Skip to main content

Structured intake for faster, cleaner scoping

Scope Your Security Assessment

Define your environment, priorities, and goals so we can scope the right assessment the right way.

Whether you are planning an internal penetration test, Active Directory assessment, purple team exercise, red team operation, web application test, or a broader security review, this intake gives us the context needed to define scope properly and move quickly.

Better inputs before pricing and schedulingStructured around real testing variables
Start Scoping

Why this page exists

A better way to start an assessment

We built this process to remove the guesswork from scoping.

Instead of long email threads and rough estimates, this intake captures the details that actually affect testing approach, effort, and risk coverage. That leads to tighter proposals, fewer assumptions, and a smoother engagement from day one. We strive to scope every assessment to our clients' unique environment and avoid generic checkbox type tests with minimal understanding of your goals and environment ahead of time.

What this improves

Less back and forth, tighter assumptions, and cleaner proposals built around the real environment.

Focused

We collect the inputs that materially impact scope and attack surface.

Efficient

Structured intake reduces back and forth and speeds up proposal delivery.

Accurate

Clear inputs lead to better recommendations and better outcomes.

Best fit

Who this is for

This page is typically used by teams that already know they need an assessment, but want to define scope correctly before moving forward.

  • Internal IT, security teams, and IT audit teams planning a penetration test
  • Organizations preparing for customer, board, or compliance-driven reviews
  • Teams evaluating Active Directory, identity exposure, external attack surface, or application risk
  • Buyers comparing options and looking for a structured starting point

Best fit when

You already know you need an assessment and want to define scope clearly before pricing, scheduling, or selecting the right testing approach.

After submission

What happens next

  1. 1. We review your inputsWe look at your environment, objectives, constraints, and timeline.
  2. 2. We may follow up with a few clarifying questionsIf anything impacts scope materially, we tighten it before proposing work. The more detail you can provide the better, but do not worry about getting every last form field perfect. We will reach out via email or even schedule a follow-up scoping exercise if we need clarifications or further information.
  3. 3. We recommend the right approachIf there is a better fit than what you selected, we will tell you.
  4. 4. We deliver a scoped proposalThis includes scope definition, assumptions, timeline, and pricing.

Common Fits

Common assessment types we scope here

Start with the assessment family that best matches your environment or objective. We can still refine the exact approach after review.

Useful when

You know the broad problem space but want the final scope guided by real testing considerations.

Internal Penetration Testing

Evaluate internal network security, segmentation, identity exposure, and pathways to privilege escalation.

Explore network penetration testing

External Penetration Testing

Assess internet-facing infrastructure, exposed services, and externally reachable attack surface.

Explore external penetration testing

Web Application Security Testing

Identify exploitable weaknesses in custom applications, authentication flows, and business logic.

Explore application security testing

Active Directory Security Assessment

Analyze identity-driven attack paths, privilege exposure, delegated access, trust relationships, and common Active Directory misconfigurations.

Explore Active Directory security assessments

Red Team Assessment

Simulate a realistic adversary to evaluate detection, response, and overall resilience.

Explore red team assessments

Custom Security Assessment

For environments that do not fit a single category, we scope a focused hybrid approach.

Explore security services

Why Vilkas

Why Vilkas Cybersecurity

Vilkas Cybersecurity is built on deep hands-on offensive security experience. Our work focuses on identifying real attack chains, not generating reports that will get filed away and forgotten. We strive to be a trusted advisor for our clients, working with your team from the initial scoping exercise through post-remediation testing to deliver the most value for your organization and make a lasting impact on your security posture.

We show how weaknesses connect, how an attacker would move through your environment, and what to fix first to reduce risk quickly.

Clients come here for

  • Combined decades of hands-on offensive security experience
  • Deep expertise in Active Directory and identity-driven attack chains
  • Manual testing grounded in real operator tradecraft
  • Reporting that is clear for both technical teams and leadership

Ready when you are

Start scoping your assessment

Provide as much detail as you can. If you do not know every answer yet, that is fine. We can refine scope together.

Start Scoping

Frequently asked questions

Common questions about starting scope definition before a proposal or assessment begins.

Do I need to know the exact scope before submitting?
No. Many teams use this because they know the goal but want help defining the exact scope.
Can this include multiple types of assessments?
Yes. If your needs span multiple areas, we will recommend the best structure.
What if we are still early in planning?
That is fine. Even partial information helps us guide the process.
Does this commit us to a proposal?
No. This is simply a structured way to begin the conversation.
Can you work within sensitive or production environments?
Yes. We regularly scope around operational constraints, change control, and restricted testing windows.