Does DORA require this?

Yes. Competent authorities identify which financial entities must conduct TLPT at least every 3 years under DORA Articles 26-27.

What's the difference between TIBER-EU and a standard red team?

TIBER-EU follows a specific three-phase methodology (threat intelligence → red team → closure) under regulatory oversight, against live production systems.

How long does a TLPT take?

24-30+ weeks end-to-end across all three phases.

Do you work with our regulator?

Yes, we support regulatory coordination throughout, including reporting.

Is CREST accreditation required?

Some frameworks require CREST-accredited providers. We can discuss specific requirements for your jurisdiction.

Threat-Led Penetration Testing

TIBER-EU, DORA, and CBEST mandate intelligence-led, red-team-executed testing against live production systems under regulatory oversight. We deliver threat-led penetration testing combining threat intelligence with realistic adversary emulation of the TTPs most relevant to your sector.

Why This Matters

DORA requires designated financial entities to conduct TLPT at least every 3 years. TIBER-EU is now adopted across 20 jurisdictions. These are not standard penetration tests. They require specific methodology, threat intelligence phases, and regulatory coordination that most pentest firms are not equipped to deliver.

What We Test

Phase 1: Threat Intelligence (~10 weeks)

Sector-specific threat analysis
Targeted reconnaissance of your organization
Attack scenario development based on relevant threat actors
Threat intelligence report for regulator

Phase 2: Red Team Execution (~12-16 weeks)

Multi-stage attack campaigns against live production
Techniques mapped to threat intelligence findings
Covert operations under strict rules of engagement
Real-time safety protocols for critical findings

Phase 3: Closure (~6-18 weeks)

Results presentation to management and regulator
Purple team workshops (mandatory under DORA)
Remediation planning and tracking
Regulatory reporting and attestation support

How We Work

Three-phase methodology following TIBER-EU framework: threat intelligence, red team execution, and closure with mandatory purple team workshops. All phases delivered in-house. We operate against live production systems under regulatory oversight with strict rules of engagement and real-time safety protocols for critical findings.

What You Get

Threat intelligence report for regulator

Full red team attack narrative with MITRE ATT&CK mapping

Detection gap analysis from purple team closure phase

Remediation plan with priority ranking

Regulatory reporting and attestation support

Executive briefing for board and management

Compliance & Framework Support

DORA (Articles 26-27, mandatory for financial entities identified by competent authorities)TIBER-EU (20 jurisdictions)CBEST (UK)STAR-FS (UK financial)

Why SharpSec

Principal-level experience

DORA RTS requires the red team lead to have 5+ years of experience. Our team brings 15+ years of offensive experience including complex engagements for regulated financial institutions.

Integrated delivery

Our intelligence analysts and red team engineers work as a single team. Threat intelligence, execution, and closure delivered under one roof, with zero blind handoffs between phases. Where jurisdictional requirements call for a separate TI provider, we coordinate seamlessly.

Threat-Led Penetration Testing

Why This Matters

What We Test

Phase 1: Threat Intelligence (~10 weeks)

Phase 2: Red Team Execution (~12-16 weeks)

Phase 3: Closure (~6-18 weeks)

How We Work

What You Get

Compliance & Framework Support

Why SharpSec

Principal-level experience

Integrated delivery

Frequently Asked Questions

Related Services

Red Team & Adversary Emulation

Purple Teaming

Network & Cloud Penetration Testing

Discuss Your Project