Custom Tailored Pentest
When your environment, threat model, or objectives do not fit a standard service template, we build the engagement entirely around you. You define the targets, depth, and success criteria, we engineer the methodology to match.
Fully Bespoke Security Engagements
Standard penetration testing frameworks are designed for common scenarios. They work well for most organisations, but not every organisation is standard. When you operate unique technology stacks, cross unusual regulatory boundaries, face specific adversarial scenarios, or are in the middle of a transaction that depends on accurate security intelligence, a generic test produces generic results.
Custom tailored engagements at Cyber Security Pentesting Inc. begin with a discovery conversation, not a checkbox questionnaire. Principal consultant Arturs Stay, CREST-certified, OSCP/OSEP, 20+ years of enterprise technology and cybersecurity experience, works directly with your technical and leadership teams to understand what you are actually trying to answer, then builds a methodology that answers it. No scope padding. No findings that do not apply to your risk profile. Every engagement is principal-led from scoping call to final debrief.
When to Choose a Custom Engagement
These are the situations where bespoke methodology consistently outperforms standard service templates.
How It Works
Every custom engagement follows a structured discovery-to-delivery process that keeps your objectives at the centre of every decision.
Example Scenarios
Custom engagements are shaped entirely by client context. These examples illustrate how bespoke methodology produces answers that standard tests cannot.
What You Define
In a custom engagement, you control the parameters that matter. We advise on each, but the final decisions are yours.
Other Engagement Types
If your requirements are closer to a defined service line, these engagements may be a better fit, or can be combined with a custom component.
Every custom engagement starts with a conversation. Tell us what you are trying to answer, we will tell you honestly whether a bespoke assessment is the right approach and what it would involve.
Start the Conversation →Custom tailored penetration testing is bespoke offensive security assessment scoped entirely around your specific environment, threat model, and objectives, for situations that do not fit a standard engagement template. CSPI delivers custom engagements for non-standard targets: embedded devices and IoT, OT/SCADA estates, mobile applications, fintech payment rails, healthcare integrations (HL7, FHIR), automotive systems, blockchain protocols, M&A due diligence assessments, and threat-model-specific exercises. Engagement scoping, methodology, and deliverables are all designed around your objectives, you define what success looks like, we build the methodology around it. Principal-led by Arturs Stay (CREST CRPT, OSCP, OSEP, 20+ years of enterprise technology and cybersecurity experience). Output structured for whatever downstream consumer needs the evidence: regulator, board, auditor, customer security review, M&A counterparty.
Frequently Asked Questions
When is a custom engagement the right fit instead of a standard service?
Custom engagements suit environments that do not match the assumptions of a standard service offering. Examples include OT/IT environments where safety considerations override standard testing intensity, M&A due diligence with a fixed deadline and incomplete documentation, in-house or proprietary technology stacks that warrant deeper review than off-the-shelf methodology covers, multi-vendor environments where the attack surface crosses contract boundaries, and threat-model-driven engagements where the customer wants to validate against a specific adversary.
How is a custom engagement scoped and priced?
Scoping begins with a working session under NDA where we map the environment, the testing objective, the constraints (time, safety, regulatory), and the deliverables the customer needs. From that session we produce a written scope document with explicit in-scope and out-of-scope items, methodology, and an effort estimate. Pricing follows the effort estimate. We do not quote without scoping; scope-first pricing is how we keep the engagement honest.
Do you handle M&A and pre-acquisition security due diligence?
Yes. M&A diligence engagements have specific patterns: tight deadlines, limited environment access pre-close, and a report audience that includes deal teams rather than only security engineers. Coverage typically includes external attack surface review, identity and access assessment, cloud configuration review, and a critical-finding summary structured for inclusion in deal documentation.
Can you test OT/IT environments?
Yes within constraints. OT environments require explicit scoping around safety: which systems can be actively tested versus passively assessed, what intensity of testing is acceptable, and what coordination is required with operations. We treat OT engagements as design-first: the test plan is reviewed and signed off by both security and operations leadership before any testing begins, and disruption-risking techniques are out of scope unless explicitly authorised.
What deliverables come out of a custom engagement?
Deliverables match what the customer needs rather than a fixed template. Common patterns include an executive summary, a technical findings report with reproduction steps, a compliance mapping if relevant, an attack chain diagram, and architecture-level remediation guidance. For M&A engagements we also produce a deal-team brief structured for non-security audiences. For OT engagements we include operational safety considerations alongside security findings.
How long does a custom engagement typically take?
Three to six weeks of testing time is common, with reporting adding another week to ten days. Engagements that span multiple environment types (cloud + on-prem + OT, for example) or that include heavy reverse engineering can extend to eight to ten weeks. Scope-first pricing means the timeline is agreed before testing starts, not adjusted after.
Explore further
Prefer email? Send a scoping request and we will respond with next steps.