top of page



FIGMO Security offers both Penetration Testing and Advanced Persistent Threat Emulation services. What do those entail, and which is right for you?

In a Penetration Test we map and assess the vulnerabilities of a network, and then leverage those vulnerabilities to gain access to critical systems. Our team coordinates these efforts with your security staff so they are aware of any actions taken, and we can teach your staff to learn to recognize and act upon the artifacts of such attacks.  If you are testing the security and accessibility of specific assets, the penetration test is a great way to measure that.

Advanced Persistent Threat Emulation is a more adversarial assessment where our team executes their testing mission while actively evading your security team. Network vulnerabilities are still assessed and leveraged with the goal of accessing critical systems. However, the primary purpose of an APTE assessment is to measure the detection and response capabilities of your company's cybersecurity team.  Activities are coordinated with a Trusted Point of Contact inside your company so the security team's response time and actions can be accurately measured.  If your aim is to accurately gauge the real-world response of your team in the event an incident takes place, the APTE assessment is the best option.


In short, a penetration test is done to assess the systems and software in an environment, whereas the APTE is built to test the people, processes, and procedures that manage those systems.

Regardless of which assessment you choose, we communicate with your appointed Trusted Point of Contact throughout the whole process. You can expect a pre-assessment meeting to discuss strategy, customized details for your individual assessment, technical expectations, logistical considerations, and the methodology and scenarios our team will use. From then on, you can expect daily progress reports detailing the course of the assessment, strong and weak areas in your network security, and the exact methods used by our team. Finally, we hold a comprehensive outbrief open to everyone involved, as well as provide a report detailing all our findings. We disclose our attack paths, the potential ramifications of our successful attacks, and the concrete steps you can take to become less vulnerable to attacks.

Penetration Test

Suggested duration:  2 weeks

Activities:  Phishing (with payload)

External Assessment (Coordinating with Security Staff)

Internal Assessment (Coordinating with Security Staff)

User training (1 day) and report

APTE Assessment

Suggested duration:  12 Weeks

Activities:  OSINT (Open Source Intelligence) Research

Phishing (with payload)

Internal Assessment, 45 days (Coordinating w/Point of contact)

Measurable Events, 45 days (Coordinating w/Point of Contact)

User Training (2 days) and report



bottom of page