The best way to test your defences is to attack them. Ethical hackers and red team operators identify vulnerabilities before malicious actors do. MVPeople Group delivers OSCP-certified pentesters and red team specialists who put your security to the test. Through MVProjects we also deliver project-based pentests and red team assessments.
Offensive security, also known as ethical hacking, is the discipline where security professionals use the same techniques and tools as malicious hackers, but with permission and the objective of identifying and remediating vulnerabilities. This encompasses penetration testing, red teaming, social engineering and vulnerability research.
In an era where cyberattacks are becoming increasingly sophisticated, it is not sufficient to rely solely on defensive measures. Organisations must actively test their security to uncover weak points. A pentest reveals technical vulnerabilities, whilst a red team assessment tests the entire defence chain: technology, processes and people.
Regulation underscores the importance of offensive security. NIS2 requires organisations to regularly test their security measures. DORA mandates Threat-Led Penetration Testing (TLPT) for significant financial institutions. ISO 27001 requires periodic technical vulnerability analyses. Without structural pentesting, compliance with these frameworks is not achievable.
The Dutch market for pentesters is highly competitive. Experienced ethical hackers with certifications such as OSCP, OSCE or OSEP are scarce and in high demand. MVPeople Group distinguishes itself through our in-depth network within the offensive security community and our ability to assess pentesters on actual technical skills, not just their CV.
Every organisation has a different attack surface. We deliver specialists for every type of security assessment.
Structured security test of web applications based on the OWASP Top 10 and OWASP ASVS. Identifies vulnerabilities such as SQL injection, XSS, authentication bypasses and business logic flaws.
Assessment of the security of your network infrastructure: servers, firewalls, Active Directory, network segmentation and patch management. Both external (from the internet) and internal (from within the network).
Security test of iOS and Android applications. Examines local data storage, API communication, authentication, certificate pinning and reverse engineering vulnerabilities.
Assessment of wireless networks and IoT devices. Tests WiFi configurations, Bluetooth security and the security posture of connected devices within your network.
Realistic attack simulation where a team of offensive security specialists attacks your organisation using the same techniques as real threat actors. Tests the entire defence chain: technical, human and process-based.
Tests the human factor in your security through phishing campaigns, vishing (telephone-based), physical access tests and pretexting. Provides insight into the security awareness of your employees.
Organisations hire pentesters in various scenarios. On a project basis through MVProjects for one-off or periodic pentests, or on an interim basis through MVPeople when you want to integrate a pentester into your team for a longer period.
Typical occasions to hire a pentester include: before the launch of a new application or platform, after significant changes to the infrastructure, as part of a compliance programme (NIS2, DORA, PCI DSS), after a security incident to determine the full scope, or structurally as part of your security programme.
Launch of new applications or platforms
Annual or quarterly compliance pentests
Red team assessments to test detection capabilities
Bug bounty programme management and triage
Security code reviews and architecture assessments
Incident response and forensic investigation
Purple team exercises with the blue team
DORA Threat-Led Penetration Testing (TLPT)
Our pentesters and red team operators hold the most respected offensive security certifications.
A penetration test is a structured security test with a clearly defined scope (for example a web application or network segment) conducted within a bounded time period. The goal is to identify as many vulnerabilities as possible. A red team assessment is a realistic attack simulation without a predefined scope, where the team uses the same techniques as real attackers. The goal is to test the detection and response capabilities of the organisation.
The OSCP (Offensive Security Certified Professional) is the most recognised and respected certification for pentesters due to its practical examination. Other valuable certifications include OSCE (Offensive Security Certified Expert), OSWE (Web Expert), OSEP (Experienced Pentester), GPEN, GXPN, CEH and eLearnSecurity certifications (eCPPT, eWPT). For red teamers, CRTO and CRTP are relevant.
The frequency depends on the risk profile and applicable regulations. Generally it is recommended to conduct a pentest at least annually, and upon significant changes to infrastructure or applications. NIS2 and DORA set specific requirements for the frequency of security tests. Many organisations opt for a continuous pentest programme with quarterly or monthly tests.
Through our MVProjects service line we deliver pentesters and red team specialists for project-based assignments: from one-off penetration tests to ongoing security assessment programmes. Additionally, through MVPeople we deliver interim pentesters who join your internal security team for longer periods.
Rates for pentesters vary based on seniority, specialisation and type of assignment. A mid-level pentester has a different rate than a senior red team operator with OSCP/OSCE certifications. Project-based pentests are typically quoted on a fixed project price, whilst interim pentesters work on a day rate. Get in touch for a no-obligation indication.
We typically present suitable pentest profiles within 5 to 10 working days. For interim assignments a pentester can often start within 2 weeks. For project-based pentests we typically plan 2 to 4 weeks ahead, depending on the scope and complexity of the assignment.
Purple teaming is a collaborative approach where the red team (attackers) and blue team (defenders) work together to improve detection and response capabilities. Instead of an adversarial test, both teams work jointly on identifying detection gaps and developing improved detection rules. MVPeople Group delivers professionals for both red and purple team assignments.
You coordinate security assessments end-to-end, bridging clients, pentesters, and management. You blend project management with cybersecurity expertise to deliver impactful engagements on schedule.
From OSCP-certified pentesters to red team operators: we deliver the offensive security professionals who test your defences.
