01 · Specialists
Senior testers, not junior staff with a tool.
Every engagement is led by a senior tester holding OSCP, CREST, or both. The methodology is informed by adversary TTPs your industry actually faces, not a generic checklist.
Solutions · Offensive Security Testing · Penetration Testing
Adversary-grade penetration testing by OSCP and CREST-certified offensive specialists. External, internal, web, mobile, API, and infrastructure engagements scoped to your real attack surface — with reports transparent enough that your team can replicate every finding using the same commands we ran.
Why Convergent for pen testing
Most pen test reports are unreadable, unreproducible, or both. Convergent's reports are designed so your team can audit every finding, replicate every method, and use the output as a real remediation roadmap — not just compliance evidence.
01 · Specialists
Every engagement is led by a senior tester holding OSCP, CREST, or both. The methodology is informed by adversary TTPs your industry actually faces, not a generic checklist.
02 · Transparency
Each finding includes the exact commands, payloads, and conditions that produced it. Your engineers can reproduce the result, validate the fix, and add it to their internal knowledge base.
03 · Continuity
Findings flow into your Sanctum environment with full evidence, remediation tracking, and history. The second engagement starts where the first ended, not from zero.
Engagement types
Most clients run a mix of these over a year. The right starting point depends on what is most exposed and what is most expensive to lose.
Type 01
Authenticated and unauthenticated testing of internet-facing and internal network infrastructure. Lateral movement, privilege escalation, persistence — the full adversary kill chain.
Type 02
Application-layer testing across web, mobile (iOS and Android), and API surfaces. Authentication, authorization, business logic, and the integration points where most real-world breaches start.
Type 03
AWS, Azure, GCP, and hybrid cloud security testing. Control plane, identity, network segmentation, and the misconfigurations that produce most real-world cloud incidents.
Type 04
Security testing for the attack surfaces that traditional penetration testing frameworks don’t adequately cover — embedded hardware, connected devices, and AI systems. As more clients deploy IoT environments and build AI-powered products, the testing methodology has to evolve with the threat surface.
Across four regulated sectors
Generic penetration testing misses what matters most. Every engagement Convergent runs is scoped against the actual attack surface of your industry — the tools your teams use, the regulations you answer to, and the threat actors who target organisations like yours.
Media & Entertainment
Cloud post-production API access controls and vendor trust boundaries
TPN-adjacent workflow integrations and shared credential paths
AI content tool endpoints — prompt injection and model API exposure
Remote collaboration platform auth and lateral movement paths
Financial Services
Trading and payment platform application logic and authorisation flaws
Client portal authentication and session management weaknesses
AI-assisted workflow systems — collections, communications, and case handling
GLBA and NYDFS 500 scoped attack surface validation
Public Sector
OT/IT convergence boundaries in utilities and public infrastructure
CJIS-adjacent credential paths and privilege escalation in government networks
Student information systems and FERPA-scoped data access controls
AI systems in benefits administration, enforcement analytics, and constituent services
Healthcare
Network-connected medical device authentication and unencrypted protocol traffic
EHR integration surfaces, HL7/FHIR API endpoints, and third-party clinical tools
AI diagnostic and documentation tool inputs, outputs, and model endpoint exposure
HIPAA-scoped access control validation and PHI pathway analysis
Frequently asked
Most engagements run 2 to 6 weeks depending on scope. A focused web application test is on the shorter end; a full external plus internal network engagement is on the longer end. Scoping calls produce a fixed-fee, fixed-duration proposal.
Senior testers hold OSCP, OSEP, CREST CRT, CREST CCT, or equivalents. Convergent is also a CREST-accredited testing firm.
Yes — every finding in the report includes the exact methods, commands, and conditions used to produce it, so your engineers can replicate the result and validate the fix.
Yes — Convergent's penetration testing is mapped to TPN+, NCBA CTS, NIST CSF, PCI DSS, and other frameworks. The report includes framework mapping alongside technical findings.
Fixed-fee per engagement, scoped against your specific attack surface. The scoping call is free and produces the proposal; no per-hour billing.
Ready when you are
The first conversation is with a senior offensive practitioner who can scope your engagement, answer technical questions, and tell you honestly what good looks like.