Transparency and accountability are the foundation of every engagement we deliver. This page outlines our certifications, methodologies, and data protection practices so you can evaluate Lorikeet Security as a partner with full confidence.
Our consultants hold industry-recognized certifications that validate deep technical expertise across offensive security, cloud environments, and ethical hacking disciplines.
The gold standard in hands-on penetration testing certification. Proves ability to identify vulnerabilities and execute controlled attacks against live systems under exam conditions.
Internationally recognized accreditation for penetration testing companies. Demonstrates adherence to the highest professional and ethical standards in security testing.
Certified Ethical Hacker credential covering reconnaissance, scanning, enumeration, system hacking, and social engineering techniques used by real-world attackers.
GIAC Penetration Tester certification validating expertise in network penetration testing methodologies, legal frameworks, and comprehensive exploitation techniques.
Foundational security certification covering threat analysis, risk management, cryptography, and identity management. Required baseline for all team members.
Validates deep expertise in securing AWS workloads, including IAM, data protection, infrastructure security, logging, monitoring, and incident response in cloud environments.
Every engagement follows established, repeatable frameworks. We do not rely on ad hoc testing or automated scanners alone.
The definitive resource for web application security testing. We follow the full WSTG checklist across authentication, authorization, session management, input validation, and business logic testing.
Application Security Verification Standard provides a structured set of security requirements at three assurance levels. We use ASVS to benchmark application security maturity against a defined standard.
Penetration Testing Execution Standard defines seven phases from pre-engagement through reporting. Our workflow follows PTES for consistent, thorough coverage across every engagement type.
Technical Guide to Information Security Testing and Assessment from the National Institute of Standards and Technology. Provides our foundation for network and infrastructure security testing procedures.
Globally recognized knowledge base of adversary tactics and techniques. We map red team and penetration testing findings to ATT&CK for clear visibility into detection coverage and gaps.
Prioritized set of cybersecurity best practices maintained by the Center for Internet Security. We reference CIS Controls for infrastructure hardening assessments and configuration reviews.
We help organizations achieve and maintain compliance across major regulatory and industry frameworks through targeted security testing.
Security firms should practice what they preach. Here is how we handle your data before, during, and after every engagement.
All project communications use end-to-end encryption. Findings, reports, and sensitive data are never transmitted over unencrypted channels. We use encrypted email, secure messaging, and our client portal for all deliverables.
All findings and client data are stored on infrastructure aligned with SOC 2 controls. Access is restricted by role, logged for audit purposes, and protected by multi-factor authentication at every layer.
Findings and engagement data are retained for 90 days after engagement completion, then securely deleted unless your contract specifies otherwise. You control how long we hold your data.
Mutual non-disclosure agreements are executed before any scoping work begins. Your environment details, findings, and business information are contractually protected from the first conversation.
Reports are delivered through our dedicated PTaaS platform with role-based access controls, audit logging, and encrypted storage. No reports sent as unprotected email attachments.
Every consultant undergoes thorough background screening before joining client engagements. We maintain a vetted team of professionals you can trust with access to your most sensitive systems.
We work alongside trusted audit and compliance automation firms to deliver end-to-end compliance solutions for our clients.
Our audit partner for SOC 2, ISO 27001, and HITRUST. When you need the pentest and the audit, we deliver both through a single coordinated engagement with Anchorpoint.
Licensed CPA firm handling SOC 1 and SOC 2 attestation reports. We run the pentest, they run the audit, and your evidence package is ready without the back-and-forth.
We push pentest findings and remediation status directly into Vanta so your compliance dashboard stays current. Available as an add-on with any of our packages.
Same integration, different platform. Pentest results flow into Drata as compliance evidence automatically. Pick whichever tool your team already uses.
Schedule a consultation to discuss your security needs. We will walk you through our process, answer your questions, and provide a detailed proposal.
Hi, I'm Lory! Need help finding the right service? Click to chat!
