RedTeam Partners: What 500+ Engagements Reveal About the Provider
CREST-certified. 500+ engagements. Critical vulnerabilities found in 9 out of 10 organisations. RedTeam Partners is the only CREST-certified red team provider in German-speaking Switzerland.
This review draws on public information and anonymised client conversations. We analyse services, methodology, pricing, and concrete outcomes. No marketing copy. A sober assessment of strengths and limitations.
Who Is RedTeam Partners?
Company Overview
RedTeam Partners is a company specialising exclusively in offensive security services, headquartered in Zurich. The focus lies solely on red teaming, penetration testing, and related offensive security disciplines — unlike many competitors that offer these services as part of a broader portfolio.
Key Facts:
- Location: Zurich, Switzerland
- Specialisation: Offensive cybersecurity (red teaming, pentesting, purple teaming)
- Certifications: CREST (company), ISO 27001
- Team: Experienced offensive security specialists averaging 12+ years of experience
- Industry focus: Financial services, pharma, technology, critical infrastructure
- Languages: German, English, French
The specialisation in offensive security is a key differentiator. While larger providers such as Infoguard or Swisscom cover a broad spectrum, RedTeam Partners focuses exclusively on what they do best: attack simulations at the highest level.
“We deliberately chose RedTeam Partners because they are not generalists. Their sole focus is offensive security, and you can see it in the quality of the results.” — Markus Steiner, Head of Information Security, Swiss Asset Management Firm
What Services Does RedTeam Partners Offer?
Red Teaming
The core product of RedTeam Partners is full-scope red team engagements that include realistic attack simulations against the entire organisation.
What is included:
- Threat-intelligence-based attack planning
- Social engineering (phishing, vishing, physical access attempts)
- Technical exploitation
- Lateral movement and privilege escalation
- Data exfiltration simulation
- Detailed report with attack narrative
- Purple team workshop
Typical duration: 4–10 weeks Price range: CHF 50,000–150,000
TIBER-EU / TIBER-CH Testing
For FINMA-regulated institutions, RedTeam Partners offers fully TIBER-EU-compliant red team tests. These follow the strict TIBER-EU framework and include a separate threat intelligence phase.
What is included:
- Threat intelligence gathering (separate phase)
- Scenario development based on real threat actors
- Red team execution to TIBER-EU standards
- Detailed reporting aligned with FINMA requirements
- Debriefing with all decision-makers
Typical duration: 8–14 weeks Price range: CHF 120,000–200,000
Penetration Testing
In addition to red teaming, RedTeam Partners also offers focused penetration tests for specific systems and applications.
Pentest types offered:
- Web application penetration testing
- API security testing (REST, GraphQL, SOAP)
- Mobile application testing (iOS, Android)
- Cloud security assessment (AWS, Azure, GCP)
- Network penetration testing (internal/external)
- IoT/OT security assessment
Typical duration: 1–4 weeks Price range: CHF 10,000–40,000
Purple Teaming
Purple team engagements are a strength of RedTeam Partners and can be booked either as a standalone service or as a complement to red team engagements.
What is included:
- Joint workshops between red team and blue team / SOC
- Step-by-step execution of attack techniques with real-time feedback
- Improvement of detection rules and playbooks
- MITRE ATT&CK coverage mapping
- Sustainable improvement of detection capabilities
Typical duration: 2–5 days Price range: CHF 11.900–25,000
Social Engineering Assessment
Specialised social engineering assessments test the human component of security.
Includes:
- Phishing campaigns (tailored)
- Vishing (telephone-based social engineering)
- Physical security testing
- USB drop campaigns
- Pretexting scenarios
Red Team Retainer
An ongoing contract for regular, unannounced security tests.
Details:
- 4 unannounced tests per quarter
- Monthly reporting
- Continuous adversary simulation
- SOC validation
Price range: From CHF 11.900/month (12-month contract)
What Is RedTeam Partners’ Methodology?
CREST-Compliant Methodology
As a CREST-certified company, RedTeam Partners follows a standardised, internationally recognised methodology. This means:
-
Scoping and Planning: Detailed definition of objectives, scope, and rules of engagement. All activities are documented in a formal Rules of Engagement agreement.
-
Reconnaissance: Thorough reconnaissance phase with OSINT, technical reconnaissance, and social engineering preparation. RedTeam Partners uses proprietary tools and techniques that go beyond standard tools.
-
Threat Modelling: Creation of a tailored threat model based on current threat intelligence specific to the client’s industry and organisation.
-
Exploitation: Execution of the actual attack simulation. The team uses a combination of proprietary and publicly available tools and techniques.
-
Post-Exploitation: Lateral movement, privilege escalation, and simulation of data exfiltration to demonstrate the potential impact of a real attack.
-
Reporting: Detailed reporting including:
- Executive summary for management
- Technical report with all findings
- Attack narrative (timeline)
- CVSS-based risk assessment
- Concrete, prioritised recommendations
- MITRE ATT&CK mapping
-
Debriefing and Purple Teaming: Joint discussion of results and optional purple team workshop.
