SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Corporate it security control room flat illustration pen testing
#
DevOps
#
Cloud Security
#
Application Security

Cobalt unveils service to manage enterprise pentesting

Fri, 20th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Cobalt has launched a Security Program Manager service that assigns a dedicated specialist to run penetration testing programmes for enterprise customers and track remediation across internal teams.

The service complements Cobalt's penetration testing offering and focuses on day-to-day operational management. It covers test planning, scheduling, and coordination across development groups, as well as remediation tracking and reporting that frames technical findings in business terms.

The launch comes as security teams contend with broader attack surfaces and more frequent software releases. Testing now spans applications, APIs, cloud infrastructure, and newer technology stacks. Many organisations also run multiple projects at once, which can create oversight gaps and slow fixes.

Cobalt positions the Security Program Manager as an extension of a customer's internal security function. The specialist handles testing logistics, aligns activity with business and security priorities, and keeps remediation workflows moving consistently across engineering teams.

"Offensive security programs are becoming more complex as attack surfaces expand and development cycles accelerate," said Paul Zymba, Senior VP of Customer Success at Cobalt. "Our Security Program Manager is a service that helps organizations move beyond ad hoc pentesting by providing the operational leadership needed to run a programmatic, continuous security program that delivers measurable risk reduction."

Operational focus

The service is designed to offload administrative work that often falls on security leaders and technical staff. This includes coordinating timings, scoping, and access with engineering teams, as well as tracking fixes and documenting progress across multiple assets.

A second element is asset visibility. The Security Program Manager maintains an inventory of systems in scope and maps testing cadence to business priorities, aiming to reduce "blind spots" that can arise when testing happens in isolated projects or only in response to incidents.

The role also tailors reporting for different audiences. The specialist turns vulnerability and testing results into executive-ready summaries and metrics that can help large organisations communicate risk and remediation progress.

Workflow integration

The service links testing work to development tools commonly used by engineering teams, including Jira, GitHub, and Slack. By routing findings into existing ticketing and collaboration workflows, it can reduce delays between discovery and the start of remediation.

For organisations with multiple product teams, this operational layer can matter as much as the testing itself. Penetration testing can produce actionable findings, but its value depends on how quickly teams validate, prioritise, and resolve issues. Many enterprises also need consistent reporting across business units, especially when security leaders are asked to show progress over time.

Platform context

Cobalt is known for penetration testing as a service, combining a managed process with access to external testers. The Security Program Manager builds on its broader offensive security platform, which includes automation and AI-driven processes alongside human-led testing.

Cobalt describes the platform as including automated reconnaissance, vulnerability discovery, and triage, while keeping human-led testing central for validating issues and exploring attack paths that automation may miss.

Its testing services cover web applications, mobile environments, networks, APIs, and cloud deployments. They also include attack surface management and red teaming, as well as testing for AI systems and applications built with large language models.

These services are delivered by Cobalt Core, a community of more than 500 vetted ethical hackers whose members average more than 11 years of penetration testing experience.

Customer view

Cobalt cited Patterson Companies as a customer using the Security Program Manager approach to improve programme consistency and communication across stakeholders.

"Having a dedicated Security Program Manager ensures consistency across our pentesting program," said Jamie Strickland, Security Analyst Lead at Patterson Companies. "They understand exactly what results we need and have become exceptionally nimble at managing tester and team member questions. By looping in the right internal stakeholders, they ensure our projects always stay on track. I know I can rely on them to handle complex questions and tailor communications for my internal audience."

The Security Program Manager service targets organisations seeking a more continuous and measurable model for offensive security testing, with central coordination across assets and clearer tracking from findings through remediation.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding