Skip to content

About Invadel

Security testing as an investigation, not a checkbox

Invadel is a New York based penetration testing firm. We are a close-knit team of offensive security specialists who find the flaws that matter, explain them clearly, and stay until they’re fixed.

2023

Founded in NYC

8+

In-house specialists

40+

Certifications held

3

Continents served

Our mission

Enterprise-grade testing, without the enterprise gatekeeping

Invadel was founded in 2023 by a team of cybersecurity veterans who believed strong security shouldn’t be a luxury reserved for the largest corporations.

We set out to make expert, manual-led penetration testing accessible to organizations of every size, from early-stage startups to regulated enterprises.

That mission hasn’t changed. We’ve helped businesses across finance, healthcare, SaaS, and beyond strengthen their security posture, navigate complex compliance requirements, and defend against evolving threats, with fixed-scope engagements and a free retest included every time.

Our goal is simple: prove where you’re exposed before an attacker does, and give your team a clear path to close it.

See the businesses we work with

What we believe

Principles that shape every engagement

Findings over noise

A ten-page report of real, exploitable issues beats a hundred pages of scanner output. We report what matters and say so plainly.

Testing is a craft

Our testers research, build tooling, and chain vulnerabilities the way real adversaries do. Automation assists; it never substitutes.

Straight answers

If something is out of scope, risky to test, or not worth your budget, we tell you before the engagement, not after.

Partners, not vendors

The engagement ends when your fixes are verified, not when the report is delivered. Retesting is part of the job.

The team

Senior operators, deliberately low-profile

Our founder is public; the operators who run engagements are not. They work sensitive engagements, including for government-adjacent and highly regulated clients, where public exposure would undermine the very OSINT resistance we help our clients build. Withholding identities is a deliberate operational-security decision, not an oversight. Credentials and track records below are real; names are shared under NDA during scoping.

Mark Kiss, Founder & CEO of Invadel

Mark Kiss

Founder & CEO

Offensive security & strategy

15+ yrs experience

OSCE3OSCPCE+GPENCEH

Identity withheld

Principal Red Team Operator

Adversary simulation & evasion

14+ yrs experience

OSEPGRTPGPEN

Identity withheld

Lead Offensive Security Engineer

Web & API exploitation

12+ yrs experience

OSWEOSCPGWAPT

Identity withheld

Social Engineering Specialist

Phishing & OSINT testing

8+ yrs experience

GPENCEH

Identity withheld

Application Security Researcher

Source review & exploit development

9+ yrs experience

OSEDOSWE

Identity withheld

Mobile & Hardware Security Lead

iOS, Android & embedded devices

10+ yrs experience

OSCPCEH

Identity withheld

Compliance & GRC Lead

SOC 2, PCI DSS, HIPAA & NYDFS

13+ yrs experience

CISSPQSA-partner

Our story

From a focused start to full-spectrum testing

  1. March 2023

    Invadel founded

    Launched in Manhattan with fixed-scope web and API penetration testing.

  2. August 2024

    Service expansion

    Added network, mobile, and cloud infrastructure testing across AWS, Azure, and GCP.

  3. February 2025

    Adversarial testing

    Introduced red teaming, phishing exercises, and complimentary vulnerability scanning.

  4. April 2025

    PCI DSS partnership

    Partnered with a PCI-approved QSA to deliver end-to-end PCI DSS assessments.

  5. February 2026

    Team expansion

    Grew our team with senior red team and application security specialists.

Work with us

Work with a team that stays until it’s fixed.

Tell us what to test and see your fixed price.

Prefer the full scoping questionnaire?

Get a Fixed-Scope Quote

Tell us what to test. We reply within one business day.