Skip to content
Home » How we work

How we work

“Corporations don’t do pentesting, people do”, our consultants have strong industry experience and expert technical ability. We couple this experience with a thorough methodical approach to provide clients with meaningful vulnerability identification.

Our flexible approach helps you gain an understanding of the issues in real time and mitigate critical findings swiftly. Daily debrief sessions to discuss findings and agree testing plans for the next day enable us to guide and amend complex engagements to deliver focused results that are great value to your business.


Whilst every pentest varies due to the scope and nature of the systems involved, penetration testing will follow our custom developed methodologies and checklists which have been designed to exceed recognised industry standards such as NIST, OSSTMM, OWASP and PTES.

We work in line with all industry good practice to deliver consistent results; ISO27001The Cyber SchemeOWASPMITRE ATT&CK

Whilst using a checklist provides comprehensive coverage, we are conscious that penetration testing is an iterative process. Therefore the consultant’s experience and intuition is vital in identifying more complex vulnerabilities. This is where RM Information Security’s human approach to technology is most evident.

How we work

Requirements Gathering

  • Scoping discussion
  • Proposal document
  • Technical walk through

Initiating the project

  • Project initiation
  • Authorisation to test
  • Confirming access credentials

Test phase

  • Testing methodology
  • Test data security
  • Issues and findings notification


  • Report production
  • CVSS risk rating
  • Audit / client facing reports


  • Data destruction
  • Consultation / debrief sessions
  • Retesting / fix testing

Penetration Testing Services

Get In Touch Today