PEN Consultants, LLC

This Memorial Day, we pause to honor the courageous men and women who gave their lives for our nation’s freedom. "The cost of freedom is always high, but Americans have always paid it." – John F. Kennedy Their selfless sacrifice reminds us to cherish the liberties we hold dear and to live with purpose, gratitude, and unity. Let’s keep their families in our hearts and strive to uphold the values they fought for. "Blessed are the peacemakers, for they will be called children of God." – Matthew 5:9 #MemorialDay #GratefulForOurHeroes #FreedomAndFaith

@redeemedHacker is here to discuss getting the most out of your #pentest in 2 hours. Join us at #ThursDef! (Register for free 👉 reconinfosec.com/thursday-defen…) reconinfosec.com/thursday-defen…

Had a fantastic time presenting, Breaching a Network with Risk-Accepted Vulnerabilities, at the TEEX Cyber Readiness Summit this afternoon! Great discussions with an engaged audience. #CyberSecurity #TEEXSummit As promised, here are the slides: penconsultants.com/PDFs/Presentat…

Great first day at TEEX Cyber Readiness Summit! Enjoyed meeting and connecting with others in the industry. Visitors were able to interact with our live hacking demonstrations, Cybersecurity Trivia, and win prizes. Up tomorrow at 4pm, our Founder and CEO, Robert Neel, will be presenting, “Breaching a Network with Risk-Accepted Vulnerabilities”. Come see real-world examples of how “acceptable” risks can still lead to total compromise - and what to do about it. #CyberSecurity #TEEXSummit #PenetrationTesting #OffensiveSecurity #CyberReadiness

🚨 PEN Consultants is headed to the TEEX Cyber Readiness Summit April 1-3! 💻🔓We will have a vendor booth with live hacking demonstrations and Cybersecurity Trivia with prize giveaways. 🗓️ Wednesday at 4pm Our Founder and CEO, Robert Neel, will be presenting, “Breaching a Network with Risk-Accepted Vulnerabilities”. Come see real-world examples of how “acceptable” risks can still lead to total compromise — and what to do about it. #CyberSecurity #TEEXSummit #PenetrationTesting #OffensiveSecurity #CyberReadiness

🚀 PEN Consultants is grateful to @NRBConvention for the opportunity to exhibit for the first time at #NRB2025! We had an incredible time reconnecting with old friends, meeting amazing people (some famous, yet the most humble we've ever met!), and celebrating with those who mastered our cybersecurity trivia challenge. 🎉 💻 Our hands-on hacking demos were a hit! It was awesome to share real-world cybersecurity threats and solutions with those who stopped by. We're excited about the new connections we made and the opportunity to serve their offensive security needs, ensuring they benefit from the Rock Solid Security our services provide. Let’s prevent breaches before they happen! 🔒 🎥 Watch the video to see the action! 👇

We're hiring again! Experienced Offensive Security Testers needed (penetration testing, red teaming, etc.). Part-time, fully remote, up to $82/hr. Details and application here: penconsultants.com/experiencedTes…

Thank you, veterans, for your courage and sacrifice in selflessly protecting our freedoms. May God bless you and your families. #VeteransDay

One of the best ways to test your organization’s security and your potential exposure to hackers is with penetration testing. But, if you haven’t implemented basic security guidelines, a penetration test isn’t a good place to start. It would be like going to the dentist without ever brushing your teeth or flossing. You know exactly what the dentist is going to recommend already, so why waste your time? That is why we documented some basic security guidelines that are relevant to all organizations, including: 🔹Understanding risk 🔹User security 🔹Network security 🔹Perimeter security 🔹Windows vs MacOS vs Linux 🔹System administration 🔹Mobile devices 🔹BYOD policies 🔹Software updates 🔹Wireless / WiFi 🔹Physical Security 🔹Credentials and Authentication 🔹And more! Once you have worked on these basic guidelines, then you are ready to validate the security controls you worked on with penetration testing. Check out all of the guidelines and recommendations at: penconsultants.com/securityBestPr…

