Currently available for new engagements

Hi, I'm Sandor
Your On-Demand
Penetration Tester

I help SMEs and cybersecurity firms find and fix vulnerabilities before attackers do. With 9+ years of hands-on experience as a freelance and contract penetration tester, I deliver fast, honest, actionable security testing. No generic reports.

Work With Me Know Me More → Download Brochure
Certified:
OSCP OSCE CREST CPSA
Know Me More

Security isn't just my job
it's how I think

I'm Sandor, a Budapest-based freelance penetration tester with a background that spans both sides of software. Before I spent my days breaking into systems, I spent four years building them as a developer which means I understand how vulnerabilities get introduced, not just how to exploit them.

"I don't just hand you a list of CVEs. I tell you what they mean for your business, and exactly how to fix them."

Over the past nine years I've performed web application penetration testing, infrastructure security assessments, network pentesting, and source code reviews for clients in financial services, telecommunications, gambling, and healthcare industries where a breach isn't just costly, it's catastrophic.

Since 2022 I've been working independently under my brand ProCyber, partnering directly with SMEs and with MSPs and cybersecurity firms who need reliable, on-demand pentest capacity they can trust.

When I'm not testing, I'm hiking somewhere off the beaten path which, honestly, isn't that different from what I do at work.

My Journey

  1. Now
    ProCyber
    AI/ML Security & Pentesting

    Expanded into AI threat modeling, GenAI prompt injection testing, and secure AI deployment assessments alongside traditional web and infrastructure pentesting.


  2. Now
    ProCyber · Independent
    Freelance Penetration Tester

    Launched my independent practice. On-demand pentesting for SMEs and overflow pentest capacity for MSPs and larger cybersecurity firms.


  3. Docler Holding, Luxembourg
    IT Security Specialist

    Web & mobile pentesting, infrastructure assessments, source code review, and developer security guidance using BurpSuite and Nessus.


  4. KPMG Hungary
    IT Security Advisor - Pentester

    Penetration testing and vulnerability assessments for enterprise clients using OWASP methodology.


  5. Invitel, Hungary
    IT System Developer

    4 years of PHP/Yii/Oracle development. The foundation that taught me how software is built and where security gaps are created.

Skills & Expertise

What I bring to the table

Nine years of hands-on offensive security work across the full testing spectrum from web apps to AI systems.

Cybersecurity Disciplines

Web Application Pentesting98%
Infrastructure & Network Security92%
Source Code Review90%
OWASP Methodology & Frameworks97%
AI / GenAI Security Testing75%

Tools & Technical Proficiency

Burp Suite Professional99%
Nessus / Vulnerability Scanners92%
Metasploit & Exploit Development88%
Active Directory & Windows Security85%
PHP / JS / Python (Dev Background)82%
How I Can Help You

What I actually do for you

Whether you're an SME that needs its first security audit, or a cybersecurity firm under deadline pressure. Here's how I step in as your on-demand penetration tester.

Web Application Pentesting

Manual, OWASP-based web app testing covering SQL injection, XSS, authentication bypass, business logic flaws, API security, and more. Every finding includes developer-ready remediation advice.

OWASP Top 10API SecurityAuth TestingBusiness LogicBurpSuite

Infrastructure Penetration Testing

External and internal infrastructure security assessments from public-facing servers and cloud environments to network misconfigurations, privilege escalation paths, and Active Directory weaknesses.

External / InternalPrivilege EscalationActive DirectoryCloud SecurityNessus

Network Security Penetration Testing

Full-scope network tests covering perimeter defenses, segmentation weaknesses, firewall rule analysis, and lateral movement opportunities. I map exactly what an attacker could reach from any foothold.

NmapFirewall AnalysisSegmentationWireless SecurityLateral Movement

Secure Source Code Review

I review code the way an attacker reads it, identifying logic errors, missing controls, and dangerous patterns automated scanners miss. With a developer background, my guidance is code-level and immediately actionable.

Manual ReviewSASTPHP / JS / PythonDev-Friendly ReportsJIRA Ready
For MSPs & Cybersecurity Firms

On-Demand Contract Penetration Tester

Need to scale pentest capacity fast without a lengthy hire? I plug in as a trusted senior contract pentester handling overflow projects, specialist engagements, or tight-deadline client work, seamlessly under your brand.

