Cybersecurity Expert Shares Red Flags from Deceptive Pentest Vendors

After 25 years in cybersecurity, the author of the post shares the red flags they have observed from pentest vendors who lie to their clients. They mention vendors who claim to have "fully certified" teams without being able to prove a single certification, pentest reports that are merely raw Nessus scans with a logo, and so-called "manual" tests with no actual manual intervention. The author also discusses fictitious teams, awards, and infrastructures, as well as threats of NDAs or legal action when someone exposes these practices.