Don’t work with us. At least, not yet.
These are the times you shouldn’t work with us. Read it. If you still think we fit, that’s a conversation worth having.
Read on ↓Five reasons to close this tab.
You want a PDF, not a result
If the goal is a report to wave at an auditor and then file away, almost anyone will sell you one cheaper. We test to change what’s true about your security, not to manufacture a document. If nobody is going to read the findings and fix them, you’re buying paper, and we’re an expensive printer.
You haven’t done the free things yet
MFA everywhere. EDR set to block, not just alert. The bugs being exploited right now, patched. Dead accounts closed. If those aren’t done, a red team will just hand you a costly list of them. Do the free work first (we wrote the whole list down), then call us to find what’s actually left.
Spend nothing: the free list →You’re buying on price alone
Offensive testing has a wide quality range and a narrow price signal. The cheapest quote is usually the shallowest test: a scanner, run once, by someone you’ll never meet. If price is the only axis you’re comparing on, you’ll get exactly what you paid for. And you won’t enjoy finding out where.
You want a number for the board, not a fix
We can give you a number you can defend. But if a green score is the real deliverable and no one intends to act on what sits behind it, we’re the wrong firm. A score with no fixes underneath it is theatre, and it ages badly. Usually on the exact day you need it to have been true.
You don’t need cyber security
We once spoke with a business owner who ran the whole thing on pen, paper, and filing cabinets — no computers, no cloud, no accounts to phish. We still don’t know how it worked, but it did, and he didn’t need us. If an attacker can’t reach you over a wire, an offensive security firm isn’t what you’re missing. A good lock and a fireproof cabinet is.
Sometimes the honest answer is “not now.”
Pen test, red team, threat hunt, advisory: every one is a sharp tool. At the wrong moment, the sharpest tool just costs you money and surfaces things you weren’t ready to use.
You’re mid-incident
A red team or a pen test won’t put out a fire. If something is burning right now you need incident response: different work, a different clock. We’ll say so on the call and point you to it, ours or someone else’s. Once the fire’s out, come back. That’s when we help you make sure there isn’t a next one. Incident readiness →
No one is going to fix the findings
A pen test, a red team, an AI assessment: they all end in a list of things to put right. With no owner and no time to remediate, that list doesn’t make you safer; it makes you documented-as-negligent. Line up who fixes things, and when, before you pay anyone to find them.
You already know, and haven’t acted
If last year’s report (a pen test, an audit, a program review) is still sitting open, a fresh engagement won’t move you. Close the old findings first. You’ll learn more from fixing ten than from discovering another hundred.
You can’t say what matters
A red team needs a goal, a threat hunt needs a hypothesis, a vCISO needs something to weigh against. If no one can name the crown jewels or say where they live, start there. Otherwise any of it becomes a guided tour of things you already half-knew, at consultant rates.
We’d rather lose your business honestly than win it on a test you didn’t need.
Know when to save your money.
One brochure site and a mailbox? An automated scanner and an afternoon of hygiene may genuinely be enough. Don’t buy a red team to test a front door with nothing behind it.
AI is the cool kid, and in the right places it genuinely saves money. If you’d rather just point it at everything and call that your testing, go for it. Really. We use AI ourselves, where it earns its keep, and there will always be experts behind it.
If a regulation prescribes an exact, narrow scope and that is honestly all you need this year, a commodity provider can stamp it. Just don’t confuse the stamp for safety. They are not the same document.
If any of that sounded like you, good.
Then keep your money. We’d rather you spent nothing than spent it on a test you didn’t need. The door’s open whenever that changes.