Let's Talk Partnership
  • Fast onboarding. No lengthy procurement or vetting delays
  • White-label friendly. I work under your brand seamlessly
  • Senior-level output backed by OSCP, OSCE & CREST CPSA
  • Flexible B2B contracts. Project-based, retainer, or hourly
  • Reliable delivery even on the tightest client deadlines
  • AI/ML and GenAI security testing specialization since 2024
Interested in Working With Me?

Ready to find out what an
attacker would see in your systems?

Whether it's a one-off web app pentest, an infrastructure assessment, or ongoing B2B pentest capacity. Let's talk. I respond to all enquiries within one business day.

Start a Conversation Download Services Brochure (PDF)
My Process

How a pentest engagement actually works

Simple, structured, and built around your deadlines. Every engagement follows the same transparent 5-step process.

  1. Scope

    We define targets, rules of engagement, timelines, and goals together. No wasted effort, no scope creep.

  2. Test

    Manual-first penetration testing using OWASP methodology and proven attack techniques. Custom tooling where it matters.

  3. Report

    Clear findings with severity ratings, proof-of-concept exploits, business impact, and practical remediation steps.

  4. Debrief

    I walk your team through every finding in plain language. No jargon, just clarity, context, and next steps.

  5. Re-test

    Once you've fixed the issues, I verify the fixes are solid. We close the loop properly. Not just on paper.

Why Hire Me

Why hire me as your contract pentester

There are a lot of penetration testers out there. Here's what makes me different.

  • Developer turned pentester

    Four years building software before security means I understand root causes, not just symptoms. My reports speak a language developers actually act on.

  • Manual-first, always

    Automated scanners miss business logic flaws and chained vulnerabilities. I don't just run tools. I think like an attacker.

  • No generic pentest reports

    Every finding is tailored to your stack and your real risk. Actionable insight. Not copy-pasted CVE descriptions.

  • Flexible, fast, and cost-effective

    As a freelance penetration tester, I move faster than agencies and cost less than in-house hires. I adapt to your timeline. Not the other way around.

Industries & Certifications
Financial ServicesCompliance-critical testing
TelecommunicationsLarge-scale infrastructure
Gambling & iGamingBusiness logic testing
HealthcareSensitive data environments
Transport and LogisticsCRM System testing
Postal servicesComplex web app testing
Offensive Security Certified Professional
Offensive Security · 2018
Offensive Security Certified Expert
Offensive Security · 2018
CREST Practitioner Security Analyst
CREST · 2024
FAQ

Common questions about hiring a pentester

Everything you'd want to know before we talk.

Reach out via email or LinkedIn. We'll schedule a quick scoping call to discuss your targets, rules of engagement, timeline, and budget then I'll send you a clear proposal within 24 hours. Most engagements kick off within 1–2 weeks. No complex procurement, no lengthy onboarding.
When you hire me directly, you know exactly who's testing your systems. A senior, OSCP/OSCE/CREST-certified professional with 9+ years of hands-on experience. No junior analysts, no offshore subcontracting, no account managers as middlemen. Faster turnaround, lower cost, and direct communication throughout. You're buying the person, not the brand.
On-demand pentesting means hiring a certified expert for a specific engagement. No retainers, no long-term contracts required. It's ideal for SMEs needing a one-off assessment, companies preparing for a compliance audit, or MSPs that need to scale testing capacity quickly for a client project without a full-time hire.
Yes. This is one of my core services. I partner with MSPs and larger cybersecurity firms as a white-label contract pentester, handling overflow capacity, specialist engagements, and tight-deadline client work. I integrate into your team and workflow seamlessly, and can deliver under your brand if needed. Project-based or retainer arrangements are both available.
The most respected certifications are OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), and CREST qualifications. OSCP and OSCE are hands-on, lab-based. They prove you can actually exploit systems, not just pass a theory exam. I hold all three: OSCP and OSCE since 2018, and CREST CPSA since 2024.
It depends on scope. A focused web app pentest typically takes 3–5 days of testing. A full infrastructure assessment ranges from 5–10 days. Source code reviews vary by codebase size. I'll give you a precise estimate after our scoping call and I stick to it. Rush engagements are possible when deadlines are tight.
Get In Touch

Let's talk about
your security

Whether you're an SME that's never had a pentest, or a cybersecurity firm that needs experienced contract pentest capacity. I'd love to hear from you.

Email Me Directly Connect on LinkedIn Download Services PDF
sandor.toth@procyber.hu +36 30 958 1570 procyber.hu