IOActive, Inc. vs NCC Group
IOActive, Inc.
Founded in 1998 by Joshua Pennell and led since 2008 by Jennifer Sunshine Steffens, IOActive is headquartered in Seattle with offices in Atlanta, London, Madrid, and Dubai. The firm is known for full-stack security assessments and deep specialism in hardware, embedded systems, semiconductors, automotive, industrial control, and other safety-critical environments.
Pros
- Recognised research leader in hardware, automotive, and semiconductor security
- Independently owned since 1998 with stable senior consultant tenure
- Strong publication record at Black Hat, DEF CON, and academic venues
- Specialist labs for hardware bring-up, fault injection, and chip-level analysis
Cons
- Boutique scale relative to NCC Group or Mandiant limits concurrent capacity
- Premium engagement pricing with no public rate card
- Hardware specialism means depth often exceeds what general-IT teams need
Pricing: Custom (contact sales)
NCC Group
NCC Group was formed in 1999 when the National Computing Centre's commercial divisions were spun out and is headquartered in Manchester, listed on the London Stock Exchange. With 2,000+ staff across the UK, North America, Europe, and APAC, the group operates technical assurance, managed services, and software escrow divisions and is a founding CREST member.
Pros
- Founding CREST member with deep accreditation across CHECK, CBEST, and TIBER-EU
- Recognised research output, including former Cryptography Services and Exploit Development Group
- Broad global delivery footprint with UK government-cleared consultants
- Combines offensive testing with MDR, IR, and escrow under one umbrella
Cons
- Public company under cost-discipline pressure with periodic restructurings
- Project-based pricing per engagement, no public rate card
- Breadth of services means specialist depth varies by region and practice
Pricing: Custom (contact sales)