Your company is at risk

At NotTheFed, we approach security from the mindset of the attacker. Whether infiltrating networks, hardware, software, or human resources, our consultants tirelessly exploit and uncover the vulnerabilities within your operations. NotTheFed combines the latest in security research with our experience and proprietary techniques to provide critical and preventive security services for your organization. With NotTheFed, you know that you are bringing on a team of experts with decades of experience and a relentless drive to win. Contact NotTheFed and let us win for you.

About Us


Look at the latest headlines and ask... Weren't those breached companies PCI certified? Weren't those government agencies FIPS/NIST compliant? Compliance is important, but you must go a few steps further to stay out of the headlines. Our passion and dedication to Cyber Security greatly reduces security risks and helps to enable companies to focus on their core business. NotTheFed is an independent team of security minded individuals that has extensive experience working on Red Teams. We keep current on the latest issues, tools, and techniques.



Are your internal network and perimeter secure? Get the peace of mind of knowing your organization is secure – with regular External and Internal Vulnerability Assessments & Penetration Testing. Both tests are real-time, real-world assessments that are performed manually by an experienced security consultant.

NotTheFed will assess your network perimeter and exposure to the Internet. Our team will probe your exposed attack surfaces using the same tools and techniques an attacker in the wild would.

External Pentest Benefits

  • Prevent attackers from exploiting vulnerabilities and infiltrating systems
  • Avoid costly data breaches, damage to corporate reputation, loss of business, and client trust
  • Peace of mind, knowing your company complies with industry standards and security best practices

The Internal Network Penetration Test builds on the External Network Penetration Test. With secure remote access to a company’s internal infrastructure, it allows our team to assess your internal (Intranet) exposures, and harden your organizations against internal threats such as malicious employees, contractors, or an external threat that has gained internal access.

Internal Pentest BENEFITS

  • Provide your organization with a view of your current network security posture
  • Tests critical internal IT security controls
  • Decrease business risk by enhancing the internal security of your network
  • Measure your network against current best practices and standards
  • Ensure that your network is sufficiently hardened to survive a concerted attack
  • Ensure employees adhere to your security and acceptable use policies

Understand The Threat of Phishing and Social Engineering

While there are many technical security solutions designed to stop technical attacks, there is no practical way to prevent an unwitting or malicious employee from clicking links, installing malware, visiting a hostile website, or exposing information that could put your organization at risk. The best defense against these attacks is to perform a simulated phishing attack, using the same tools and techniques a real attacker would use. We follow up with Security Awareness training to educate employees and ensure they understand the value of the information they possess.

Confidential data and company trade secrets should remain private

Due to the nature of advanced phishing techniques, the probability of a widespread data breach at the hands of increasingly sophisticated phishing campaigns is extremely high. NotTheFed helps organizations develop a continuous assessment and awareness training program to reduce susceptibility to phishing attacks.

Cyber Security Hacker


In the early days of Defcon, and at smaller meetings long before, the FBI, CIA, and other government officials would try to attend the events "incognito" and miserably fail. Most attendees would be wearing black t-shirts and shorts or jeans, while the feds would show up in polos and khakis. The “Spot The Fed” game arose from this as a good-natured ribbing between the hackers and the feds. With NotTheFed, you know that you are bringing on a team of experts with decades of experience and a relentless drive to win. Contact NotTheFed and let us win for you today. NotTheFed is an independent team of security minded individuals that has extensive experience working on Red Teams. We keep current on the latest issues, tools, and techniques.

Our security professionals have over 20 years of experience on red teams and have experience penetrating many different configurations of software, hardware, and network architecture. Collectively we hold CISSP, ENCE, CEH, IAM, BBSE, CPT, PMP, ITILv4, and other certifications.

Our overhead is low and we pass on the savings to our clients by having Top-Notch Efficiency and very stable and predictable costs. Another way we save you money is we are extremely fast - most of our engagements are less than a week long. Alternatively, we can negotiate a retainer rate (capped hours) and you can use us when you need us. We may not be the cheapest, but we are extremely reasonable for what you get.

