What's included:

Full-scope testing: External, internal, wireless, cloud configuration review (AWS/Azure/GCP), and limited social engineering (phishing simulation)
Advanced manual penetration testing and light red-team exercises
Privilege escalation, lateral movement, and business logic flaw testing
Comprehensive report package:
Executive summary (for leadership/board)
Detailed technical findings with CVSS scores and proof-of-concept
Prioritized 90-day remediation roadmap
Gap analysis against NIST 800-171, CMMC 2.0, CIS Controls, or other relevant frameworks
2-hour executive briefing + technical deep-dive session
90 days of post-assessment support (up to 2 re-tests of critical/high findings)
Dedicated project manager and optional on-site or virtual workshop