the testing timeline, and the fee structure. If we already have an existing Master Services Agreement (MSA) in place with the client, we will simply append the accepted SoW to the MSA. If we do not have an MSA in place, we will work with the client to establish one along with the accepted SoW. Once the contract is signed, we schedule the engagement and a kick-off call with our clients to discuss the specifics of the engagement and answer any questions they may have.
Once the engagement begins, we follow a methodology specific to the type of test being performed. Throughout the engagement, we maintain regular communication with our clients, providing status updates and addressing any concerns that may arise. In the event of an emergency or if an Indicator of Compromise (IoC) is discovered, we will immediately notify the client and work with them to remediate the issue.
We are available 24/7 during the engagement to address any concerns or issues that may arise related to the testing.
Following the engagement, we typically schedule an optional debrief call with our clients to discuss our findings and any immediate remediation steps. We also provide a draft report for review and feedback, ensuring that our clients have ample opportunity to provide input and ask questions before the final report is delivered. Once any feedback has been addressed, we finalize the report and provide it to the client. For clients who require it, we can also, upon request, provide a letter of attestation, which certifies that the engagement was completed by professional penetration testers and in accordance with industry standards. Secure Ideas can also, upon request, offer re-testing of any findings discovered during the test to ensure that any remediations to the finding properly address the finding.