About Us / FAQ
Frequently Asked Questions
Answers to the most common questions from enterprise security and procurement teams.
Engagement Questions
Common Questions
How long does a penetration test typically take?
+
Timelines vary by scope. A focused external pentest can be completed in 5–7 business days. A full red team engagement typically runs 3–6 weeks. Compliance-driven assessments are scoped based on your specific requirements. We provide a detailed project timeline in every Statement of Work.
What makes a red team engagement different from a pentest?
+
A penetration test is comprehensive and systematic — we're trying to find all vulnerabilities within a defined scope. A red team engagement simulates a real, targeted threat actor operating stealthily toward a specific objective while remaining undetected. Red team tests your detection and response capabilities as much as your technical defences.
Do you sign NDAs before initial discussions?
+
Absolutely. We're happy to sign a mutual NDA before any sensitive discussions begin. All initial consultations are treated as confidential regardless of whether an NDA is in place.
What deliverables do we receive after an engagement?
+
Every engagement includes: a full technical report with reproduction steps and remediation guidance; an executive summary with business risk narrative for leadership and board; a live debrief call walking through all findings; and remediation support; and retest services available as an additional engagement at a separate fee to verify remediations have been correctly implemented.
How is the engagement scoped and priced?
+
We scope based on your environment size, number of targets, test type, and compliance requirements. Pricing is transparent — we provide a fixed-fee proposal after an initial discovery call so there are no surprises. Engagements are never billed on a time-and-materials basis.
Can you test our production environment safely?
+
Yes — safely operating in production environments is a core competency. We define detailed rules of engagement before every engagement, including out-of-scope systems, fragile systems to treat carefully, and emergency stop procedures.
Do you provide retesting after remediation?
+
Yes. Retesting is available as an additional service engagement at a separate fee. Once you have completed your remediation work, we can perform a targeted retest to verify that findings have been correctly resolved and that the same or similar attack paths are no longer viable. Contact us to scope a retest engagement.
Do you work with organisations that have never had a pentest?
+
Yes, and we particularly enjoy helping organisations build a security testing programme from scratch. We'll guide you through scoping your first engagement and creating a roadmap for ongoing testing.
Still Have Questions?
Talk to Arturs Directly
Every question deserves a direct answer from the practitioner who'll be running your engagement — not a sales rep.
Response Policy
All inquiries are treated as confidential. We respond to every message within one business day. For urgent incident response needs, mark your subject line "URGENT".