Test Your Defenses Before Someone Else Does

Penetration Testing

We simulate real-world cyberattacks to identify and help fix security gaps—before malicious actors exploit them. Our penetration testing process follows industry-recognized best practices, providing your team with actionable insight and peace of mind.

Why Filament?

  • Nonprofit Costing: Get expert support at a lower cost from a fellow nonprofit.
  • Flexible Engagements: Schedules that fit your needs and timelines.
  • Experienced Professionals: Benefit from our team’s years of experience and industry certifications.

Our Penetration Testing Process

Our testing follows a proven methodology modeled on real-world attacker behavior. Each phase is designed to simulate how a threat actor would identify, exploit, and escalate access within your environment.

1. Pre-Engagement & Scoping
We define the rules of engagement, testing boundaries, authorization, and success criteria to ensure the assessment is safe, focused, and aligned with your goals.

2. Reconnaissance (Information Gathering)
We collect data about your environment using passive and active techniques to understand the attack surface, network topology, and publicly exposed assets.

3. Threat Modeling & Vulnerability Analysis
We analyze discovered assets for misconfigurations, weak credentials, outdated software, and exploitable services using both automated scanning and manual techniques.

4. Exploitation
We attempt to exploit the identified vulnerabilities to determine their real-world impact—such as unauthorized access, privilege escalation, or data exposure.

5. Post-Exploitation
We evaluate how far an attacker could pivot inside your environment after an initial breach, such as accessing sensitive files, impersonating users, or exfiltrating data.

6. Reporting & Debrief
You’ll receive a detailed, actionable report that includes:

  • Executive summary
  • Technical findings with risk ratings
  • Screenshots and proof-of-concept examples
  • Step-by-step remediation guidance

Optional debrief sessions are available to walk through the findings with your team.

 

Types of Penetration Testing

We offer multiple penetration testing options depending on your goals and environment:

External Network Testing
Identify risks from the internet-facing portions of your network, such as firewalls, VPNs, and exposed services.

Internal Network Testing
Simulate a compromised workstation or malicious insider to evaluate your internal security posture.

Web Application Testing
Find vulnerabilities like SQL injection, cross-site scripting, broken authentication, and more across your websites and apps.

Wireless Testing
Evaluate your wireless networks for configuration weaknesses, encryption flaws, or rogue access points.

Social Engineering (Optional)
Test your staff’s readiness with phishing, pretexting, or other simulated human-layer attacks.

Meet the Team

Art Provost

Art Provost

Art, with 30 years of experience in Information Security across diverse roles, joined Filament in 2011 and holds multiple certifications, including CISSP, GSEC, GPEN, GWAPT, and CISM.

Tyler Malcom

Tyler Malcom

Tyler, who joined Filament in 2022, has a strong background in cyber defense and offensive operations from his time in the US Navy and holds CISSP and GSEC certifications.

Keri Kunkle

Keri Kunkle

Keri, who joined Filament in 2023, is a seasoned cybersecurity professional with experience in the US Marine Corps and Department of Defense, holding multiple certifications and advanced degrees in cybersecurity.

Learn More About Our Experts

Expert Help is On the Way

Schedule a Free Discovery Call

Explore your organization’s future with a quick conversation with Filament Information Security services.

Contact us today to learn more about how we can help you achieve your security goals.