Provider selection

Background

Choosing a security provider is not just about price. Quality, methodology, and experience decide whether you get reliable results or just a polished PDF.
We explain transparently how we select providers and which criteria we use.

Approach

We evaluate providers using a clear, repeatable criteria model. We combine technical competence, process quality, and trust factors.
Our goal: reliable, realistic recommendations - not marketing promises.

Criteria we look at

1) Professional qualification

Certifications are a useful indicator, but not the only one. We look, for example, at:

  • Offensive: OSCP, OSCE/OSWE, GXPN, GPEN
  • Incident response: GCIH, GCFA, GREM
  • Management/GRC: CISSP, CISM, CRISC
  • Process/ISMS: ISO 27001 Lead Implementer / Lead Auditor
2) Methodology and execution
  • clear scoping process and documented rules of engagement
  • safe execution without unnecessary risk
  • clear reports with reproducible findings
3) Experience and specialization
  • relevant project experience (e.g., cloud, AD, web, OT)
  • specialization that fits your use case (e.g., red team vs. pentest)
4) Process quality and communication
  • structured coordination before, during, and after the engagement
  • clear points of contact and escalation paths
  • understandable results that are truly usable
5) Legal and compliance
  • NDA, data processing, privacy practices
  • secure handling of sensitive data and logs

Evidence and quality assurance

Where possible, we review:

  • sample reports (anonymized)
  • methodology descriptions
  • references or typical client profiles

We do not promise what we cannot verify. Quality beats quantity.

Independence and transparency

We accept no paid placements and do not sell rankings. A provider is not listed higher because they pay - but because they deliver.

Re-evaluation and freshness

Profiles are reviewed regularly. If quality, team, or methods change, we update the entry or remove the provider.

Responsibilities

We help with orientation and pre-selection - the final decision remains with you. This page does not replace individual due diligence or legal advice.

Next step

Contact

If you need help with selection, we are happy to assist - neutral, structured, and without sales pressure.

Related pages