What We Do Our Story Field Notes Get in Touch
About

Where this came from.

TheSecureBase started in 2019 from a simple frustration: most engagements were too complex to scope, too vague in their deliverables, and tied to ongoing contracts that made it hard to know what you were actually paying for.

The problem with how security testing was sold

Most penetration testing firms required a retainer, an annual contract, or a minimum engagement value that made it impractical for companies below a certain size. The deliverables were often slide decks designed for C-suite presentation rather than technical reports that developers could actually use.

We wanted to build something more direct. You define the scope. We test it. You get a written report with everything your team needs to fix what was found. Then we leave. No upsell, no ongoing dependency.

Since 2019 we have run engagements for logistics companies, fintech startups, professional services firms, and manufacturing businesses across Germany and the EU. The industries vary. The approach does not.

Written scope before anything starts

Every engagement begins with a document that specifies exactly what will be tested, when, by whom, and at what price. Nothing changes after sign-off without your explicit agreement.

Reports written for the person who fixes things

Our findings documents are written for developers and IT managers. Reproduction steps are precise enough to follow. Remediation guidance is specific, not generic.

No findings we are not certain about

We do not include false positives to pad the finding count. If we cannot manually confirm a finding, it does not go in the report.

The team

Who does the work

Both founders still run engagements. There is no junior team that delivers the work while seniors handle sales.

EB

Elena Brandt

Co-founder · Web Application Testing

Elena spent seven years in application security at a Frankfurt-based financial infrastructure provider before starting TheSecureBase. Her background is in secure software development and code review; she moved into testing after noticing most pentesters she worked with did not understand the code they were attacking. She covers web application and API testing.

LinkedIn profile
TN

Tobias Necker

Co-founder · Infrastructure & Red Team

Tobias previously worked as an incident responder and digital forensics consultant in Munich. That background — seeing what attackers actually do after they get in — shapes how he runs infrastructure assessments and social engineering campaigns. He covers network audits, Active Directory assessments, and vishing engagements.

LinkedIn profile

Work with us

If the approach makes sense for your situation, the fastest way to figure out whether we are a fit is a 30-minute scoping call.

Get in touch