Ethical Hacking. PHOTO: Cybercrime Magazine.

10 Hot Ethical Hacking Companies To Watch In 2022

Penetration testing is a skillset and a mindset

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Apr. 4, 2022

“If you’re spending one dollar on cybersecurity and you’re not doing penetration testing, then you’re doing something terribly wrong,” says Seemant Sehgal, founder and CEO at BreachLock.

Why? “Because you don’t know if the defenses you’ve put in place are actually working,” adds Sehgal, an expert pen tester with more than 16 years of network security experience.

Penetration testing, also known as pentesting or ethical hacking, is the authorized simulation of cyberattacks on IoT devices, networks, software programs, users, and web applications, in order to evaluate the security of a system.

No matter how secure you might think a network is, you really don’t know until it’s been hacked. So you might as well call in the pentesting troops before the cybercriminals get to it.

Who’s a pentester?

“Hacking is not really a skillset, it’s a mindset,” says Sehgal. He offers up Kevin Mitnick, often referred to as the world’s most famous hacker, as a historical example given the practice of ethical intrusion dates to phreakers in the 1970s.

While today’s pentester may have earned a technical certification such as the CEH (certified ethical hacker), they must also possess a knack for cat and mouse play and advanced social engineering skills.

“Cybersecurity can be a very crowded market,” notes Sehgal, and that definitely goes for pentesting. He explains three types of companies: technology centric or automated vulnerability scanning; bug bounty or crowdsourced services; boutique firms selling man hours.

Hot Pentesting Companies

Who’s who in the penetration testing space? Here’s 10 hot companies the editors at Cybercrime Magazine are watching in 2020, and you should too.

  • BreachLock, New York, N.Y. Penetration Testing as a Service powered by certified hackers and artificial intelligence. comprehensive, continuous pentesting and vulnerability scanning with actionable results for your public cloud, applications, or networks.
  • Bugcrowd, San Francisco, Calif. Crowdsourced security offers a new solution for retaining, matching, and deploying pen test talent to fill the gaps created by an increasingly resource-constrained market. Rapid provisioning, and high quality, immediately actionable insights for compliance-based pentesting.
  • CrowdStrike, Sunnyvale, Calif. Penetration Testing Services simulate real-world attacks on different components of your IT environment to test the detection and response capabilities of your people, processes and technology and identify where vulnerabilities exist in your environment.
  • HackerOne, San Francisco, Calif. Redefine the way you respond to vendor security assessments and compliance needs with hacker-powered security. A creative, community-led approach to pentests to give you more coverage, instant results, and seamless remediation workflows all in one platform.
  • ImmuniWeb, Geneva, Switzerland. On-Demand delivers scalable, rapid and DevSecOps-enabled web application penetration testing with tailored remediation guidelines and zero false-positives SLA. It leverages award-winning AI technology to augment, intensify and accelerate web app pen testing.
  • Mitnick Security, Las Vegas, Nev. Improve your security posture with the ultimate in security services, penetration testing. Alongside a team of whitehat hackers, Kevin Mitnick will work with you to plan a customized attack, execute the hack, and provide prioritized recommendations for moving forward.
  • Offensive Security, New York, N.Y. Labs designed to allow security and IT professionals to learn hacking techniques, sharpen their security and pentesting skills, and get a sense of the experience of being enrolled in OffSec’s sought-after certification programs.
  • Pentera, Petah Tikva, Israel. Evaluate your security readiness with the Pentera Automated Security Validation Platform to know your real security risk at any given moment. Test all cybersecurity layers across your attack surface — inside and out — by safely emulating attacks & prioritize patching with a risk-based remediation roadmap.
  • Raxis, Atlanta, Ga. Years of penetration testing and general mischief-making have taught us that there’s always a way in. We’ll find it — and help you keep the bad guys out. Raxis conducts more than 600 penetration tests a year, sometimes even to double check the work of our competitors.
  • Synack, Redwood City, Calif. Test the smart way with the right combination of human and artificial intelligence. The Synack Crowdsourced Security Testing Platform provides the industry’s most comprehensive, continuous penetration test with actionable results.

Cybercrime Magazine will be expanding our coverage of ethical hacking and this list in 2021.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Sponsored by BreachLock

Affordable, Smarter and Scalable Cyber Security Testing

BreachLock™ offers a SaaS platform that enables our clients to request and receive a comprehensive penetration test with a few clicks.

Our unique approach makes use of manual as well as automated vulnerability discovery methods aligned with industry best practices.

We execute in-depth manual penetration testing and provide you with both offline and online reports. We retest your fixes and certify you for executing a Penetration Test. This is followed up with monthly automated scanning delivered via the BreachLock platform. Throughout this process, you have access to the platform and our security experts who will help you find, fix, and prevent the next cyber breach.

BreachLock has offices in The Netherlands, London, New York City, and Wilmington, Del.