One of the largest issues in security projects is communications. With NotTheFed you don't just get an experienced and certified pentester, you get a certified and experienced project manager as well. We provide our clients with 24-hour points of contact so you never have to worry about communications issues. Your concerns are ours as well.




We are dedicated and highly skilled, our customers always come first.


Founder/Technical Lead


Director of Sales


Lead Mobile APP Tester



Mr. Breen spent over 17 years as the key technical resource for global information security projects at Intel Corporation. He is a subject matter expert in several areas within the computer security domain, including incident response, forensics, penetration testing, vulnerability management, risk assessment, perimeter security, developing secure architecture, and implementing security policy on a global scale.

William holds the following professional certifications:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Penetration Tester (CPT)
  • EnCase Certified Examiner (ENCE)
  • Certified Ethical Hacker (CEH)
  • NSA INFOSEC Assessment Methodology (IAM)

In addition to his professional work, Mr. Breen volunteered his time as a senior planner for the DEF CON security conference for over 12 years. He is on the CFP review boards of both ROOTCON and Black Hat Asia. Mr. Breen is an internationally recognized authority on penetration testing, a sought-after speaker, panelist, and a frequent contributor to the hacking community for over 20 years. 

Marcus Johnson is an international management consultant and security expert who has delivered projects for clients such as Walmart, Xerox, Disney, and AT&T. He has led projects across the United States as well as Thailand, New Zealand, and Argentina. He is a former U.S. Merchant Mariner who worked at sea as a communications security specialist for several years. Before joining NotTheFed, he led IT projects on behalf of the U.S. Department of Homeland Security, where he delivered large-scale IT Projects on rapid timelines.  

Marcus holds the following professional certifications:

  • Certified Information Systems Security Professional (CISSP)
  • Project Management Professional (PMP)
  • IT Service Management Certified (ITILv4)
  • Certified ScrumMaster (CSM)
  • Certified SAFe 4.0 Agilist (SA)

Rust is a lead software developer & mobile systems security architect with 20 years of experience on a wide range of mobile, server, and desktop platforms. His background includes 10 years of building secure mobile architecture, defensive development pipelines, and security testing infrastructure. He has direct experience with deployment & remote management technologies, digital forensics, banking & payment systems, multimedia delivery systems, and consumer applications.

His mobile experience ranges from native iOS and Android to legacy Palm, Windows CE, Symbian, Brew, and J2ME platforms, as well as cross-platform Xamarin and React Native. He has extensive experience with technologies and web services such as; .NET/WebAPIs, .NET Core, AWS/Azure, Apigee, TSQL, EntityFramework (and EF.Core), Dapper, Serilog/SEQ, New Relic, git, and many others. 

Fori is currently a 4th year student studying Information Technology. He has over 4 years experience as a computer and cellphone technician. As the only apprentice at NotTheFed, he has learned from some of the best pen-testers in the industry.

Cyber Security Red Team


Hacking has become a major security threat and most organizations are not prepared. You need to be able to protect your network. With the NotTheFed Red Team, we will help you understand your vulnerabilities and improve your defenses.

Your company is at risk of being hit by a targeted attack. The management of your company may not be taking the threat of a targeted attack seriously. The NotTheFed Red Team will assess your vulnerability, proactively identify risks, and reduce your attack surface.

Are you under attack and you have no idea what's going on? Is your business suffering and there is nothing you can do to stop the attack? Ask for our emergency services. Get the professionals in and deploy the NotTheFed red team to solve the problem.

SAAS Pentests

"NotTheFed did a great job on the pentest for our cloud-based SaaS product. They were very fast and the price was excellent. The technical lead William Breen was an excellent communicator and kept me updated during the testing, and asked/answered questions helping to make the testing more effective.

They identified a number of relatively minor issues that were missed in our last pentest (from a different vendor), showed us how to reproduce them, patiently waited while we fixed them over a week or two, and then verified them after we corrected them. We will definitely use them again. I recommend them to anyone looking for a good and lower-cost pentest.” -- U.W.

Cyber Security Red Team






Social Media: