Service 09

Fully Bespoke Security Engagements

Standard penetration testing frameworks are designed for common scenarios. They work well for most organisations — but not every organisation is standard. When you operate unique technology stacks, cross unusual regulatory boundaries, face specific adversarial scenarios, or are in the middle of a transaction that depends on accurate security intelligence, a generic test produces generic results.

Custom tailored engagements at Cyber Security Pentesting Inc. begin with a discovery conversation, not a checkbox questionnaire. Principal consultant Arturs Stay — CREST-certified, OSCP/OSEP, 15 years in offensive security — works directly with your technical and leadership teams to understand what you are actually trying to answer, then builds a methodology that answers it. No scope padding. No findings that do not apply to your risk profile. Every engagement is principal-led from scoping call to final debrief.

Client-Defined Scope Bespoke Methodology Threat Modelling Due Diligence Custom Objectives OT / IoT / SCADA Non-Standard Compliance Emerging Technology

Fit Criteria

When to Choose a Custom Engagement

These are the situations where bespoke methodology consistently outperforms standard service templates.

Unique Technology Stacks

IoT device ecosystems, SCADA and industrial control systems, proprietary communication protocols, embedded firmware, and hardware-level attack surfaces that standard pentest methodologies do not cover. We assess the actual attack paths an adversary would use against your specific technology — not a generic checklist applied to something it was never designed for.

Pre-Acquisition Due Diligence

M&A security assessments that give acquirers an accurate picture of inherited cyber risk before a transaction closes. We identify material vulnerabilities, technical debt in security controls, regulatory exposure, and hidden attack surface — delivering findings in formats suitable for deal teams, legal counsel, and board-level risk committees.

Bespoke Threat Models

Industry-specific adversarial scenarios built around your actual threat actors — not generic MITRE coverage. Financial services facing nation-state APTs, healthcare organisations defending against ransomware groups targeting patient data, critical infrastructure operators facing destructive attacks. We map your real threat landscape and test against it specifically.

Scenario-Based Testing

Insider threat simulations, supply chain compromise scenarios, ransomware deployment rehearsals, or specific incident-driven re-testing. If you need to answer a precise question — "Could a malicious contractor reach our financial data?" or "Could a compromised vendor update pivot into our production environment?" — we structure the engagement to answer exactly that.

Non-Standard Compliance Requirements

Sector-specific regulatory frameworks — NERC CIP, FISMA, FedRAMP, DORA, NIS2, provincial privacy legislation, defence supply chain requirements — that demand testing approaches beyond generic PCI or SOC 2 templates. We design assessments aligned to your actual compliance obligations and produce evidence packages your auditors will accept.

Emerging Technology Assessment

Newly deployed AI/ML infrastructure, blockchain-based systems, quantum-safe cryptography transitions, next-generation identity platforms, or any technology your organisation has adopted before the security community has built standard assessment frameworks around it. We approach emerging technology with first-principles offensive thinking rather than outdated checklists.

Process

How It Works

Every custom engagement follows a structured discovery-to-delivery process that keeps your objectives at the centre of every decision.

Scoping & Discovery

A working session with your technical and business stakeholders to understand the environment, objectives, constraints, and the specific questions the engagement needs to answer. We challenge vague objectives and sharpen them into testable hypotheses before any work begins.

Threat Modelling

We map your relevant threat actors, their known TTPs, and your specific attack surface. This determines which attack scenarios are in scope, what a realistic adversary would actually target, and what the meaningful success criteria look like for your risk profile.

Custom Methodology Design

A written methodology document delivered before execution begins. It defines the attack scenarios, tooling, escalation points, communication protocols, and rules of engagement. You review and approve it. No surprises during testing.

Execution

Principal-led delivery — Arturs Stay conducts the assessment personally. Real-time communication throughout via an encrypted channel. Immediate notification for any critical findings. Full OPSEC discipline to avoid disrupting production systems unless explicitly scoped for disruption testing.

Reporting & Debrief

A structured report with executive summary, technical findings, attack narrative, evidence packages, and a prioritised remediation roadmap calibrated to your business context — not a generic CVSS-ordered list. Followed by a live debrief with your technical and leadership teams and a written Q&A follow-up period.

Real-World Applications

Example Scenarios

Custom engagements are shaped entirely by client context. These examples illustrate how bespoke methodology produces answers that standard tests cannot.

Fintech

Payment Platform with Custom API Integrations

A Toronto-based payments company had built a proprietary settlement layer connecting six banking partners via custom REST and message-queue APIs. Standard web application testing would have missed the business logic flaws in cross-partner transaction flows. We scoped a bespoke assessment targeting the trust boundaries between integrations — uncovering a transaction replay vulnerability that allowed fund duplication across two partner rails, exploitable without authentication bypass.

Healthcare

Organisation with Connected Medical Devices

A regional health network was integrating connected infusion pumps and patient monitoring equipment into their clinical IT network. The attack surface spanned proprietary device firmware, the clinical network segment, and cloud telemetry pipelines. We assessed the full kill chain from device compromise through lateral movement into the EHR system — with testing windows designed around clinical operations to ensure zero patient impact.

SaaS / M&A

Pre-Acquisition Security Audit

A private equity firm acquiring a mid-market SaaS company needed technical due diligence before close. We assessed the target's external attack surface, internal infrastructure, cloud configuration, data handling practices, and security debt — delivering a risk-quantified findings package within a compressed deal timeline. The report surfaced three critical findings that were negotiated into escrow provisions before the transaction closed.

Manufacturing / OT

OT/IT Convergence Assessment

A Canadian manufacturer had connected its operational technology floor — PLCs, SCADA historian, HMI systems — to the corporate IT network to enable real-time production analytics. We assessed the segmentation controls between OT and IT, tested pivot paths from a compromised IT endpoint to the OT environment, and evaluated whether an attacker with IT credentials could reach process control systems. The engagement required coordination with plant operations to avoid triggering safety interlocks.

Client Control

What You Define

In a custom engagement, you control the parameters that matter. We advise on each — but the final decisions are yours.

Target Scope

Specific systems, applications, network segments, devices, or business processes. Narrow and precise, or broad and comprehensive — scoped to match your objectives, not a generic template.

Testing Depth

Targeted assessment of a defined attack scenario, or a full-depth engagement that follows every viable attack path. We advise on the trade-off between depth and timeline based on your risk priorities.

Success Criteria

What does a meaningful finding look like for your context? Compromise of a specific data store, demonstration of a particular lateral movement path, proof-of-concept for a board presentation — we test to the outcome that matters to you.

Rules of Engagement

Blackout windows, production-safe constraints, communication escalation paths, notification thresholds, and any systems or actions that are explicitly out of bounds. All documented and agreed before testing begins.

Timing & Duration

Testing windows aligned to your operational calendar — avoiding critical business periods, coordinating with change management, and accommodating transaction timelines or regulatory deadlines.

Reporting Format

Technical findings for your security team, executive summary for leadership, board-level risk presentation, or evidence packages formatted for auditors, legal counsel, or deal due diligence — we produce the deliverables you actually need.

Related Services

Other Engagement Types

If your requirements are closer to a defined service line, these engagements may be a better fit — or can be combined with a custom component.

Discuss Your Custom Engagement

Every custom engagement starts with a conversation. Tell us what you are trying to answer — we will tell you honestly whether a bespoke assessment is the right approach and what it would involve.

Start the Conversation →

Custom Tailored Pentest