Red jelly bean
Cherry, cinnamon, watermelon?

Choosing a company to partner with for your next application or network security assessment can feel like eating a red jelly bean.  They all look pretty much the same and some are exactly what you want, but some are definitely not.  Large companies offer the comfort of an established process and previously satisfied customers, but over time the experts who once worked there tend to move on and the quality of the service falls.  And of course, large companies need rigid processes and strictly defined service offerings to keep their workload manageable, which means you need to conform to their expectations.  Small companies have the flexibility to adapt to your needs, but it can be hard to assess their skills.

Meristem offers the following three reasons why working with us WILL be the red jelly bean you’re looking for.

Detailed Reports

Naturally Meristem commits to performing a high-quality test, but when a report comes back with just a couple of low-risk findings, how can you tell the difference between your application/network being awesome and a tester that only spent a couple of hours working on the test?  Meristem’s answer is to ensure that the report describes the test that was performed in terms of the specific details of your application or network.  The process of really trying to find vulnerabilities will teach us a lot about your architecture, and that will be visible in the report, whether in the descriptions of effective controls or vulnerabilities.

More importantly, when we do identify vulnerabilities, the recommendations will be tailored to what we know of your environment.  We may not be able to tell you exactly how to fix the problem, but we’ll be a specific as possible.  Also, the evidence included with each finding will be descriptive enough that the developers or system administrators will be able to replicate the test and know when they have fixed the issue.

Want proof?  Check out a sample High Finding and Medium Finding.

All-Technical Team

Sometime soon Meristem will grow to the point where we will need dedicated non-technical staff.  But for now, you have the advantage of being able to ask technical questions at every point of the process and judge the quality of the answers.  If you don’t like what you’re hearing, you can call off the engagement before signing on the dotted line.

Value Pricing

Again, because Meristem is currently a boutique-shop, we don’t have the overhead of a larger company and our prices reflect that.  You’ll be getting the services of testers that have been at the top tiers of large consulting companies, without paying the large consulting company price.

Have another concern?  Is there twist to the testing services you need?  Feel free to reach out to This email address is being protected from spambots. You need JavaScript enabled to view it..  And yes, it’s actually going to be a tester who gets that message.