Add GlitchSecure to list of Penetration Testers

[GlitchWitch]

This PR adds GlitchSecure to the list of Penetration Testing providers alongside Cobalt, Doyensec, our friends at Kobalt, and Rapid7.

Existing formatting for the layout was used, and the addition follows the same alphabetical order seemingly used to list existing auditors, consultants, and pen testers.

p.s love the guide and have already started sharing this resource with our customers!

[wparad]

Awesome, thank you. Also, if you feel like there is something missing from here that you feel doesn't well capture your services, please let me know. It's hard to strike a balance between not overwhelming and comprehensive, but more context always helps.

[GlitchWitch]

Thanks @wparad! I'll do some thinking here.

I had considered adding a note, but wasn't sure how much context would make sense.

Things like which methodologies are used, if remediation testing and verification is included or an extra charge, and for how long one can request remediation testing are all potentially useful pieces of information since not all providers will be comparable. The first might not be something people pursing SOC 2 care about, but the later might heavily impact their decision.

[wparad]

So I definitely want to avoid drowning in marketing information, but that feels very relevant here and can be distilled down to:

• Testing Methodologies (some short list, maybe 2-3 points)
• Re-testing is definitely a thing, and the associated pricing
• relevant contract lifetimes

I'm tempted to punt on the third one, unless some provider was super unreasonable here (or especially unique in their offering), but the first two I think are great. To be honest, I not sure how I want to prepare "details sections" for each of the companies on the site. I'm not a UI expert (as you can probably tell), but a short text block is definitely what I am thinking about adding.

Would it be possible to share something short about the first two points (maybe in a separate github issue), and then when I've got a good handle on the display, I can pull those points in?

[GlitchWitch]

• relevant contract lifetimes
  I'm tempted to punt on the third one

I've talked to a few people who were locked in for multiple years without realising it with one of the vendors listed. That said, I think it was the exception for that specific vendor and not an industry norm so might just be something for the notes section.

Would it be possible to share something short about the first two points (maybe in a separate github issue), and then when I've got a good handle on the display, I can pull those points in?

Sure thing! I'll create a table in a Github issue and pull together what I can from each vendor including sources for the information.

[wparad]

Sure thing! I'll create a table in a Github issue and pull together what I can from each vendor including sources for the information.

Wow, thank you. I was honestly just asking for yours, but I'm not going to say no to having more information.