You will get SaaS Pentest Readiness Package

Thomas W.Status: Offline
Thomas W. Thomas W.
5.0
Top Rated

Let a pro handle the details

Buy Assessments & Penetration Testing services from Thomas, priced and ready to go.
Thomas W.Status: Offline
Thomas W. Thomas W.
5.0
Top Rated

Let a pro handle the details

Buy Assessments & Penetration Testing services from Thomas, priced and ready to go.

Project details

Find what a pentester would find — before you pay $15K+ for one.

Your enterprise prospect just asked for your latest pentest report. You don't have one. A formal engagement runs $15K–$50K and takes weeks to schedule. Your deal is sitting in their security review queue.This package gets you defensible answers in under a week.

What you receive:
22-page branded PDF covering the 30 controls a senior pentester checks for in the first morning of any web app engagement — auth, authorization, injection, configuration, secrets, business logic. Severity ratings, plain-language tests, fix guidance. Companion Excel tracker with weighted scoring and an auto-generated prospect summary you can paste into vendor questionnaires.

Email templates for buying time with prospects while remediation is in progress.

2 hours of one-on-one consulting with me, scheduled at your convenience, to walk through your specific environment and prioritize findings.

Who I am: 25+ years in offensive security. Author of Professional Penetration Testing and 8 other books. CISSP, CCSP, AWS Security. DEF CON speaker.

What this is NOT: a substitute for a formal third-party pentest. It's the right step before one.
Cybersecurity Assessment Type
Penetration Testing
Cybersecurity Expertise
Audit, Risk Assessment, Gap Analysis
Technology Type
Computer Network, SaaS, Web Application, Mobile Device, PaaS
Cybersecurity Regulation
ISO, HIPAA, NIST Cybersecurity Framework, PCI DSS, SOC 2

What's included $797

These options are included with the project scope.

$797
  • Delivery Time 5 days

Frequently asked questions

5.0
3 reviews
100% Complete
1% Complete
(0)
1% Complete
(0)
1% Complete
(0)
1% Complete
(0)

BA

Ben A.
5.00
Feb 9, 2026
Website Security Penetration Testing and Reporting Tom is professional, capable and easy to work with. He provided a full pen-test report on time, communicated with our team professionally and on point and made sure we got our pen-test report and remediation report on time for us and our client. I will continue to be working with Tom on our future pen-test reports. Job well done! Thank you Tom!

TJ

Theo J.
5.00
Jan 20, 2026
Application Focused Security Assessment I hired Thomas Wilhelm to conduct a security assessment of our platform before a major funding announcement. The experience was excellent.
Thomas was professional and responsive from day one. He communicated clearly and quickly, asked good questions upfront, and kept us updated throughout the engagement. His proposal was transparent with no hidden costs.
We needed production testing done outside business hours to avoid any risk to our users, and Thomas followed that requirement perfectly. He understood the stakes and was careful with our live environment, which gave us confidence throughout the process.
The technical work was impressive. He found a high-severity vulnerability that we had completely missed . His report included clear screenshots, detailed explanations, and helpful resources.
Everything was delivered on time and on budget. No surprises, just solid work.
If you need a penetration tester who delivers real results and communicates well, hire Thomas.

JV

Jonathan V.
5.00
Sep 19, 2025
Penetration Tester Needed for Network and Application Testing As a cybersecurity professional with 25+ years of experience, including extensive background in penetration testing, I know what exceptional work looks like. Tom delivered exactly that.

His technical expertise was immediately apparent - thorough methodology, comprehensive testing approach, and deep understanding of modern attack vectors. What truly set him apart was his exceptional client communication skills. He explained complex security findings in clear, actionable terms that our client could understand and act upon.

The combination of technical mastery and professional client interaction is rare in this field. His deliverables were detailed, well-organized, and provided clear remediation guidance. He maintained excellent communication throughout the engagement, met all deadlines, and handled client questions with expertise and patience.

I would not hesitate to work with Tom again or recommend him to others in my network. Finding a penetration tester who excels in both technical execution and client relations is genuinely difficult - he's one of the few who truly masters both.

Highly recommended for any organization seeking professional, thorough penetration testing services.
Thomas W.Status: Offline

About Thomas

Thomas W.Status: Offline
Penetration Tester Professional | 25+ Years Experience
100% Job Success
5.0  (3 reviews)
Colorado Springs, United States - 9:02 pm local time
"Top Rated Plus" cybersecurity consultant and published author with 25+ years of experience specializing in penetration testing. Clients hire me when they need senior-level testing that includes clear scoping, reporting that drives remediation, and efficient execution.

I’ve led red team and penetration testing work for Fortune 100 enterprises, government agencies, and startups. My assessments are designed to simulate realistic attacker behavior, prioritize what matters most, and produce results that are easy for technical teams to reproduce and fix.

Areas of expertise:

* Web application testing (OWASP Top 10, authentication/session flaws, access control, input validation, SSRF, IDOR, RCE)
* API testing (token/session handling, authorization boundaries, input validation, business logic, fuzzing where appropriate)
* Internal and external network testing (Windows, Linux, hybrid) with segmentation and control validation
* Active Directory testing (enumeration, privilege escalation simulation, attack path validation)
* AWS and Azure security reviews (misconfigurations, IAM privilege analysis, exposure discovery, logging and monitoring validation)
* Compliance-aligned testing and guidance (PCI DSS, HIPAA, CIS, NIST and more)

What you can expect:

* Strong communication, documented scope, and no surprises
* Findings prioritized by real-world impact, not just scanner output
* Executive summary plus actionable remediation steps your team can use immediately
* Optional live debrief and remediation testing

Certifications: CISSP, CCSP, ISSMP, AWS Security Specialty, AWS Solutions Architect, CCNP Security, and more. Published author of multiple penetration testing books and a frequent security conference speaker.

Steps for completing your project

After purchasing the project, send requirements so Thomas can start the project.

Delivery time starts when Thomas receives requirements from you.

Thomas works on your project following the steps below.

Revisions may occur after the delivery date.

Pre-call review of your tracker

Once you've completed as much of the tracker as you can, share it back through Upwork. I'll review your responses, identify the highest-priority findings for your specific application type, and prepare targeted talking points for our call.

Two-hour consulting session

We meet over video chat for a working session focused on your environment. We walk through your specific findings, prioritize remediation by business impact, and address questions about your specific tech stack, prospects, or compliance situation.

Review the work, release payment, and leave feedback to Thomas.