Penetration Testing Companies
the_hutch
Banned Posts: 827
I'm trying to start making a list of potential employers for PenTesting positions, for after I separate from the Air Force. I've just started looking around, but I though you guys might be able to help me make a good list. I would assume there are probably other people on here who could benefit from the list as well.
Personally, I'm looking for something private side. Preferably no exclusively government contract companies. I have little interest in limiting future career opportunities by pursuing a government InfoSec job that requires TS/SCI clearance and all the restrictive overhead that goes with it. Right now, I've only got two that I'm looking at:
- Alert Logic (a good option for me because its centrally located in my home city of Houston)
- Accuvant
Personally, I'm looking for something private side. Preferably no exclusively government contract companies. I have little interest in limiting future career opportunities by pursuing a government InfoSec job that requires TS/SCI clearance and all the restrictive overhead that goes with it. Right now, I've only got two that I'm looking at:
- Alert Logic (a good option for me because its centrally located in my home city of Houston)
- Accuvant
Comments
-
paul78
Member Posts: 3,016 ■■■■■■■■■■
I suspect that most of the pentest companies out there would support remote employees. Most of the pentest companies that I'm familiar typically would focus on application pentetration testing. I see that you already listed Accuvant - they offer a good range of services. Similar companies would include consulting companies like Deloitte and KPMG. I would also suggest that you explore the boutique companies. I occasionally come across these firms:
Netspi
Aspect Security
Gotham Digital Science
A great list of companies that you can target is the PCI QSA list - to be a PCI compliant organization, the payment card processor is required to have an external QSA (qualified security assessor) perform an audit on a regular basis. Most if not all QSA's offer penetration test services. The full list of QSA's are located here - https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php
Also - if you want to focus on a specific industry - check out Financial Services (the industry that I work in) or their technology providers. Many financial services companies have in-house penetration testing teams. -
jasong318
Member Posts: 102
-Accuvant
-Redspin
-Rapid7
-Trustwave
-PSC
-AppSec Consulting
-Digital Defense Inc.
-IOActive
-Mandiant
-Neohapsis
-Secure State
-Security Innovation
-Stach & Liu
-WhiteHat Security
-Visible Risk
those are just a few. You can also check out the infosec hiring thread over at reddit.com/r/netsec, some good leads there! -
kriscamaro68
Member Posts: 1,186 ■■■■■■■□□□
In Utah there is Security Metrics and I believe that Solera Networks may also do pen testing. -
YuckTheFankees
Member Posts: 1,281 ■■■■■□□□□□
Hutch,
When are you leaving the Air Force and would you be interested in working in Denver? Depending on when you're done with the AF, I could send you in the right direction.
Edit: To really impress this company, pass OSCP. -
the_hutch
Banned Posts: 827
I would absolutely love to move back to Colorado. I know that Accuvant actually has a branch in Denver too. And I'm going to try to knock out OSCP prior to getting out (gonna start in February when tax returns roll in). I can put in my package to separate in May of next year, so probably a couple months after that. But that is still subject to approval. In any case, I'll probably hit you up whenever time comes closer.
-
YuckTheFankees
Member Posts: 1,281 ■■■■■□□□□□
Sounds good. The guy I know doesn't work for Accuvant, it's a smaller company but he enjoys it. Just hit me up when it gets closer and I'll see what I can do.
