Dear Mr. Vetter, how would you describe Pentest Factory GmbH in 3 quick-witted words?
Transparent, High-quality, Honest
Please introduce yourself briefly and tell us something about your background.
Pentest Factory GmbH is a consulting firm specializing in penetration testing. The company is a subsidiary of tacticx GmbH (ISO 27001 certified) and was founded in early 2019. Our work focuses on identifying vulnerabilities in IT environments. Our goal is to verify the effectiveness of internal security policies and measures in companies.
What distinguishes Pentest Factory GmbH from other providers?
We are an ISO 27001-certified company specializing in penetration testing and security analysis. Our services are provided by our own qualified employees, all of whom have OSCP certification as a minimum requirement. The field of penetration testing is a very complex topic. For this reason, we work with transparent prices and packages and billing based on the maximum principle. Honesty is another important aspect of how we work. We only take on projects in which we have expert knowledge, because the security of your company is our top priority.
How does Pentest Factory GmbH help other companies?
Our main task is to identify security vulnerabilities and misconfigurations. We also advise companies on improving their IT security and implementing targeted measures. Only by identifying and remedying these vulnerabilities can a company be effectively protected against external threats.
What do you see differently from prevailing opinions in the field of cyber security?
For us, long-term cooperation with a customer is paramount. This can only be achieved through high quality and satisfaction. In this context, we focus on the relevance of an order rather than the amount of revenue. We place high demands on our team. For example, OSCP certification is a minimum requirement, and annual training is mandatory for all pentesters. The field of security analysis is a very complex and critical topic. For this reason, transparency is an important aspect of our daily work, as it builds trust. In a kick-off meeting, we discuss our approach in detail and answer questions. But this also includes a transparent presentation of our prices. Our web configurator allows you to generate a specific price for individual service packages at any time.
What’s next – what’s on your technical roadmap, what are your plans for 2025 and beyond?
Our goal for this year is to expand our pentesting team so that we can carry out assignments even more effectively and efficiently. In addition, we want to expand and deepen our expertise and services in the areas of LLM/AI and red/purple teaming in order to meet current requirements and challenges.
How does Pentest Factory differ from traditional pentest service providers?If you could send an email to all CISOs to address a security issue, what would you choose?
Dear CISOs around the world,
You can only protect what you know about. A complete and continuous inventory of all assets is the basis—because undiscovered systems remain unprotected.
Equally crucial: consistent patch management to close known vulnerabilities in a timely manner. Reduce your attack surface by only exposing systems and services that are absolutely necessary.
Transparency, timeliness, and minimization are the most effective building blocks of any security strategy.
How does Pentest Factory differ from traditional pentest service providers?
We offer maximum transparency—from price estimates via our pentest web configurator to clear billing based on the maximum principle. This means that customers always know what costs and services they can expect. We also guarantee that every project is carried out exclusively by highly qualified pentesters with at least OSCP certification.
How does Pentest Factory ensure that customers benefit in the long term and don’t just receive a report in the short term?
We don’t see penetration testing as a one-off project, but as an ongoing process. That’s why we focus on long-term collaboration: from analyzing and prioritizing vulnerabilities to helping fix them and retesting. Our goal is to make a measurable contribution to improving security, not just listing vulnerabilities.
How do you ensure that the quality of your pentests goes beyond mere technical implementation?
We attach great importance to comprehensible and actionable reports. Each technical finding is accompanied by a clear risk assessment, prioritization, and practical recommendations for action. In this way, we ensure that vulnerabilities are not only documented, but that concrete improvements are also initiated.
What role does automation play in your projects, and how do you combine it with manual expertise?
We use automated scans to increase efficiency across the board, but the core of our work is and remains manual analysis by experienced pentesters. This is the only way to find complex attack chains and logical errors that tools cannot detect. The combination of automation and expert knowledge creates the best results for our customers.
What was the reason for founding the tacticx group, and what role does Pentest Factory play in it?
The tacticx group was founded to provide companies with comprehensive security and compliance support. While many providers only cover individual areas, tacticx brings together specialist companies with clear areas of focus: from technical penetration testing (Pentest Factory GmbH) to data protection and information security consulting (tacticx Consulting GmbH) to secure software development lifecycle, software development, and CI/CD security (tacticx Development GmbH). This enables us to provide comprehensive support to our customers – from strategic consulting and secure software development to the practical implementation of technical security tests.
Pentest Factory is part of the Provider Directory