The more you know about how an attacker attacks, the better you can defend against it. Like a politician preparing arguments for an upcoming debate against an opponent or like an NFL defense watching tape of the opposing quarterback and his tendencies, it is all about preparing for the strategies you will face. Defending against hackers is the same way - understanding how hackers think and the methods they use to exploit systems is critical to defending against them. Fortunately, the MITRE ATT&CK framework has created a fantastic resource that breaks hacker methods down into distinct techniques and phases: 🔹Reconnaissance 🔹Resource Development 🔹Initial Access 🔹Execution 🔹Persistence 🔹Privilege Escalation 🔹Defense Evasion 🔹Credential Access 🔹Discovery 🔹Lateral Movement 🔹Collection 🔹Command and Control 🔹Exfiltration 🔹Impact Using this framework, security teams can better understand how hackers think and analyze their security defenses across the different phases of attacks. To learn more about the ATT&CK framework, see MITRE’s website at: attack.mitre.org And, if you want to verify that your security controls catch all of these techniques, contact us today: penconsultants.com/contact-us/

PEN Consultants’ foundation is built on generosity and corporate social responsibility. (Matthew 6:21) This year, we are delighted to add the ReStoried 2024 conference to our list of charities we sponsor (see the others on our website). The conference is in early October in Indianapolis. Will you be there? restoryministries.org/restoried24/

No organization is fully secure from all attackers. Unfortunately, a persistent and/or advanced attacker WILL breach your systems if they decide to target you. It is impractical to fully defend against all attacks. In fact, even “unplugging the computer” will not stop all attacks. As a result, the ability to detect, respond to, and investigate unauthorized access is as critical a goal as having secure configurations. That is one of the benefits of regular penetration testing. Testing doesn’t just find vulnerabilities - it also tests some of your monitoring and alerting. Penetration testing (as opposed to Red teaming) is not designed to be stealthy. From port scans, DNS enumeration, vulnerability scans, exploitation tools, web application scanning, etc., the majority of penetration testing activity should “light up” a properly configured firewall, endpoint security solution, or WAF. So, while resolving the issues identified in a penetration test report is critical, it is also important to analyze the testing activity against the alerts you did (or didn’t) see from your monitoring tools. That way, you are getting the full value from your penetration tests and staying a step ahead of attackers, instead of the other way around.

The book of Proverbs tells us that one person sharpens another just as iron sharpens iron. In the cybersecurity world, red teaming sharpens your blue team, ensuring they stay vigilant against cyber threats and are ready to respond effectively. #Cybersecurity #RedTeaming

June is the month to start planning for your Q4 testing. Or, better yet, increase your ROI by moving it to another quarter. Auditors are generally understanding of this. Don’t wait until Q4 to start planning for testing that must be completed by EOY! You might be able to get an automated scan done in time, but it would be hard to get a quality pen test performed in time. Typical prep timeline: 1) Schedule a scoping call 2) Receive and approve the quote 3) Receive and review a contract/SOW 4) Execute the contract 5) Make the necessary preparations for testing 6) Schedule testing Typical testing timeline: 1) Prep (from above) starting in June: ~1-2 weeks per step, or 2-4 months total – as late as the end of September to complete 2) Scheduling: 1-2 months, as testers generally are not just sitting around doing nothing (especially during the busiest quarter…Q4) – Mid to late November before testing starts 3) Testing: 30-45 days – Mid to late December to complete testing Report Delivery: Barely in time for your EOY deadline (and that’s if you start prep in June) 4) Although a reputable firm will do everything they can to deliver the same quality of test in Q4 – despite how busy that season is – the reality is, it can be difficult. If possible, move your testing out of Q4. If you need testing in Q4, start planning now Contact PEN Consultants to begin discussing your plans for Q4 testing! penconsultants.com/contactus