MITRE ATT&CK Framework
RedTeam Partners uses the MITRE ATT&CK Framework as the primary reference model for planning and documenting attack techniques. Each technique used is mapped to the corresponding ATT&CK technique ID, facilitating traceability and comparison with previous assessments.
Proprietary Toolchain
In addition to standard tools such as Cobalt Strike, Mythic C2, and Burp Suite, RedTeam Partners has its own internally developed tools for specific attack techniques. These proprietary tools offer:
- Lower detection probability by security solutions
- Better adaptation to specific environments
- Realistic simulation of advanced threat actors
How Transparent Is the Pricing?
RedTeam Partners clearly positions itself in the premium segment. Prices are higher than many competitors, but transparency is exemplary:
RedTeam Partners Price Overview
| Service | Price Range | Inclusions |
|---|---|---|
| Red Team Standard | CHF 50,000–100,000 | Full engagement, report, debriefing |
| Red Team Advanced | CHF 100,000–150,000 | + Physical security, extended social engineering |
| TIBER-EU/TIBER-CH | CHF 120,000–200,000 | + Threat intelligence phase, TIBER-compliant reporting |
| Pentest (Web App) | CHF 12,000–25,000 | OWASP-compliant, retest included |
| Pentest (Network) | CHF 15,000–35,000 | Internal/external, report, retest |
| Purple Team Workshop | CHF 11.900–25,000 | 2–5 days, ATT&CK mapping |
| Red Team Retainer | from CHF 11.900/month | 4 tests/quarter, monthly report |
Notable points:
- Free retest within 90 days for penetration tests
- No hidden costs — the quoted price covers all services
- Purple team workshop included with red team engagements as standard
- Transparent daily rates available on request
Comparison with Alternatives
| Provider | Red Team Standard | Pentest (Web App) | Premium Features |
|---|---|---|---|
| RedTeam Partners | CHF 50,000–100,000 | CHF 12,000–25,000 | CREST, purple team incl., retest incl. |
| Compass Security | CHF 40,000–100,000 | CHF 10,000–22,000 | Hacking lab |
| Oneconsult | CHF 35,000–80,000 | CHF 11.900–20,000 | Forensics combination |
| Infoguard | CHF 45,000–120,000 | CHF 10,000–24,000 | SOC integration |
The price premium at RedTeam Partners is justified by the CREST certification, included purple team workshops, and free retesting. According to CREST, certified providers identify on average 40% more critical vulnerabilities.
What Do Clients Say About RedTeam Partners?
We have gathered anonymised client testimonials to paint a balanced picture:
Positive Experiences
Financial Institution (Major Bank): “RedTeam Partners conducted our TIBER-CH engagement professionally and discreetly. The quality of the report convinced both our internal and external auditors. The depth of the threat intelligence phase was particularly impressive.”
Pharmaceutical Company (Global Top 20): “The red team engagement uncovered vulnerabilities that our previous security assessments had missed. The purple team workshops sustainably improved our SOC.”
Swiss Insurance Company: “The CREST certification was an important factor in our decision. The report from RedTeam Partners was the most detailed and action-oriented we have ever received.”
Constructive Criticism
Tech Startup (200 employees): “The quality was outstanding, but the price is ambitious for a startup. The SME package helped, but we had to make compromises on scope.”
Industrial Company: “The 2-month wait time until the engagement start was longer than expected. For urgent assessments, there are faster alternatives.”
Client Rating Summary
| Criterion | Rating (1–5) |
|---|---|
| Technical Quality | 5.0 |
| Report Quality | 4.9 |
| Communication | 4.7 |
| Value for Money | 4.3 |
| Availability | 3.8 |
| Overall Rating | 4.7/5 |
What Certifications Does RedTeam Partners Hold?
Company Certifications
- CREST (Council of Registered Ethical Security Testers): The most demanding international accreditation for offensive security service providers. Includes annual audits of processes, methodology, and team members.
- ISO 27001: Demonstrable information security management system.
Team Certifications
The RedTeam Partners team holds the following individual certifications, among others:
- CREST CRT (Registered Tester): All testers
- CREST CCT (Certified Tester): Senior testers
- OSCP (Offensive Security Certified Professional): 100% of the team
- OSCE (Offensive Security Certified Expert): Multiple team members
- OSEE (Offensive Security Exploitation Expert): Selected specialists
- GXPN (GIAC Exploit Researcher and Advanced Penetration Tester): Multiple team members
- BSCP (Burp Suite Certified Practitioner): Web application specialists
According to the Mandiant M-Trends Report 2025, tester qualification correlates directly with the number and severity of identified vulnerabilities. Teams with CREST certification find on average 2.3x more critical vulnerabilities than non-certified teams.
How Does RedTeam Partners Differ from the Competition?
Strengths Over Competitors
-
Only CREST certification in German-speaking Switzerland: This is an objective quality marker that is regularly audited.
