Now open for engagements

Audit-ready penetration testing you can start in minutes.

Manual testing, transparent pricing, and a 2-minute self-serve checkout. Audit-ready external penetration tests aligned to PCI-DSS, SOC 2, NYDFS, HIPAA, and CMMC. Fully self-serve, no sales calls or quotes required.

Start Your Test Now View Sample Report
Senior-level penetration testing without the consulting overhead Start immediately after purchase No sales calls No hidden prices Audit-ready deliverables
Aligned to PCI-DSS SOC 2 NYDFS HIPAA CMMC Performed by a GPEN · GWAPT · GCPN · GCTI · GPCS · CISSP certified tester
15+
Years of penetration
testing experience
500+
Clients served across
major industry sectors
12
Active professional
certifications held
F500
Fortune 500 client track record
Why teams choose us

Built for teams that need results, not sales calls.

Our approach is designed for real security impact: fixed pricing, no sales calls, and testing designed to uncover the types of weaknesses real attackers exploit. This creates a faster and more transparent process. Your security team receives findings and recommendations they can act on quickly, and your compliance reviewers can process the results without unnecessary back-and-forth. Our core objective is to uncover hidden vulnerabilities in your environment before attackers do, while delivering clear, defensible security findings in a format designed to support regulatory and compliance review. Every part of our process is intentionally built to support that goal.

Practitioner-built

Designed for real delivery by a senior tester not optimized around a sales pipeline.

Audit-ready reporting

Clear findings with risk ratings that hold up in compliance and audit review.

Fixed scope

Know exactly what's included before you buy. No hidden add-ons, no scope creep.

Self-serve, no calls

Answer a few very quick questions, purchase, and receive your report. No sales rep required at any step.

Predictable pricing

Published pricing by IP range. Fast procurement, fewer surprises, faster decisions.

Consistent quality

Repeatable methodology, same quality baseline on every engagement, at any volume.

Simple process

From purchase to report in five steps.

Every step is designed to be fast and low-friction. Most customers are in active testing within five business days of purchase.

Choose your scope

Select the IP range that matches your environment from our published pricing tiers. No scope negotiation, no custom quotes. Just pick what fits.

Complete your purchase

Self-serve checkout via Stripe. No PO required for standard tiers. Payment confirms your engagement immediately.

Confirm scope and schedule

We'll reach out within one business day to confirm your target systems, rules of engagement, emergency contacts, and testing window.

Testing occurs

Active testing during the agreed window. Your designated emergency contact remains reachable throughout. We pause immediately if anything unexpected arises.

Receive your report

Professional deliverables: executive summary, technical findings, risk ratings, remediation guidance, and compliance attestation delivered within five business days of test completion. We can also schedule a video call to review the report and answer any questions you have. We are also happy to do seperate technical and board-ready video calls if needed.

What you receive

No surprises. Every engagement includes all of this.

We don't tier our deliverables. Every customer at every scope level receives the same professional reporting package.

Executive Summary

A non-technical narrative written for leadership, boards, and auditors. Summarizes risk posture, key findings, and recommended priorities.

Included

Technical Findings Report

Every identified vulnerability documented with evidence, affected systems, attack path, and technical context. Written for your security and engineering teams.

Included

Risk Ratings

Each finding rated Critical, High, Medium, or Low with CVSS scores where applicable. Clear, consistent risk language your auditors recognize.

Included

Remediation Guidance

Step-by-step remediation recommendations for every finding, prioritized by risk level and tailored to your specific environment.

Included

Compliance Attestation Letter

A signed attestation letter which includes scope and testing coverage. Formatted for submission to auditors reviewing PCI-DSS, SOC 2, NYDFS, HIPAA, or CMMC requirements.

Included

Expert Recommendations

Practitioner-level guidance drawn from direct observation of your environment and prioritized next steps written by the tester who found the issues, not a templated checklist.

Included
Download full sample report to see the format →
Honest pricing

Fixed scope. Published rates. No surprises.

Priced by total IPs so you only pay for your actual environment. Manual validation is included at every tier and we don't report false positives.

How pricing works: The first IP covers the essential work every engagement requires such as scoping, setup, validation, and reporting. Pricing scales with your environment from there. You're paying for additional work, not hidden overhead. Note: IP addresses do not need to be contiguous, it's just the total number of IPs you want to test. Feel free to contact us if you have questions or if you have more than 256 IPs.
Number of IPs to Test CIDR Price Price per IP
1 IP /32 $4,995 $4,995
2–4 IPs /30 $7,995 $1,999 – $3,997
5–8 IPs /29 $10,995 $1,374 – $2,199
9–16 IPs /28 $15,995 $1,000 – $1,777
17–32 IPs Most Popular /27 $25,995 $812 – $1,529
33–64 IPs /26 $36,995 $578 – $1,121
65–128 IPs /25 $52,995 $414 – $815
129–256 IPs /24 $72,995 $285 – $566

Manual validation included at every tier. No false-positive reports. Fixed pricing designed for fast procurement. The time your team saves not managing a sales process has real value and will get you to a remediated state faster.

