Most organizations we speak to treat the pre-TLPT period as a waiting room.
They know a TLPT is coming. They know roughly when. And they assume that when the time comes, they will bring in the right party, run the test, and handle whatever comes out of it. That is not the best plan.
Here is what actually happens to...Read more...

Most financial institutions that fall under DORA will need to conduct their first Threat-Led Penetration Test within the next few years.
Most of them are not ready.
Not because they lack security, many have solid defenses in place. But because a TLPT is not a test you pass by having good security. It is a test you...Read more...

Over the past few weeks, there has been a great deal of attention on the MIAUW framework. We recently published a blog about this. Previously, we also wrote a similar article about the CCV Pentesting Quality Mark(Dutch only). These frameworks provide structure and guidance for clients and suppliers alike, and are...Read more...

The Dutch central government has announced its intention to conclude a framework agreement for penetration testing around mid‑2026. The tender and the resulting framework agreement will be based on the MIAUW methodology. According to ICT Magazine, the MIAUW methodology is intended to put an end to the “magic and...Read more...

Looking back on a successful 2025, our Offensive Security Manager Koen Riepe shares his thoughts on dealing with end-year performance reviews and which vital skills are important for ethical hackers/red teamers.
You'll likely be on the receiving end of at least one, and if you have a managerial/lead position, you may...Read more...