Praetorian vs IOActive, Inc.
Praetorian
Founded in 2010 by Nathan Sportsman and headquartered in Austin, Texas, Praetorian positions itself around 'continuous offensive security.' It pairs traditional consulting with Chariot, a platform combining external attack-surface management, continuous testing, and AI-driven workflow automation to surface exploitable issues on an ongoing basis.
Pros
- Chariot supports continuous, year-round testing rather than annual point-in-time pentests
- Strong engineering culture with mature internal tooling and automation
- Bootstrap-grown firm with stable leadership and long consultant tenure
- Service model designed to satisfy annual testing requirements across multiple frameworks in one program
Cons
- Chariot subscription pricing is enterprise-tier with no public list
- Primarily U.S.-based delivery with smaller international footprint
- Continuous-testing model is a poor fit for buyers needing only a single compliance pentest
Pricing: Custom (contact sales)
IOActive, Inc.
Founded in 1998 by Joshua Pennell and led since 2008 by Jennifer Sunshine Steffens, IOActive is headquartered in Seattle with offices in Atlanta, London, Madrid, and Dubai. The firm is known for full-stack security assessments and deep specialism in hardware, embedded systems, semiconductors, automotive, industrial control, and other safety-critical environments.
Pros
- Recognised research leader in hardware, automotive, and semiconductor security
- Independently owned since 1998 with stable senior consultant tenure
- Strong publication record at Black Hat, DEF CON, and academic venues
- Specialist labs for hardware bring-up, fault injection, and chip-level analysis
Cons
- Boutique scale relative to NCC Group or Mandiant limits concurrent capacity
- Premium engagement pricing with no public rate card
- Hardware specialism means depth often exceeds what general-IT teams need
Pricing: Custom (contact sales)