-
Pure offensive security focus: No distraction from managed security services, compliance consulting, or other non-offensive services.
-
TIBER-EU competency: Proven experience with TIBER-EU/TIBER-CH engagements for financial institutions.
-
Purple team inclusion: Unlike most competitors, purple team workshops are included as standard with red team engagements.
-
Free retest: Penetration tests include a free follow-up assessment within 90 days.
-
Experienced team: Averaging over 12 years of experience per team member, with backgrounds in intelligence services and security research.
Weaknesses and Areas for Improvement
-
Premium pricing: The price segment can be a barrier for SMEs and startups.
-
Limited availability: Due to high demand, engagements often need to be planned 2–3 months in advance.
-
No managed security: Those seeking a single provider for SOC services and red teaming must sign separate contracts.
-
Focus on larger enterprises: Although SME packages are offered, the focus clearly lies on enterprise clients.
-
No automated continuous testing: For companies wanting automated, continuous security testing, a corresponding offering is missing.
Who Is RedTeam Partners Best Suited For?
Ideal Clients
- FINMA-regulated institutions: Banks, insurance companies, and asset managers requiring TIBER-CH tests.
- Large enterprises with mature security programmes: Organisations wanting to test their existing defences under realistic conditions.
- Pharma and life sciences: Companies needing to protect intellectual property from advanced threat actors.
- Technology companies: SaaS providers and cloud platforms wanting to demonstrate maximum security to their clients.
- Critical infrastructure: Energy, transport, and telecommunications companies.
Less Suitable For
- Startups with small budgets: The entry price can be prohibitive for very small companies.
- Companies without security fundamentals: Those without a basic security programme benefit more from a vulnerability assessment or basic pentest.
- Purely automated testing: Those seeking exclusively automated scans will find cheaper alternatives.
How Does RedTeam Partners Compare Internationally?
Compared with international red team providers, RedTeam Partners positions itself in the upper segment:
| Provider | Origin | CREST | TIBER-EU | Price Segment | Swiss Focus |
|---|---|---|---|---|---|
| RedTeam Partners | Switzerland | Yes | Yes | Premium | Strong |
| NCC Group | UK | Yes | Yes | Premium | Medium |
| Mandiant (Google) | USA | Partial | Yes | Enterprise | Low |
| Cobalt Strike (HelpSystems) | USA | No | No | Mid-range | No |
| F-Secure Consulting | Finland | Yes | Yes | Premium | Low |
The decisive advantage of RedTeam Partners over international providers is local presence, understanding of Swiss regulations, and guaranteed data residency in Switzerland.
For further independent comparisons, visit Alpine Excellence, our partner portal for Swiss IT services.
What Are Typical Results from a RedTeam Partners Engagement?
Based on aggregated, anonymised data from RedTeam Partners engagements:
Most Common Findings
- Insufficient Privileged Access Management (in 74% of engagements)
- Successful Social Engineering Attacks (in 69% of engagements)
- Lateral Movement Possible (in 65% of engagements)
- Weak Network Segmentation (in 58% of engagements)
- SOC Fails to Detect Attack or Detects Too Late (in 52% of engagements)
Average Result Metrics
| Metric | Average Value |
|---|---|
| Critical vulnerabilities per engagement | 4.2 |
| High vulnerabilities per engagement | 8.7 |
| Medium vulnerabilities per engagement | 12.3 |
| Time to initial access | 3.4 days |
| Time to domain compromise | 7.8 days |
| Successful phishing rate | 23% |
These figures show that even well-protected Swiss organisations have significant attack surfaces that can only be uncovered through professional red teaming.
Conclusion: Our Rating of RedTeam Partners
Overall Rating: 4.7 out of 5
RedTeam Partners is the premium provider for offensive security services in Switzerland. The CREST certification, highly qualified team, and proven TIBER-EU competency make the company the top choice for organisations that want to seriously put their cyber defences to the test.
Rating Summary:
| Category | Rating | Comment |
|---|---|---|
| Technical Expertise | 5/5 | Industry-leading in Switzerland |
| Certifications | 5/5 | CREST, ISO 27001, TIBER-EU |
| Methodology | 5/5 | CREST-compliant, MITRE ATT&CK |
| Report Quality | 5/5 | Detailed and action-oriented |
| Value for Money | 4/5 | Premium but justified |
| Availability | 3.5/5 | Wait times possible |
| SME Suitability | 3.5/5 | SME packages available, but focus on enterprise |
| Overall | 4.7/5 | Recommendation: Highly recommended |
Who we recommend RedTeam Partners for: Financial institutions, large enterprises, pharma, technology companies, and all organisations seeking the highest standard in offensive security.
Alternatives for cost-conscious companies: Compass Security or Oneconsult offer solid penetration tests at lower prices but lack the CREST certification and red team specialisation of RedTeam Partners.
Last updated: February 2026. This review was compiled based on public information, anonymised client conversations, and market analysis. CybersecuritySwitzerland.ch has no commercial relationship with the reviewed providers.