Bishop Fox vs NCC Group
Bishop Fox
Founded in 2005 (originally as Stach & Liu), Bishop Fox positions itself as 'the leading authority in offensive security' and is headquartered in Tempe, Arizona. Beyond traditional consulting it sells Cosmos, a continuous attack-surface management and offensive-testing platform that pairs automated discovery with human operator validation.
Pros
- Cosmos delivers continuous human-validated testing, not point-in-time engagements
- Strong consultant brand and notable open-source releases (Sliver C2 framework)
- Active Bishop Fox Labs research output and conference presence
- Highly tenured consultant base focused exclusively on offensive security
Cons
- Premium pricing aimed at upper mid-market and enterprise, no public price list
- Cosmos requires meaningful integration and a minimum spend
- Largely U.S.-centric delivery footprint compared with global rivals
Pricing: Custom (contact sales)
NCC Group
NCC Group was formed in 1999 when the National Computing Centre's commercial divisions were spun out and is headquartered in Manchester, listed on the London Stock Exchange. With 2,000+ staff across the UK, North America, Europe, and APAC, the group operates technical assurance, managed services, and software escrow divisions and is a founding CREST member.
Pros
- Founding CREST member with deep accreditation across CHECK, CBEST, and TIBER-EU
- Recognised research output, including former Cryptography Services and Exploit Development Group
- Broad global delivery footprint with UK government-cleared consultants
- Combines offensive testing with MDR, IR, and escrow under one umbrella
Cons
- Public company under cost-discipline pressure with periodic restructurings
- Project-based pricing per engagement, no public rate card
- Breadth of services means specialist depth varies by region and practice
Pricing: Custom (contact sales)