About CyberGuards

You need a pentest that holds up in front of customers, auditors, and your board. Here is who does it.

CyberGuards is a small penetration-testing team based in San Francisco — hands-on offensive testing for teams who need a credible answer when a security review, audit deadline, or board question forces the issue.

Get a straight answer
Senior-led, certified:
OSCPOSWEGPENGXPNCRTOCCSPCISSPCREST CRTOSCPOSWEGPENGXPNCRTOCCSPCISSPCREST CRT
Why we exist

Most pentest reports are written for filing, not fixing.

The engineering teams we worked with shared the same complaint: a thick PDF, generic CVE descriptions, and no clear path from finding to fix. The version that actually worked — a senior tester end-to-end, a working proof per finding, a paste-ready remediation, and a retest of reported findings — was hard to buy.

We built CyberGuards to be that version. Same hands-on penetration testing. Different deliverable, different retest cost — nothing extra.

How the team evolved

Capabilities added in the order customers asked for them.

  1. Founded

    A small offensive-security team in San Francisco

    CyberGuards started as a group of senior penetration testers tired of engagements scoped by sales and executed by junior staff. First engagements were web application and API tests for SaaS teams — the engagement model (senior testers, paste-ready findings, retest included) is unchanged.

  2. Cloud

    Added cloud-configuration testing as customers moved to AWS, Azure, and GCP

    When production shifted to cloud accounts, the highest-impact findings moved to IAM trust paths and configuration drift. We built explicit cloud-account scope and CIS-aligned reporting.

  3. Compliance

    Tuned reporting for SOC 2, ISO 27001, PCI DSS, and HIPAA

    We added control mapping to every report and built compliance-pentest scope so audit field work is shorter and cleaner.

  4. AI features

    Added AI security testing for teams shipping LLM-backed product

    When customers started shipping chat, RAG, and tool-use features, the prompt and retrieval became part of the attack surface. We added AI security testing aligned to OWASP Top 10 for LLM Applications and the NIST AI Risk Management Framework.

  5. Continuous

    Vulnerability scanning with human triage between annual pentests

    Continuous coverage without drowning the team in scanner output. Only real, prioritized findings reach the engineering tracker.

Specific engagement counts and customer names are kept in confidence. References available after the scoping call.

How we work

Four principles, applied to every engagement.

A senior tester leads every engagement

The person on the scoping call leads the testing. Engagements run in-house — no subcontracting to third parties.

Plain language in every deliverable

Findings are written so an engineer can act on them, an auditor can map them, and a board member can understand them.

Retest of reported findings, included

After you fix the items in the report we retest them and update the report — included in scope.

No unauthorized testing, ever

All testing happens under signed scope. We decline engagements where rules of engagement cannot be agreed up front.

Want to talk to the people who would test you?

The scoping call is the same person who runs the engagement — quick, no slides.

Get a straight answer
From a recent client

Customer quote

“The senior tester we met on the scoping call is the same person who ran the engagement and answered our engineers on the live channel. Every finding came with a working proof and a remediation our team could paste into a ticket.”

VP of Engineering · Mid-market SaaS
Credentials

Certifications across the team.

Practical, hands-on certifications — earned at a keyboard, not in a multiple-choice exam.

  • OSCP

    Offensive Security Certified Professional

  • OSWE

    Offensive Security Web Expert

  • GPEN

    GIAC Penetration Tester

  • GXPN

    GIAC Exploit Researcher and Advanced Penetration Tester

  • CRTO

    Certified Red Team Operator

  • CCSP

    Certified Cloud Security Professional

  • CISSP

    Certified Information Systems Security Professional

  • CREST CRT

    CREST Registered Penetration Tester

Frameworks we test against

Boring, well-defined, and what auditors expect.

  • OWASP Testing Guide
  • OWASP ASVS
  • OWASP API Security Top 10
  • OWASP Top 10 for LLM Applications
  • MITRE ATT&CK
  • NIST SP 800-115
  • PTES
  • CIS Benchmarks
FAQ

About us — common questions

How big is the team?

Small and senior by design. Each engagement is staffed around one or two senior testers — the person on the scoping call leads the work. Engagements run in-house, no subcontracting.

Do you work remotely or on-site?

Both. We are based in San Francisco and most testing is remote. On-site engagements are available for internal network testing, physical scope, or sensitive environments.

Are you hiring?

Occasionally. If you have a strong offensive security background and the certifications to back it up, send a note to [email protected] with a writeup or two.

How do you handle sensitive findings?

Findings are encrypted in transit and at rest, retained only for the agreed retention window, and never disclosed to third parties without written authorization.

Want to talk to the people who would test you?

The scoping call is the same person who runs the engagement. Quick — no slides, no pitch.

Get a straight answer