PTAAS EXCHANGE
If you missed the PtaaS Exchange in person, join us virtually to learn how to improve your security program in 2023.

Frequently asked questions

For Business

For Pentesters

Professional Services

Q: What Professional Services does Cobalt offer? 

A: Professional Services are an extension of our core PtaaS platform offering which provides access to Cobalt security experts who act as an extension of your internal team. Our seasoned staff provides a full suite of services, listed below. You can learn more about Cobalt’s Professional Services or download a sharable brief.

  • Internet of Things Penetration Testing
  • Red Teaming / Assumed Breach Assessments
  • Security Hardening (Device, OS, Virtual environments, etc.).
  • Phishing Engagements
  • Physical Penetration Testing
  • Wireless Network Penetration Testing
  • Threat Modeling
  • Code Reviews
  • Pentest Program Management

Q: How are Cobalt's Professional Services priced?

A: Thanks to Cobalt’s flexible credit model you can apply the same credits that you use for your pentests towards Professional Services engagements. Your Customer Success Manager can help determine how many credits you will need for your desired engagements.

Q: Does Cobalt offer custom professional services?

A: Yes, we offer a wide range of offerings and customize our services to best fit your needs.

Q: Are debriefs or read outs included with professional services? 

A: Yes, a debrief call is included with Professional Service engagements once the customer has had a chance to review the findings.  Additionally, every ProServ engagement includes a kickoff call and dedicated Technical Project Manager.

Q: What certifications does the professional service consultant hold? 

A: GEPN, OSCP, GWAPT, GMOB, CEH, and more

Q: What framework is used for threat modeling? 

A: STRIDE

Q: What applications are used for threat modeling? 

A: OWASP Threat Dragon

Q: What framework is used for mimicking adversarial behavior? 

A: MITRE ATT&CK Framework

Q: Do you pivot to an assumed breach scenario after a set period of time during a red team engagement? 

A: Yes, this is highlighted in the scope of work. We recommend pivoting after around 5 days of effort to make the best use of time. 

Q: How does Cobalt approach IoT testing? 

A: We approach IoT testing from an entire ecosystem approach (Hardware and firmware, web app and API, network, mobile, and RF analysis) and use the findings from one area for further testing in other areas. 

Q: What industries does Cobalt have experience in for IoT testing?

A: Consumer, enterprise, medical, industrial, and transportation. The Cobalt team conducts IoT testing outside of these industries for most sectors other than government.

Q: When do companies that manufacture IoT devices typically conduct testing?

A: The first test is usually conducted prior to mass production of components within the product, such as the PCB. Additionally, most IoT devices are tested at least annually and any time there are updates to components of the ecosystem, such as modules on the board, or updates to the firmware.

Q: Are you able to perform pentesting on-site?

A: Yes, our team offers on-site pentesting services.