Financial services
FFIEC, PCI DSS, SOC 2 — banks, fintech, insurers, advisors.
Offensive security · Est. 2014
Security built like infrastructure, done right.
Manual-first penetration testing, advisory, and governance for organizations that need to know what an attacker would actually find. Every engagement ships with a fix path — not a heat map.
- 1,250+ Vulnerabilities confirmed
- 200+ Engagements delivered
- < 24h Median critical response
- 15 Industries served
73%
Of engagements surface at least one critical finding scans missed.
Rolling 12-mo · Cybullet engagements 94%
Remediation rate within 30 days when our report lands with engineering.
Client self-reported · FY25 $4.88M
Global average cost of a breach in 2024 — and rising year over year.
IBM Cost of a Data Breach 17yr
Median operator tenure. No juniors shipped under a senior's name.
Internal staffing data Methodology
Six phases. Same way, every engagement.
Click a phase to see what actually happens during it. No matter the scope, every engagement follows the same disciplined arc — so nothing slips.
PHASE · 01/06
Scope & Authorize
We define the engagement boundary precisely before testing starts — in-scope assets, out-of-bounds targets, testing windows, and emergency-stop procedures.
- Written authorization letters exchanged before any packet leaves our infrastructure
- Signal / Slack channel established for real-time findings during the engagement
- Explicit rules of engagement reviewed with legal, IT, and business stakeholders
Completion 16%
What we do
Six disciplines, one operating model.
From one-off pentests to ongoing advisory — pick the depth that matches your maturity. Every engagement, same senior operators, same deliverable quality.
- 01 · Pentest
External Network Penetration Testing
Internet-facing penetration testing — we attack your perimeter the way real threat actors do. Find what's exposed before they do.
Read more - 02 · Pentest
Internal Network Penetration Testing
Manual internal network penetration testing that simulates a breached attacker — finding the lateral-movement paths your scanners miss.
Read more - 03 · Pentest
Web & Mobile Application Penetration Testing
Manual application penetration testing — we find the business-logic flaws and authentication bypasses scanners can't see in your web and mobile apps.
Read more - 04 · Pentest
Wireless Network Penetration Testing
Manual wireless penetration testing — we find rogue APs, weak encryption, and the Wi-Fi attack paths that turn an attacker in your parking lot into a network insider.
Read more - 05 · Pentest
Internal Network Segmentation Testing
Validate your network segmentation works the way you think it does. We test the boundaries between zones, VLANs, and trust domains the way an attacker would.
Read more - 06 · Assessment
Email Phishing & Social Engineering Testing
Realistic phishing and social engineering campaigns that measure your real human attack surface — and the training that actually moves the needle.
Read more
Case study · anonymized · fintech · 2025
Three vendors said "passed." We found a path to production in 11 days.
A Series C payments platform had cleared two external pentests and a SOC 2 Type II audit. Their board asked for one more look before launching a new treasury product.
Eleven days into our engagement, we chained an overlooked OAuth misconfiguration, a stale internal subdomain, and an exposed staging database into full read access on production customer records. Every step mapped to a fix path their team shipped in the next sprint.
N 40°42' · W 74°00' · engagement#24-F9
CyberBullet told us things our last three vendors missed. The engagement felt less like an audit and more like a second engineering team — one whose full-time job is to find the cracks before someone else does.
Industries
Regulated. Adversary-targeted.
We work with organizations where a bad security outcome is a regulatory event, a contract loss, or a patient-safety incident. That shapes how we write the report.
Healthcare
HIPAA, HITECH — hospitals, clinics, payors, health-tech platforms.
Legal & professional
Client confidentiality, privilege, matter-level data controls.
Public sector & education
CJIS, FERPA — state, municipal, higher-ed, K-12 districts.
Manufacturing & OT
IT/OT segmentation, CIS for ICS, Purdue model realities.
SaaS & technology
SOC 2 Type II, bespoke threat models, customer-facing reports.
Energy & utilities
NERC CIP, operational technology, vendor risk at the edge.
Retail & hospitality
PCI DSS 4.0, in-store network segmentation, franchise risk.
Frameworks & credentials
The regulators that drive your calendar. The certs that back our work.
Our engagements map cleanly to the frameworks auditors actually check — and our operators carry the certifications those auditors recognize.
SOC 2 Type II Aligned
HIPAA Technical Assessor
PCI DSS 4.0 Practitioner
NIST CSF 2.0 / 800-53
CIS Controls v8
ISO 27001 / 27002
OSCP Offensive Security
OSWE Web Expert
CISSP (ISC)²
GPEN GIAC Pentest
GWAPT Web App Pentest
CRTP AD Red Team
From the field
Field notes, methodology, real adversaries.
Field notes from real engagements, plus the regulatory and methodology shifts that matter to security leadership.
Vulnerability Scans vs. Penetration Tests: Automated Checks or Real Hacker Showdown?
A vulnerability scan finds known weaknesses. A penetration test finds the path an attacker would actually take. When you need each — and why.
Read article →
BEYOND COMPLIANCE: The Indispensable Role of Real-World Penetration Testing in 2026
A clean compliance checkbox doesn't stop a real attacker. Why manual-first penetration testing is the only honest measure of your defenses in 2026.
Read article →
Why Schools Need Penetration Testing: Guarding the Future Against Digital Predators
K-12 districts have become a top ransomware target. What a school-grade penetration test covers — and how to scope it without disrupting learning.
Read article → Start here
See what an attacker would see — before they do.
A 30-minute call, no slide deck required. We'll talk through your environment and recommend the right starting engagement.
- Senior operator on the call, not a sales engineer
- Scope + fixed-price proposal inside 5 business days
- NDA available before any environment detail is shared