PlexTrac Blog

Today I’m excited to share that PlexTrac has been named as a Niche Player in the latest Gartner Magic Quadrant for Exposure Assessment Platforms (EAP). I couldn’t be prouder of our team for this recognition. I wanted to share why this is important for PlexTrac and our customers, as well as why we believe this…

The latest PlexTrac Friends Friday podcast episode brought together host Dan DeCloss, PlexTrac’s founder and CEO, and returning guest Rey Bango, a seasoned penetration tester and educator from a Fortune 100 telecommunication company. Dan and Rey revisited a topic from their last podcast episode, over 18 months ago, on how artificial intelligence is reshaping offensive…

For years, security teams have relied on point-in-time scans and assessments to gauge their organization’s security posture. The results from these efforts, like quarterly vulnerability scans, annual pentests, and compliance audits, have served as the backbone of most vulnerability management programs. But the landscape has changed. Today, assets spin up and disappear in hours, new…

The buzz around Continuous Threat Exposure Management (CTEM) is everywhere right now, and for good reason. Organizations are realizing that traditional vulnerability management, built around periodic scans and reports, can’t keep up with today’s attack surfaces.

The buzz around Continuous Threat Exposure Management (CTEM) is everywhere right now, and for good reason. Organizations are realizing that traditional vulnerability management, built around periodic scans and reports, can’t keep up with today’s attack surfaces.

Penetration tests are one of the most valuable tools in a security program but also one of the most under-leveraged. Every year, organizations invest in pentests to identify real-world attack paths, validate defenses, and uncover high-impact vulnerabilities. Yet too often, those insights end up trapped in PDF reports, disconnected from the tools and processes that…

In July 2025 we kicked off our first Penetration Testing Report Writing Bootcamp at BSIDES Albuquerque after hearing prospects and customers share a common pain point: There just aren’t many opportunities for continuing education in the security reporting space. It’s not that courses on report writing don’t exist, but most are either entry-level refreshers or…

Security teams have one main goal: Avoid breaches. For anyone that works in security, you know this is easier said than done. With an influx of findings and risks coming at you from multiple sources, it can be daunting and time consuming trying to figure out what to fix first.  We often see organizations making…

In the world of cybersecurity, AI is the perpetual topic du jour, and more specifically Generative AI. The use of LLMs for all kinds of use cases is the craze and the AI ecosystem continues to move at a rapid pace. When it comes to pentesting, the job of every tester is to keep up…

Breaking Down the New RFC-0012 Standard Under FedRAMP and How It Can Change Your Daily Security Operations If you work in vulnerability management or penetration testing for cloud systems under FedRAMP, buckle up because the new RFC-0012: FedRAMP Continuous Vulnerability Management Standard is going to change how your work is scoped, tracked, and prioritized. The…

As I write this from the airport, the desert heat of Las Vegas is finally fading and I’m reflecting on the whirlwind that was Black Hat USA 2025. For me, this conference is always about two things: the people and the ideas. We hosted our annual Customer Appreciation Night and ran a Pentest Reporting Bootcamp,…

Organizations today are living in a fragmented reality—trapped in outdated prioritization and remediation workflows. Prioritization and remediation orchestration often relies on spreadsheets and decentralized coordination.