Pentesting.se vs Truesec

Two Swedish security actors with different strengths.

Quick summary

Truesec is one of the Nordics’ leading cybersecurity firms. Established in 2005 with a focus on incident response (IR), when something has already gone wrong Truesec often comes in. They have combined IR experience with pentest practice in a unique way: their red teamers are people who actually handle ongoing intrusions for other clients, which gives an attacker-realistic perspective that pure pentest firms lack.

Pentesting.se does not offer IR. We do continuous automated scanning and manual artisanal pentest, not crisis response. If you have an ongoing intrusion, call Truesec or MSB, not us.

For preventive security we partly compete: both offer pentest. Truesec is more expensive and deeper per engagement; we are continuous and broader per krona.

Comparison at a glance

Aspect	Truesec	Pentesting.se
Founded	2005	Adminor AB 1983, platform 2024
Core offering	Incident Response + Pentest + CSIRT	Continuous EASM + optional artisanal pentest
IR / crisis response	Yes, core product	No, not our area
Red Team	Yes. IR-experienced red team, physical + social + technical	Yes. Claude-augmented for web/cloud/social, not physical or multi-month ops
Daily automated scanning	No (project-based)	Yes, core product
Lowest price	~100 000 SEK per engagement	249 SEK/month (automated). Artisanal pentest project-based: single web app test from 15 000 SEK, larger engagements priced per scope
Threat intelligence	Yes, own TI practice	CVE feed monitoring + CISA KEV integration
CISO-as-a-Service	Yes	No
NIS2 mapping	Per engagement	Built-in
MCP integration	No	Yes
Compliance package (NIS2/DORA/ISO)	Consultant-delivered	Platform + consultant-delivered

Pick Truesec if...

You have an ongoing intrusion or suspect an incident, call Truesec, not us
You need an IR retainer to be prepared when the next incident hits
You want pentest by people who actually deal with active intrusions, attack-realism is top priority
You need CISO-as-a-Service or managed CSIRT
You are a financial institution or other high-risk org with DORA / NIS2 critical-entity status
You are ready to pay enterprise prices for enterprise depth

Pick Pentesting.se if...

You want continuous coverage to avoid incidents, not crisis response when they happen
You are a mid-sized company with annual budget <200 000 SEK
You have many external assets (subdomains, IPs, cloud services) that need daily vulnerability scanning
You need NIS2 mapping as a standard deliverable
You value SaaS model with transparent pricing over enterprise consulting
You want to integrate security with AI agent workflows (Claude Code, Cursor)

Use both?

Many mature organisations do. Pentesting.se handles daily automation + NIS2 mapping for semi-annual audits. Truesec is brought in for:

IR retainer / on-call agreement (for when it hits the fan)
Red team engagement every other or third year
Larger strategic security projects where you need a deep consultant

We do not compete with their IR service and do not try to. For continuous vulnerability measurement we are cheaper and more continuous. They are two complementary tools.

Start with a free health check

See your current exposure in 60 seconds. No account required.

Free health check See the full buyer guide