CSCF Research · Independent Analyst Ratings · February 2026

Independent research and analyst ratings for cybersecurity consulting firms.

We evaluate cybersecurity consulting firms across five service domains and assign a CSCF Analyst Rating™ — a 0–100 composite score based on technical capability, specialization depth, client scale fit, value transparency, and market presence. The goal is to give buyers a clear, comparable basis for selection.

Firms Rated

Leaders Identified

Research Domains

100

Point Rating Scale

Ratings updated Feb 2026

All Rated Firms

All profiles →

Firm	Tier	Score	Primary Focus	Team Size	Typical Pricing
Coalfire	Leader	88	Compliance & Risk Management	250+	$100k+	Profile →
NetSPI	Leader	86	Penetration Testing	250+	$50k-$100k	Profile →
GuidePoint Security	Leader	85	vCISO / MDR	250+	$100k+	Profile →
Schellman	Strong	84	Compliance Auditing	250+	$50k-$100k	Profile →
TrustedSec	Strong	82	Penetration Testing	50-100	$25k-$50k	Profile →
Tevora	Strong	78	Compliance / vCISO	100-250	$50k-$100k	Profile →
CynergisTek	Strong	76	Healthcare Cybersecurity	100-250	$50k-$100k	Profile →
Praetorian	Strong	75	AppSec / Cloud Security	50-100	$50k-$100k	Profile →
Clearwater Compliance	Strong	73	Healthcare Compliance	100-250	$25k-$50k	Profile →
Black Hills Information Security	Strong	72	Penetration Testing	10-50	$25k-$50k	Profile →
Blumira	Contender	65	Managed Security (SMB)	10-50	$10k-$25k	Profile →
Cycurity	Contender	62	vCISO	10-50	$100k+	Profile →

Coalfire

Compliance & Risk Management

/ 100

Leader

Cybersecurity advisory and assessment services for compliance and risk management

$100k+ 250+ employees

View profile →

NetSPI

Penetration Testing

/ 100

Leader

Penetration testing and attack surface management at enterprise scale

$50k-$100k 250+ employees

View profile →

GuidePoint Security

vCISO / MDR

/ 100

Leader

Cybersecurity solutions focusing on detection, response, and security transformation

$100k+ 250+ employees

View profile →

Schellman

Compliance Auditing

/ 100

Strong Performer

Independent compliance assessment and certification for SOC, ISO, HITRUST, and more

$50k-$100k 250+ employees

View profile →

TrustedSec

Penetration Testing

/ 100

Strong Performer

Offensive security and penetration testing specialists

$25k-$50k 50-100 employees

View profile →

Tevora

Compliance / vCISO

/ 100

Strong Performer

Cybersecurity consulting specializing in compliance, risk management, and vCISO services

$50k-$100k 100-250 employees

View profile →

View all 12 rated firms →

Research Domains

Five service areas. Each with distinct evaluation criteria and buyer considerations.

Compliance & Audit Consulting

5 frameworks covered

SOC 2, HIPAA, PCI DSS, ISO 27001, CMMC. Which firms have genuine audit depth versus checkbox compliance?

Explore →

Penetration Testing

4 rated firms

Network, web application, cloud, and red team engagements. Methodology matters more than certification counts.

Explore →

vCISO & Security Leadership

3 rated firms

Fractional CISO services for companies that need executive security leadership without a full-time hire.

Explore →

Healthcare Cybersecurity

4 rated firms

HIPAA, HITRUST, medical device security, and OCR audit readiness. Healthcare demands domain-specific expertise.

Explore →

Small Business Security

2 rated firms

Right-sized security programs for organizations under 500 employees with limited dedicated security staff.

Explore →

What is CSCF Research?

CSCF Research is an independent analyst publication covering the cybersecurity consulting services market. We evaluate firms across five service domains — compliance, penetration testing, vCISO services, industry specialization, and incident response — and publish structured ratings based on a defined methodology.

Our CSCF Analyst Rating™ is a 0–100 composite score built from five equally weighted dimensions: technical capability, specialization depth, client scale fit, value and transparency, and market presence. Phase 1 ratings are based on publicly available information. Phase 2 will incorporate vendor interviews and client references.

We don't accept payment to inflate ratings. Firms with featured listings are identified as such; their ratings are determined independently by the same criteria applied to all firms.

Our methodology About CSCF Research →

Rating Dimensions

Technical Capability 0–20 pts

Specialization Depth 0–20 pts

Client Scale Fit 0–20 pts

Value & Transparency 0–20 pts

Market Presence 0–20 pts

Composite Score 0–100

Rating Tiers

Leader 85–100

Exceptional across most dimensions. Clear market authority in their primary service area.

Strong Performer 70–84

Strong in core area. Reliable choice with competitive value and track record.

Contender 55–69

Competent but with gaps or narrow focus. Suitable for specific buyer needs.

Challenger 40–54

New or limited track record. Potential upside, but less data to evaluate.