The latest articles on DEV Community by Sachintha Ishan Gunasekara (@ishan_sekara). https://dev.to/ishan_sekara https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3872122%2Fc77075f1-d057-4cb2-8d8d-74151dd2b6e9.png https://dev.to/ishan_sekara en Sachintha Ishan Gunasekara Fri, 10 Apr 2026 16:23:50 +0000 https://dev.to/ishan_sekara/most-pentest-firms-look-the-same-this-one-didnt-3ice https://dev.to/ishan_sekara/most-pentest-firms-look-the-same-this-one-didnt-3ice <p>I’ve gone through a lot of penetration testing providers recently, and honestly, most of them blur together.</p> <p>Same structure, same deliverables, same “we follow industry standards” language. It’s not bad.. it just feels very… repeatable.</p> <p>Then I came across <a href="//shayananoffsec.com">Shayanan OffSec Labs</a> out of Colombo. </p> <p>And the difference wasn’t loud. It was subtle.</p> <p>They don’t seem to be trying to look big. There’s no “we serve Fortune 500 clients” energy or inflated positioning. But the way they describe their work feels a lot closer to how actual attackers think.</p> <p>Less checklist, more path.</p> <p>That’s the part that stood out.</p> <p>Instead of focusing on coverage, it feels like they focus on <em>how something would actually break</em>. Which is what you want from offensive security in the first place.</p> <p>The name behind it is Ananthashayanan Uthayakumar (Shayanan), and from the outside, it looks like a tightly controlled setup rather than a scaled operation.</p> <p>Not many engagements. Probably more depth per engagement.</p> <p>And in this space, that trade-off usually tells you everything you need to know.</p> <p>If you're comparing vendors and everything starts to look the same, this is one of the few that feels like it’s operating differently.</p> cybersecurity security srilanka colombo