Frequently Asked Questions
Below are direct answers to questions prospective clients ask most often. If your question is not here, email sales@aptsecuritymanagement.com or book a free consultation.
About APT
Where is APT Security Management located?
We are headquartered at 6650 Rivers Ave Ste 100, North Charleston, SC 29406. We serve clients throughout the United States.
How long has APT been in business?
APT Security Management was founded in 2025. We are a young firm by design, built around senior practitioners and a small client roster.
How big is APT?
We are a boutique firm. We deliberately keep our client roster small so every engagement gets senior attention. If we cannot deliver the quality we expect on a given engagement, we will tell you that and refer you to a partner firm.
What certifications does the APT team hold?
Our operators hold certifications including OSCP, CISSP, GPEN, and CEH. We are happy to share specific credentials on a consultation call.
Does APT hold company-level certifications like SOC 2 or ISO 27001?
Not yet. We are pursuing company-level certifications as we grow. In the meantime, our individual operator credentials and our reporting transparency are the primary indicators of our work quality. We can share a redacted sample report on request.
Pricing and Contracts
How does APT's pricing work?
We use a prepaid token model. You buy service credits in advance and spend them across any APT service. Tokens are valid for 12 months from purchase. There are no monthly retainers and no long-term contracts.
How much does an engagement cost?
Cost depends on scope, complexity, and which engagement tier you choose. After a free 30-minute consultation, we send a written estimate with the token cost for each line item.
Do I have to sign a long-term contract?
No. There is no required contract length. You buy tokens, you spend them, you renew when you want.
Can I get a refund on unused tokens?
Tokens are non-refundable once purchased. They remain valid for 12 months and can be applied to any APT service.
What forms of payment do you accept?
ACH, wire transfer, and major credit cards. Established business clients can request net 30 invoicing.
Services
What services does APT offer?
We offer offensive services (penetration testing, red teaming, attack surface management, purple team), defensive services (managed detection and response, endpoint, network, email, and cloud security), and compliance services (compliance as a service, vulnerability management, asset management, cybersecurity insurance support).
What compliance frameworks does APT support?
SOC 2 (Type I and Type II), HIPAA, PCI-DSS, ISO 27001, NIST CSF, CMMC, and GDPR. Compliance work supports your audit but does not substitute for legal counsel.
Do you do penetration testing for compliance audits?
Yes. Our PTaaS engagements satisfy the pen test requirements for SOC 2, PCI-DSS, HIPAA security risk assessments, and similar frameworks. We deliver the report format auditors expect.
Can I see a sample penetration test report before hiring you?
Yes. Request the redacted sample. We will email it within one business day.
Can APT manage security tools we already own?
Often, yes. We hold partnerships with major security vendors and can integrate with most existing stacks. If your current tools are wrong for your environment, we will tell you that rather than work around them.
Engagements and Onboarding
How long does onboarding take?
Onboarding time depends on your engagement tier. ravenWing onboards in days. ravenGuard typically takes one to two weeks. ravenSentinel involves custom integration work and can take three weeks or longer.
How quickly can you start a penetration test?
After a signed Statement of Work and token purchase, most pen tests start within 7 to 14 business days. Rush scheduling is available where capacity allows.
What does the engagement process look like?
Free 30-minute consultation, written estimate, token purchase, kickoff, work delivery, written report, retest where applicable, and ongoing engagement based on the tier you chose.
Can I get a refund on unused tokens?
Yes. Because we are a boutique firm, the operator who scopes your work is the operator who runs it and writes your report. There are no junior handoffs.
Incident Response
Does APT provide incident response?
We support clients during active incidents within the scope of their engagement. We are not a 24x7 dedicated incident response retainer firm. If you are in the middle of a serious incident and do not have an existing IR retainer elsewhere, contact us immediately and we will help triage and connect you to a partner firm if needed.
What should I do if I think I am being attacked right now?
Call us at +1 844 554 2458 or email sales@aptsecuritymanagement.com. If we cannot directly assist within your scope, we will help you reach a partner firm immediately.
Can I add incident response capability to my engagement?
Yes. Clients on ravenGuard and ravenSentinel can reserve incident response tokens as part of their engagement plan. We will walk you through what that looks like during your consultation.
Working with APT
Does APT work with companies outside the United States?
Our primary market is U.S.-based businesses. We can support clients with international operations where U.S. headquarters or U.S.-billed entities are the contracting party.
Does APT work with small businesses, or only enterprises?
We work with both. Our ravenWing tier is built specifically for small businesses, and our token pricing scales down as easily as it scales up.
What happens after I submit the contact form?
We respond within one business day to schedule a free 30-minute consultation. There is no obligation. The call is a working call, not a sales pitch.
Can I request a custom engagement that does not match a standard service?
Yes. Custom work is priced in tokens like everything else. Send us the scope, and we will write up a Statement of Work.
Still Have Questions?
Book a free 30-minute consultation. We will answer anything not covered here and send you written follow-up so you have it on record.
