Category: Whitepaper Expansion
-
Satine Sentinel: November 28, 2025
This week we’re introducing a new blog series: Satine Sentinel, our weekly analysis of cyber incidents that matter. Every week, we’ll analyze 3-5 significant attacks, breaking down what happened, how the attack worked, and why defenders should care. You’ll get technical details from an offensive operator’s perspective, not vendor marketing or surface-level reporting. For particularly
-
Building Red Team Capability: Partner or Build In-House?
TLDR Building in-house red team capability requires 2-3 operators at $150K-$250K+ each, plus training, tools, and retention challenges. External partnerships cost $50K-$150K per engagement with no overhead but less institutional knowledge. The decision hinges on three factors: engagement frequency (8-12+ annually favors in-house), specialization needs (breadth favors partnership), and your ability to retain talent. Most
-
Pre-Acquisition Security Posture: Questions Every PE Firm Should Ask
TLDR Spirit AeroSystems saved $230M by discovering security problems before closing their ASCO Industries acquisition. Most PE firms aren’t that lucky. Standard compliance questions miss the technical vulnerabilities that destroy portfolio value post-acquisition. Here are the six questions that reveal whether you’re buying defensible infrastructure or expensive security debt, and how the answers should inform
-
White-Label Security Testing: What MSPs Need from Offensive Partners
TLDR Most MSPs evaluate offensive security partners using the wrong criteria. Certifications and compliance checkboxes don’t predict delivery quality. Real partnership depends on technical depth, communication clarity, and operational experience that only shows up under pressure. We’ve also included a quick reference guide with our top 15 questions for Your First Partner Conversation below. The
-
M&A Technical Diligence: Finding the Vulnerabilities That Kill Deals
TLDR Traditional M&A technical diligence checks compliance boxes but misses exploitable vulnerabilities that affect valuation. Offensive security assessment reveals the actual attack surface: exposed APIs, credential mismanagement, shadow infrastructure, and architectural debt that creates material risk post-acquisition. PE firms that incorporate this assessment into diligence negotiate better terms and avoid expensive post-close surprises. Introduction: The
-
Security Partnerships: How to Evaluate Offensive Cyber Capabilities
TLDR Certifications and client lists don’t predict offensive cyber partner performance. What matters: methodology depth, ability to scope complex environments, custom exploitation capability beyond automated tools, and team backgrounds that show genuine offensive operations experience. This guide provides evaluation criteria that reveal actual capability before you discover problems mid-engagement. Introduction You discover partnership problems in
-
DevSecOps Culture Change: Lessons from DoD Transformations
The Department of Defense’s shift toward DevSecOps represents more than just a technical evolution—it requires a fundamental cultural transformation across the defense industrial base. While tools and automation are essential components of this journey, our experience supporting numerous DOD contractors has consistently shown that cultural change is the true foundation of successful DevSecOps adoption. As