Skip to main content

Scope Your Security Assessment

Define your environment, priorities, and goals so we can scope the right assessment the right way.

Whether you are planning an internal penetration test, Active Directory assessment, purple team exercise, red team operation, web application test, or a broader security review, this intake gives us the context needed to define scope properly and move quickly.

Start Scoping

A better way to start an assessment

We built this process to remove the guesswork from scoping.

Instead of long email threads and rough estimates, this intake captures the details that actually affect testing approach, effort, and risk coverage. That leads to tighter proposals, fewer assumptions, and a smoother engagement from day one. We strive to scope every assessment to our clients' unique environment and avoid generic checkbox type tests with minimal understanding of your goals and environment ahead of time.

Focused

We collect the inputs that materially impact scope and attack surface.

Efficient

Structured intake reduces back and forth and speeds up proposal delivery.

Accurate

Clear inputs lead to better recommendations and better outcomes.

Who this is for

This page is typically used by teams that already know they need an assessment, but want to define scope correctly before moving forward.

  • Internal IT, security teams, and IT audit teams planning a penetration test
  • Organizations preparing for customer, board, or compliance-driven reviews
  • Teams evaluating Active Directory, identity exposure, external attack surface, or application risk
  • Buyers comparing options and looking for a structured starting point

What happens next

  1. 1. We review your inputsWe look at your environment, objectives, constraints, and timeline.
  2. 2. We may follow up with a few clarifying questionsIf anything impacts scope materially, we tighten it before proposing work. The more detail you can provide the better, but do not worry about getting every last form field perfect. We will reach out via email or even schedule a follow-up scoping exercise if we need clarifications or further information.
  3. 3. We recommend the right approachIf there is a better fit than what you selected, we will tell you.
  4. 4. We deliver a scoped proposalThis includes scope definition, assumptions, timeline, and pricing.

Common assessment types we scope here

Internal Penetration Testing

Evaluate internal network security, segmentation, identity exposure, and pathways to privilege escalation.

External Penetration Testing

Assess internet-facing infrastructure, exposed services, and externally reachable attack surface.

Web Application Security Testing

Identify exploitable weaknesses in custom applications, authentication flows, and business logic.

Active Directory Security Assessment

Analyze identity-driven attack paths, privilege exposure, delegated access, trust relationships, and common Active Directory misconfigurations.

Red Team Assessment

Simulate a realistic adversary to evaluate detection, response, and overall resilience.

Custom Security Assessment

For environments that do not fit a single category, we scope a focused hybrid approach.

Why Vilkas Cybersecurity

Vilkas Cybersecurity is built on deep hands-on offensive security experience. Our work focuses on identifying real attack chains, not generating reports that will get filed away and forgotten. We strive to be a trusted advisor for our clients, working with your team from the initial scoping exercise through post-remediation testing to deliver the most value for your organization and make a lasting impact on your security posture.

We show how weaknesses connect, how an attacker would move through your environment, and what to fix first to reduce risk quickly.

  • Combined decades of hands-on offensive security experience
  • Deep expertise in Active Directory and identity-driven attack chains
  • Manual testing grounded in real operator tradecraft
  • Reporting that is clear for both technical teams and leadership

Start scoping your assessment

Provide as much detail as you can. If you do not know every answer yet, that is fine. We can refine scope together.

Start Scoping

Frequently asked questions

Common questions about starting scope definition before a proposal or assessment begins.

Do I need to know the exact scope before submitting?
No. Many teams use this because they know the goal but want help defining the exact scope.
Can this include multiple types of assessments?
Yes. If your needs span multiple areas, we will recommend the best structure.
What if we are still early in planning?
That is fine. Even partial information helps us guide the process.
Does this commit us to a proposal?
No. This is simply a structured way to begin the conversation.
Can you work within sensitive or production environments?
Yes. We regularly scope around operational constraints, change control, and restricted testing windows.