NYCRR requires annual penetration testing for covered entities.

A high-quality penetration test satisfies regulatory requirements while also improving situational awareness and defense-in-depth.

A vulnerability scan is not a penetration test. Our team provides a full scope penetration test that satisfies the requirements of 23 NYCRR 500 and produces the complete documentation necessary for regulatory compliance and adherence to NYDFS rules. Our team's knowledge and experience provide the context and insight that automated security tools lack.

Look through the eyes of a hacker.

Penetration testers use the tools and techniques of a hacker to provide you a unique view of your organization.

Modern cybersecurity products are highly efficient and provide broad protection against a wide range of threats, but they are far from perfect. While defenders worry about securing a massive number of devices and services, your adversaries have laser-like focus on the handful of most vulnerable devices.

Like a real adverary, our pen testers draw upon a deep understanding of security and follow their instincts to probe the most serious weaknesses in your infrastructure. By emulating adversarial tactics, we demonstrate how minor security issues can be combined to lead to a full-blown compromise.


Our customers run amazing businesses,
and we are proud to help them stay safe and secure!
We choose Hyperion Gray because they don't just run the same commonly available scanning or static code analysis tools that we use. They are extremely talented and technically capable hackers. There is no other company that provides the same level of custom support and high competence.
Alex and his team are solid, professional and exceptionally talented people. We can always depend on Hyperion Gray to help keep us secure.
Thanks to their unique expertise, and well-understood rules of engagement, Alex and Mark were able to effectively assess our resiliency and security posture, and clearly translate potential security vulnerabilities into actionable solutions.

Meet the team.

We have assessed a wide range of businesses, from tech startup to multinational law firm.

Our senior penetration tester, Alejandro (Alex) Caceres, has years of experience conducting pen tests for government agencies and the private sector alike. Alex is an active security researcher and trainer:

Our team possesses the most desired certifications in the industry, including the CEH, CISSP, and OSCP. We are based in the U.S. and Canada, with availablity for remote work and travel.

Alex Caceres

Mark Haase

Carson Owlett

Jason Hopper

Most penetration test teams focus 100% on offensive security and have little experience on defense. As a result, they often give you expensive and impractical advice!

Our team is unique. We are not just ethical hackers. We also write code and manage our own infrastructure every day. So we understand the difficulty of balancing business needs with security concerns. You can rest assured that we will never recommend security measures that we would not adopt ourselves.

Request a Quote

Type of platform:

Want to know more?

Penetration testing can be intimidating if you're not familiar with the lingo. Click below to read our pen testing FAQs.

Frequently Asked Questions

Call Us

If you have questions or need advice on a unique project, please pick up the phone!

Call 1-657-522-2092