About Lion Security
Expert Penetration Testing Procurement Built on 1,000+ Engagements.
The Problem:
Procurement Is Broken
Most organizations spend 6-10 weeks researching penetration testing vendors, running RFPs, comparing proposals manually, and negotiating contracts—only to second-guess their choice when the engagement starts.
Vendors quote wildly different prices for the same scope. Security teams don't know if they're overpaying or under-scoping. First-time buyers struggle to translate compliance requirements into technical specifications.
We built Lion Security to fix this.
Our Solution:
Expert-Driven Advisory
Lion Security is the first penetration testing procurement marketplace built by offensive security experts, for security teams who need better vendor selection, transparent pricing, and quality assurance.
We don't perform penetration testing ourselves. Instead, we do what we do best: scope, compare, and manage offensive security engagements on behalf of our customers—bringing vendor-neutral expertise, pricing transparency, and quality oversight to an opaque market.
Expert Scoping
We translate your compliance requirements into precise technical scopes.
Neutral Matching
We match you with 3-5 vetted vendors based on your specific industry needs.
Price Transparency
We provide market benchmarks so you know if you're paying a fair rate.
Quality Assurance
We review every pentest report and enforce SLAs before you receive it.
Led by Veteran Offensive Security Expert Paul Petefish
From Penetration Tester to Procurement Expert
Paul Petefish is an offensive cybersecurity leader, entrepreneur, and researcher with over 20 years of experience in cybersecurity. He is a former penetration tester turned cybersecurity leader and the co-founder of Evolve Security, where he spent the last decade building next-generation offensive cybersecurity solutions.
Throughout his career, Paul has scoped, managed, and delivered over 1,000 penetration testing engagements across every industry—from Fortune 500 financial institutions to high-growth SaaS startups. This hands-on experience gives him unparalleled insight into what makes a penetration test effective, how to scope engagements for maximum ROI, and which vendors excel at different types of testing.
The Continuous Penetration Testing Methodology (CPTM)
Paul is the author of the Continuous Penetration Testing Methodology (CPTM), a structured, tool-agnostic framework designed to modernize traditional penetration testing by aligning it with the pace of today's cloud-native, continuously evolving environments.
CPTM builds on and exceeds established standards such as NIST SP 800-115, PTES, OWASP, and MITRE ATT&CK by transforming penetration testing from a point-in-time assessment into an always-on security control.
Recognized Security Researcher & Thought Leader
In addition to leading Evolve Security and founding Lion Security, Paul is a patent holder and an active security researcher with published vulnerability research. He's been a guest lecturer at the University of Chicago, a frequent speaker at cybersecurity conferences, and a recognized cyber expert for ABC and CBS Chicago, where he provides commentary on cybersecurity threats and incidents.
"I've seen both sides of the penetration testing industry—as a practitioner delivering engagements and as a leader managing vendor relationships for enterprise security programs. Lion Security exists to bring that expertise to organizations that don't have time to become procurement experts themselves."
Our Advisors
Eric Ferguson
Advisor
Eric is currently the Chief Operations Officer of Honk, a leading technology-based Roadside Assistance Company. Prior to this role, Eric served as Chief Operations Officer at Grubhub, where he oversaw Grubhub’s driver network, delivery operations, customer service, fraud, sales and account management, and led two B2B businesses (Campus and Corporate). Eric oversaw the growth of Grubhub’s profitable delivery network from essentially zero to 500,000 deliveries per day.
Eric has more than 20 years of experience in supply chain/logistics and previously worked at Amazon for more than a decade in its transportation department. He also worked for Amazon for 13 years.
Eric received a bachelor’s degree in computer science from the Rochester Institute of Technology.
How Lion Security Is Different
| Typical Approach | Lion Security Approach |
|---|---|
| Contact vendors one at a time, hoping for competitive pricing | Match you with 3-5 vetted vendors simultaneously for true price competition |
| Spend 6-10 weeks researching vendors and running RFPs manually | Get normalized proposals in 5-7 days through our platform |
| Hope your scope is accurate; only find out after testing starts | Expert scoping based on 1,000+ engagements ensures accuracy upfront |
| No recourse if vendor quality is poor—you're locked into the contract | Quality assurance with vendor swap capability if performance falls short |
| Vendor sets the price; you don't know if it's fair | Market benchmarking shows you competitive pricing across tiers |
Who We Serve
Lion Security works with mid-market to enterprise organizations (200-5,000 employees, $50M-$500M revenue) across regulated industries:
FinTech
Payment processors, lending platforms, digital banks navigating PCI-DSS and SOC 2.
Healthcare
Telehealth, EHR platforms, healthcare SaaS requiring HIPAA compliance.
SaaS
B2B software companies pursuing SOC 2, ISO 27001, or customer questionnaires.
Insurance
InsurTech and traditional carriers managing policyholder data.
Critical Infrastructure
Energy, utilities, and government contractors with stringent mandates.
E-Commerce & Retail
Online retailers handling payment data and customer PII.
Work With an Expert Who's Scoped 1,000+ Engagements
Stop spending weeks researching vendors and second-guessing your procurement decisions. Let Lion Security's offensive security expertise work for you.
No cost to explore options. You'll receive vetted vendor proposals in 5-7 days.