Pentest Program

A Comprehensive Guide to Building a Pentest Program

This guidebook aims to educate and outline the benefits of deploying pentesting as a program. Using's own pentest program as an example for building out your own program. 

A pentest program is a clearly defined series of pentests designed to systematically identify and remediate vulnerabilities in one or more assets or asset groups.

Ray Espinoza, Head of Security at, shares his insights on how to build out a pentest program. He examines what a pentest program is, its makeup, the value it can add, and how to get the most out of a programmatic approach. Espinoza uses the pentest program that he has built here at as a detailed example for how you could potentially structure your very own program. 

What are the learnings?

  • Engaging with key stakeholders is critical to the success of a pentest program
  • Engagement and communication with testers drastically improves program results
  • The #1 benefit of a pentest program over ad-hoc is the ability to constantly improve