Cobalt: An RSAC 2025 Meet & Greet Profile

Fresh off the RSA Conference 2025, Richmond Advisory Group shares quick profiles of each of the companies we met with as an "RSA Series”. Note that some of the content may have been generated by an AI note transcriber but that all published content was reviewed and approved by the profiled company. We are very grateful for the time each company spent with us.

Background

Founded in Denmark in 2013, Cobalt provides offensive security services and is best known for its Penetration Testing-as-a-Service (PTaaS) offerings, covering web applications, APIs, networks etc. The Cobalt Offensive Security Platform integrates Attack Surface Management, Automated Scanning, and OffSec engagements with its pen testing services. Cobalt’s pen tester are contractors (not employees) and this “crowd sourced” model provides for quicker scheduling and flexible engagement times. Focused on the mid-market and enterprise sector, Cobalt has a global footprint and a “remote first” policy, with offices in Berlin and San Francisco.

Offerings: Application, API and Cloud Network pentesting, Device security (device hardening & IoT testing), Red Teaming with tabletop exercises, Compliance and Secure DLC, Digital Risk Assessment, Secure Code Review services. All delivered through a PTaaS platform.

Richmond Advisory Group met with: Anne Nielson, Senior Director, Product Marketing.

Core Business Operations: Cobalt has 450 pen testers who average 11 years of experience each. The company conducts around 5000 pen tests annually. Customers encompass SaaS providers as well as the healthcare, education and finance sectors.

Business Evolution: Privately-owned, Cobalt has been featured in Inc 5000’s fastest-growing American companies for the past 4 years and has over 1,400 customers. The company has an established partner ecosystem, working with VARs, MSPs and MSSPs, to service its SMB, mid-market and enterprise customers.

Competitive Advantage: Cobalt is recognised as an innovator in PTaaS, with a methodical, programmatic approach that distinguishes it from bug bounty services. Cobalt’s contract pen tester model provides flexible and rapid scalability and is unique to Cobalt.