Pentest Express
WhyDeliverablesHonest PricingSampleFAQFounderStart Your Test Now
Self-serve, audit-ready penetration testing Aligned to PCI-DSS, SOC 2, NYDFS, and CMMC
Audit-ready • Predictable • Self-serve

Audit-ready penetration testing, without the sales and consulting overhead.

High-quality tests aligned to PCI-DSS, SOC 2, NYDFS, and CMMC without the friction of sales-heavy consulting models.

Fixed scope • Start immediately after purchase • No sales calls • Advanced audit-ready deliverables

Why teams choose Pentest Express

  • Practitioner-built. Designed for real delivery, not sales cycles.
  • Audit-ready reporting. Clear findings that hold up in compliance review.
  • Fixed scopes. Know exactly what’s included and what you’ll receive.
  • Consistent baseline quality. Repeatable methodology at any volume.
  • No bloat. Only what customers actually need—nothing extra.
  • Predictable pricing. Fewer surprises, faster decisions.

What you get (no surprises)

How it works

Simple, honest pricing with no surprises

The first IP covers the essential work required by every test, such as setup, validation, and reporting. From there, pricing scales with your environment so you’re only paying for additional scope, not hidden overhead.

IP Range CIDR Price Price / IP
1 IP /32 $4,995 $4,995
2–4 IPs /30 $7,995 $1,999 – $3,997
5–8 IPs /29 $10,995 $1,374 – $2,199
9–16 IPs /28 $15,995 $1,000 – $1,777
17–32 IPs /27 $25,995 $812 – $1,529
33–64 IPs /26 $36,995 $578 – $1,121
65–128 IPs /25 $52,995 $414 – $815
129–256 IPs /24 $72,995 $285 – $566

Manual validation included. No false-positive reports. Fixed scope pricing designed for fast procurement. No sales hassle saves your team time.

Trust, methodology, and procurement readiness

FAQ

Coming soon. We haven't officially launched yet, but this site is open for business now and we are doing work for a number of companies that worked with our parent company Verification Labs.

See the report format before you buy

Reduce risk by reviewing a real sample deliverable first—no calls, no pressure.

Download Sample Report Start Your Test Now

Contact

Questions? Email us and we’ll get back to you as soon as possible.

hello@pentestexpress.com

About our founder

Pentest Express is built around a disciplined, practitioner-first mindset: deliver a strong quality baseline, keep scope and pricing clear, and avoid adding features customers didn’t ask for.

  • Discipline over hype. Repeatable execution, consistent outputs, fewer surprises.
  • Customer-driven scope. Focus on what matters for security teams and audit review.
  • Efficiency by design. Self-serve delivery reduces overhead and speeds decisions.

Trey Blalock is a highly respected senior penetration tester who has performed extensive work across almost every major security domain for some of the world's largest corporations and governments. His background combines hands-on technical depth, large-scale security operations, and extensive speaking and training experience across advanced security topics.

Credentials

Trey Blalock is a highly respected senior penetration tester who has performed extensive work in almost every security domain for some of the world's largest corporations and governments.

Trey has over fifteen years of experience providing penetration testing and assessment services to hundreds of clients in the financial, government, retail, chemical, aviation, oil & gas, medical, educational, legal, telecom, and law enforcement sectors.

He has trained numerous Fortune 100 companies, consulting firms, and federal agencies, such as the DIA, FBI, and NSA, on network security, system security, attack and penetration testing, and cloud security.

He has performed thousands of penetration tests for Fortune 500 companies globally across various infrastructure devices, operating systems, protocols, and applications.

Frequently speaks about advanced security topics at financial institutions and Fintech conferences in the US, Europe, and Africa. He has spoken at DefCon and MITRE ATT&CKcon, and delivered two keynotes at the Department of Homeland Security's annual CISA conferences.

Currently serves on several forensic, red-team, and penetration-testing advisory boards, and is a frequent television and podcast guest.

Professional Certifications

  • GIAC GWAPT (Global Information Assurance Certification) GIAC Web Application Penetration Tester # 3845
  • GIAC GCPN (Global Information Assurance Certification) GIAC Certified Cloud Penetration Tester # 1349
  • GIAC GPEN (Global Information Assurance Certification) GIAC Certified Penetration Tester # 2089
  • GIAC GCTI (Global Information Assurance Certification) GIAC Cyber Threat Intelligence # 1977
  • GIAC GPCS (Global Information Assurance Certification) GIAC Public Cloud Security # 64
  • GIAC GCFA (Global Information Assurance Certification) GIAC Certified Forensic Analyst # 355
  • CISA Certified Information Systems Auditor # 0862743
  • CISM Certified Information Systems Manager # 0910809
  • CRISC Certified in Risk and Information Systems Control # 1620233
  • CDPSE Certified Data Privacy Solution Engineer # 2007933
  • CISSP Certified Information Systems Security Professional # 11246
  • SSCP System Security Certified Practitioner # 23259
  • NSA-IAM National Security Agency Information Assessment Methodology certified as of 09/13/02