Pentest People expands cyber security services & increases headcount


Award-winning cybersecurity consultancy, Pentest People, has made a number of senior appointments to support a range of new managed services. The company has also re-engineered its SecurePortal product to provide customers with continuous, cloud-based vulnerability monitoring and penetration testing as a service (PTaaS).

Organisations commission Pentest People’s cybersecurity consultants to test their websites, applications and IT networks for any weaknesses that could allow cybercriminals to steal information, damage systems, or hold data to ransom. Consultants’ manual assessments are backed by a growing range of automated PTaaS, which will all be offered on the new Secure Portal 2.0. Its intuitive dashboard shows when vulnerabilities first emerged, their level of severity, and when they were addressed, allowing organisations to track their security posture over the course of the year.

Gavin Watson, technical director at Pentest People explains, “SecurePortal 1.0 was originally developed to remove the pain of wading through hundreds of pages of static pentest reports in PDF format to find out where the organisation was at risk. The idea was to make all pentest results accessible on a single secure platform that shows the live status of vulnerabilities in a clear and consistent format, allowing security teams to rapidly focus on the most urgent remediation tasks.”

 “A lot can change in between annual or six-monthly pentests. Secure Portal 2.0 has been completely re-engineered and allows all clients who request a regular pentest to also benefit from our new Managed Scanning service. These regular scans of clients’ internal and external infrastructure can now be linked into a timeline providing a-crystal clear picture of how results have changed between pentests, with trend analysis of the top vulnerable hosts, most common vulnerabilities, and industry benchmarking.”

To complement the company’s growing range of cloud-based tests, SecurePortal 2.0 now runs on Amazon Web Services (AWS) allowing enterprise customers to use the portal to manage security assessments across multiple companies and understand the overall security risk for their organisation.

Pentest People has also hired a senior, CREST-approved incident response manager, with two decades of public sector experience, to lead its new Incident Response Service. This will provide organisations with end-to-end support and software tools to enable them to prepare for, detect, rapidly respond to, and swiftly mitigate cyber attacks.

The latest government figures revealed that only 19% of businesses polled had a formal incident response plan in place. Demand for Pentest People’s new service saw the company record its highest ever revenues in September.

Commenting on the new service, Pentest People co-founder, Andrew Mason said, “In the event of a breach, lack of an incident response plan can leave businesses scrabbling to respond, with inevitable delays. This can increase impacts on systems, customers, reputations and revenues. We’re addressing that need by providing clear processes that organisations can follow and tools that they can use to help them to swiftly detect, act, mitigate and communicate.”

Led by Anthony Harvey, Robin Hill, Andrew Mason and Gavin Watson, Pentest People has grown from four to over a hundred employees within four years. The company employs a number of CHECK team leaders, who possess qualifications and penetration testing experience approved by the National Cyber Security Centre (NCSC). In addition to recent senior hires and internal promotions, Pentest People has taken on several apprentices and launched a graduate recruitment and training programme which has seen at least twenty young professionals embark on their cyber security careers.

To accommodate its growing team and training programme, Pentest People moved into the largest office in Leeds’ Coach Works earlier in the year and opened a second office close to GCHQ’s cyber security hub in Cheltenham.