NetSPI

NetSPI’s stated purpose is to secure the most trusted brands on Earth. The company’s mission is centered on delivering proactive security solutions that enable clients to protect their most important assets. NetSPI aims to lead the proactive security category by combining expert-led services with advanced technology to discover, prioritize, and remediate security vulnerabilities. This approach is designed to provide clients with clarity, speed, and scale in managing their cybersecurity efforts.

The company’s core goal is to move beyond traditional, compliance-driven penetration testing to a more continuous and strategic model. NetSPI offers a suite of services, including Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS), all integrated into its unified “NetSPI Platform”. This platform is designed to provide a holistic view of an organization’s risk profile and streamline the process of identifying and addressing critical vulnerabilities. NetSPI has established a strong market reputation, being trusted by numerous top-tier companies in banking, healthcare, and technology. Clients often praise the technical expertise of NetSPI’s team and the usability of its platform, highlighting the company’s role as an extension of their own security teams.

Offerings, Capabilities, and Integrations

NetSPI provides proactive security solutions that combine expert-led services with a technology platform to help organizations manage their threat exposure. The company’s approach integrates dedicated security professionals, intelligent processes, and advanced technology to identify and remediate significant security vulnerabilities. This combination of human intelligence and technological automation provides a competitive edge by delivering clearer, faster, and more scalable cybersecurity outcomes. NetSPI’s offerings are built to integrate with a client’s existing technology stack, including ticketing systems, CMDBs, and vulnerability scanners, to streamline workflows and automate security processes.

Products and Services

NetSPI’s core offerings are consolidated within its flagship product, The NetSPI Platform. This unified platform is designed to support continuous threat exposure management by integrating the company’s primary services into a single interface. The platform provides telemetry and insights gathered from over 20,000 engagements performed by more than 250 global penetration testers.

• Penetration Testing as a Service (PTaaS): NetSPI performs in-depth, manual penetration testing on applications, networks, and cloud infrastructure to identify vulnerabilities. The PTaaS model offers continuous testing and reporting through the company’s platform, accelerating remediation.
• Attack Surface Management (ASM): This includes both External ASM (EASM) for monitoring internet-facing assets and Cyber Asset Attack Surface Management (CAASM) for internal asset visibility. The service helps organizations discover and prioritize risks across their entire IT estate.
• Breach and Attack Simulation (BAS): This service validates an organization’s security controls and defense readiness by simulating real-world attack scenarios.
• Red Teaming: NetSPI conducts simulated attacks to assess an organization’s detection, response, and recovery capabilities across its people, processes, and technology.
• Additional Services: The company also provides specialized services, including social engineering tests, threat modeling, cybersecurity maturity assessments, and security testing for mergers and acquisitions. A new offering includes LLM Benchmarking and Jailbreaking Services to test the security of applications using large language models.

Target Customers

NetSPI’s target customers are enterprise-level organizations, including many in highly regulated industries. Its client portfolio features nine of the top 10 U.S. banks, four of the top five major cloud providers, and numerous Fortune 500 companies. These organizations benefit from NetSPI’s proactive and comprehensive approach to security, which helps them manage complex environments and meet stringent compliance requirements like SOC 2. By using NetSPI’s unified platform, these customers can effectively discover, prioritize, and remediate critical vulnerabilities at scale, allowing them to better protect their assets and innovate with confidence.

Cloud Integrations and Marketplaces

NetSPI provides integrations with major cloud platforms to enhance its security services, and it has a presence on the AWS Marketplace.

• Amazon Web Services (AWS): NetSPI is available on the AWS Marketplace, offering its proactive security solutions to customers with existing AWS contracts. This simplifies the procurement process for services such as Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS). NetSPI’s platform integrates with AWS to provide visibility into cloud assets. This integration for Attack Surface Management (ASM) works by using the AssumeRole API to grant NetSPI’s ASM AWS account permissions to assume a role in the customer’s account, allowing it to identify exposures and cloud security vulnerabilities.
• Microsoft Azure: NetSPI’s Attack Surface Management (ASM) integrates with Microsoft Azure to identify a range of exposures and cloud security vulnerabilities. This is achieved by creating an app registration in the customer’s Azure environment with read-only permissions to query for information. While NetSPI offers extensive penetration testing services for Azure environments, it does not have a listed offering on the Microsoft Azure Marketplace.
• Google Cloud Platform (GCP): NetSPI’s Attack Surface Management (ASM) supports integration with Google Cloud Platform to expand its capabilities in identifying exposures and cloud security vulnerabilities. This integration is configured by creating a service account in the user’s GCP project with specific IAM permissions that allow NetSPI’s ASM to impersonate this account. NetSPI does not have a storefront on the Google Cloud Marketplace.

Key People

• President & Chief Executive Officer: Aaron Shilts
• Co-Founder & Chairman: Deke George
• Chief Operating Officer: Charles Horton
• Chief Financial Officer: Jay Golonka
• Chief Revenue Officer: Alex Jones
• Chief People Officer: Heather Crosley
• Chief Information Security Officer: Joe Evangelisto
• Chief Marketing Officer: Caroline Japic
• Chief Customer Officer: Bryan Wiese
• Field CISO: Nabil Hannan

Key Facts

• Headquarters Location: Minneapolis, Minnesota, United States.
• Number of Employees: Approximately 650-678.
• Annual Revenue: Estimated between $100 million and $500 million.
• Parent Company: None.
• Subsidiary Companies: Hubble Technology, nVisium, and Silent Break Security.
• Publicly Listed: No.

Analyst Recognition

NetSPI has been recognized by the following analyst groups:

• Gartner: NetSPI was named a Sample Vendor for Penetration Testing as a Service (PTaaS) in the 2022 Gartner Hype Cycle for Security Operations. The company is also recognized as a Sample Vendor in the Security Testing category for External Attack Surface Management (EASM). Gartner’s platform shows NetSPI has products in the markets for Adversarial Exposure Validation and Application Testing Services.
• Forrester: NetSPI is recognized as a notable vendor in the External Attack Surface Management (EASM) Landscape.

There is no information available to indicate that NetSPI is formally recognized by IDC or Everest Group in their respective market reports.