Human expertise,
where the engagement calls for it.
Section 31’s consulting practice handles engagements where context, scope, or coordination call for human delivery. Our consultants run their work on the same platform your team uses — so the autonomous and consultant-led parts of an engagement land in one workspace, one evidence trail.
Our consultants use the same platform your team would.
Most pentest firms hand you a PDF and a meeting. We hand you a portal a consultant is actively working in — with the agent covering breadth across external, web/API, cloud, and Active Directory, and the consultant focusing on the parts that require live human judgment.
- Shared portal
Consultant and your team review findings in the same workspace, in real time.
- Unified evidence
Autonomous and consultant findings share one evidence trail; reports — executive, technical, or compliance-framework — generated on demand.
- On-demand retest
Validate remediation from the same portal — no need to recommission the engagement.
Penetration Testing
Penetration tests focused on the targets that matter most to your business, delivered by our consulting team. We work with you to scope each engagement around specific impact objectives — testing the boundaries and controls that protect those targets under realistic conditions, and producing findings that drive remediation rather than a long inventory of low-impact vulnerabilities.
When to choose this When the scope is unusual, the targets require specialist context, or the engagement benefits from a human consultant driving judgment calls throughout. Often delivered alongside an autonomous engagement on the platform for additional coverage.
Red Team Engagements
Adversary emulation focused on improving your detection and response. Our red team works each engagement as a training opportunity for your security operations: meaningful objectives, clearly defined attacker tactics, and a debrief that gives your team the context to close real detection and response gaps. SOC notification is set during scoping — when the engagement is testing detection capability under realistic conditions, only a small group of stakeholders inside your organization (the "control group") knows the test is happening.
When to choose this When you want to assess people, processes, and detection capability alongside the controls, against a realistic adversary playbook and on a realistic timeline.
Incident Response
Cross-functional response for the moments that escalate to a business crisis. Coordinated technical containment, forensic preservation, executive communication, and the coordination across teams that keeps the response aligned. Consultants recruited from operational cybersecurity, IR, and crisis-communication backgrounds. Engagements range from active-incident retainers to validation exercises against your existing response plan.
When to choose this When an incident is active and you need experienced hands on it now, or when you want to validate your response plan against a realistic exercise before an incident occurs.
Purple Team Engagements
Live, collaborative exercises with our red team and your defenders (your "blue team") working the same engagement together. We execute carefully constructed adversary emulation plans, talk through each technique as it happens, and leave your team with measurable improvements in detection coverage and response procedure.
When to choose this When you want a controlled, structured collaboration that builds your detection and response capability rather than just measuring it.
Social Engineering
Email phishing, telephone vishing, and physical access attempts driven by realistic pretext development. We threat-model the way an adversary would and execute accordingly. Engagements are scoped to assess your organization without harming the people targeted.
When to choose this When the human-layer assumptions in your security program have not been pressure-tested in a while, or when you need to validate awareness training and reporting procedures.
Threat Modeling & Architecture Review
Design-phase security review for new systems and major architectural changes. We apply offensive-security perspective to architecture diagrams, data flows, and trust boundaries — identifying issues before code ships and the surface goes live. Outputs include a documented threat model, prioritized findings against the design, and remediation guidance scoped to your engineering practice.
When to choose this When the cost of finding a security issue post-deployment exceeds the cost of finding it pre-deployment. New product launches, significant architectural changes, and pre-launch reviews for systems handling sensitive data are the typical fits.
Tabletop & Crisis Exercises
Structured tabletop and crisis-simulation exercises that pressure-test your incident-response plan against realistic scenarios. We craft scenarios based on current attacker tactics, techniques, and procedures (TTPs) and incidents in your sector, facilitate the exercise, and produce a written debrief identifying decision points, capability gaps, and procedural improvements. Engagements range from a single 90-minute tabletop to multi-day crisis simulations involving executive teams.
When to choose this When you want to validate your incident-response plan without paying for an actual incident. Pre-audit preparation, executive-team readiness, and detection-and-response capability assessment are all typical fits.
Application Security Code Review
Manual secure-code review of application source, focused on the parts an automated scanner cannot reliably assess — authorization models, business-logic flaws, cryptographic implementations, and the integration points where security properties cross trust boundaries. Outputs include findings annotated to specific lines, exploitability assessments, and remediation guidance written for the engineers who will fix them.
When to choose this When a critical application warrants human-level review beyond what automated source-code scanning (SAST) produces, when a third-party application needs vetting before adoption, or when an internal team wants targeted senior review of authorization or cryptographic code.
Vulnerability Assessment & Compliance
Large-scale vulnerability assessments, security architecture review, and consulting through the regulatory and compliance mandates that absorb time, money, and personnel. Delivered with an emphasis on the underlying security posture rather than the artifact alone.
When to choose this When the question is breadth, program-level coverage, or a specific regulatory or customer-assurance requirement.
Speak with a security consultant.
Engagements begin with a scoping discussion to confirm objectives, scope, and the appropriate delivery model.