Start Your Test Now
Reduce risk before you buy

See the deliverable format before committing.

Download a full sample report. No email required, no pressure, no follow-up calls. We believe you should know exactly what you're buying before you buy it.

Download Sample Report Start Your Test Now
Pentest Express sample report cover
FAQ

Common questions, answered directly.

Do I need a sales call to get started?
No. Everything is self-serve. You select your scope from the published pricing table, complete your purchase, and we start the process. No calls, no quotes, no waiting on a rep.
What compliance frameworks does your testing support?
Our reports and attestation letters are designed to satisfy penetration testing requirements for PCI-DSS, SOC 2, NYDFS, HIPAA, and CMMC. Each deliverable uses the documentation format auditors expect and includes a signed attestation letter confirming scope and methodology.
How long does testing take?
Testing windows vary by scope. A single-IP engagement typically takes one to three business days of active testing. Larger scopes (64+ IPs) may require five to ten business days. We'll confirm your specific timeline before testing begins. Most customers have a report in hand within two weeks of purchase.
Can I see a sample report before I buy?
Yes — and we encourage it. You can download a full sample report directly from this page. No email address required, no strings attached.
What if my environment includes cloud infrastructure (AWS, Azure, GCP)?
Cloud-hosted systems are in scope and very common. Before testing begins, you may want to confirm authorization with your cloud provider. Most major providers allow non-destructive penetration testing without prior notification or have a simple penetration testing approval process.
Who actually performs the testing?
Currently all testing is performed by Trey Blalock: a distinguished penetration tester with fifteen-plus years of experience, thousands of engagements across Fortune 500 companies and federal agencies, and over twelve active professional certifications including CISSP, GPEN, GWAPT, and GCPN. You are not being handed off to a junior team.
How does scheduling work after I purchase?
One of the questions when you sign up determines how soon we start. If you are in a rush choose the ASAP option and we will begin almost immediately. If we are experiencing high volumes that may delay things we will update the sign up form to let you know prior to purchase.
What systems can I include in scope?
Anything with a public IPv4 or IPv6 address. The IPs don't need to be contiguous. It's best to send us the hostnames but IP addresses work well. One thing that is important to include is your firewalls, VPNs and routers, the past two years we've seen a huge uptick in attackers accessing networks through firewalls and we frequently find critical issues on these devices..
What is your refund policy?
No matter what the issue is contact us immediately, some things are easy to resolve but we need to know quickly. If testing has not begun, you may be eligible for a refund minus a 10% administrative fee, at our discretion. Once our team has begun work — including pre-engagement reconnaissance, scoping, or active testing — all sales are final. See our Terms of Service for the full policy.
Do you offer retesting after remediation?
Retest support is available. Contact us at hello@pentestexpress.com to discuss scope and pricing for a remediation retest.
Who you're working with

Built and operated by a senior practitioner.

Pentest Express is built around a disciplined, practitioner-first mindset: deliver a strong quality baseline, keep scope and pricing clear, and avoid adding complexity customers didn't ask for.

Trey Blalock is a highly respected senior penetration tester who has performed extensive work across almost every major security domain for some of the world's largest corporations and governments. His background combines hands-on technical depth, large-scale security operations, and extensive speaking and training experience across advanced security topics.

Over fifteen years of experience providing penetration testing and assessment services to hundreds of clients in the financial, government, retail, chemical, aviation, oil & gas, medical, educational, legal, telecom, and law enforcement sectors.

He has trained numerous Fortune 100 companies, consulting firms, and federal agencies including the DIA, FBI, and NSA — on network security, system security, attack and penetration testing, and cloud security. He has performed thousands of penetration tests for Fortune 500 companies globally across various infrastructure devices, operating systems, protocols, and applications.

Trey speaks frequently about advanced security topics at financial institutions and Fintech conferences in the US, Europe, and Africa. He has spoken at DefCon and MITRE ATT&CKcon, and delivered two keynotes at the Department of Homeland Security's annual CISA conferences. He currently serves on several forensic, red-team, and penetration-testing advisory boards, and is a frequent television and podcast guest.

Credentials

Professional certifications.

Active certifications held across penetration testing, cloud security, forensics, risk management, and compliance.

GWAPT GIAC Web Application Penetration Tester #3845
GCPN GIAC Certified Cloud Penetration Tester #1349
GPEN GIAC Certified Penetration Tester #2089
GCTI GIAC Cyber Threat Intelligence #1977
GPCS GIAC Public Cloud Security #64
GCFA GIAC Certified Forensic Analyst #355
CISA Certified Information Systems Auditor #0862743
CISM Certified Information Systems Manager #0910809
CRISC Certified in Risk and Information Systems Control #1620233
CDPSE Certified Data Privacy Solution Engineer #2007933
CISSP Certified Information Systems Security Professional #11246
SSCP Systems Security Certified Practitioner #23259
NSA‑IAM NSA Information Assessment Methodology — certified 09/13/2002
Get in touch

Ready to get started, or have a question?

Start your test now through our self-serve checkout, or email us directly if you have questions before committing. We respond fast.

Start Your Test Now hello@pentestexpress.com