Black Hills Information Security

Community-driven penetration testing firm known for free security education, open-source tools, Wild West Hackin' Fest, and practical offensive security services.

About

Black Hills Information Security is a penetration testing and security consultancy based in Spearfish, South Dakota, founded by John Strand in 2008. The company has built an outsized reputation relative to its location and size through its exceptional commitment to community education, open-source tool development, and deeply practical approach to offensive security. BHIS is widely known in the cybersecurity community for their free webcasts, training courses through their Wild West Hackin' Fest conference, and the Active Countermeasures platform for network threat hunting.

Their penetration testing services cover network testing, web application testing, social engineering, red teaming, and purple teaming, with a philosophy that emphasizes teaching clients to defend themselves rather than simply producing vulnerability reports. BHIS consultants are prolific speakers at security conferences and active contributors to the offensive security community.

The company is particularly respected for their work in active defense and deception technologies, helping organizations detect and respond to attackers in real time. They serve mid-market organizations, state and local government, and enterprises across various industries. Their consultants hold OSCP, GPEN, GCIH, and other certifications and are known for their approachable, practical teaching style.

Services

Network Penetration Testing Web Application Penetration Testing Social Engineering Red Teaming Purple Teaming Wireless Penetration Testing Vulnerability Assessment API Penetration Testing

Methodologies

OWASPPTESNIST

Compliance Expertise

NIST CSF PCI DSS HIPAA SOC 2 CMMC

Team Activity

Active in CTF competitions

Wild West Hackin' Fest Organizers

Speaker: Wild West Hackin' Fest

Speaker: DEF CON

Speaker: BSides

Speaker: SANS Summit

Open source: Active Countermeasures

Open source: Backdoors & Breaches

Score Breakdown

44/100

Accreditations12/100 (30%)

Reviews0/100 (25%)

Team Activity80/100 (15%)

Experience100/100 (15%)

Service Breadth87/100 (15%)

Details

Headquarters: Spearfish, South Dakota, United States
Founded: 2008
Team Size: 11-50
Markets: North America
Geography: National

Accreditations

SOC 2

Best For

Mid-MarketSMBGovernment

Industries

Government Healthcare Financial Services Education Technology

Visit Black Hills Information Security Write a Review

Related Providers

Secureworks

Dell Technologies-backed cybersecurity firm with elite Counter Threat Unit intelligence informing enterprise penetration testing and adversary simulation.

Score

LOCAtlanta, Georgia, United States

Web ApplicationNetworkCloud+7

SOC 2ISO 27001

View Profile Visit Site

Best UK ProviderBest for EnterpriseResearch Leaders

NCC Group

Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.

Score

LOCManchester, United Kingdom

Web ApplicationNetworkMobile App+13

CRESTCHECKCBEST+6

View Profile Visit Site

Rapid7

Creators of Metasploit offering enterprise penetration testing integrated with their comprehensive vulnerability management and security operations platform.

Score

LOCBoston, Massachusetts, United States

Web ApplicationNetworkMobile App+7

SOC 2ISO 27001

View Profile Visit Site

Best for Mid-MarketBest for Financial Services

NetSPI

Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks.

Score

LOCMinneapolis, Minnesota, United States

Web ApplicationNetworkCloud+8

SOC 2ISO 27001CREST

View Profile Visit Site