Who I Am

Benjamin Denness

I'm Benjamin Denness, founder of MyPentestPal, and I’ve spent over a decade in finance tech, serving as a Software Development Manager and CTO. Across the years, I’ve seen all kinds of codebases — from pristine, well-architected systems to absolute trainwrecks duct-taped together just in time to ship.

What I noticed over and over again — across industries, projects, and teams — is that security is often the last thing considered. And that’s not because developers are lazy or careless. It’s because their job is to build, and build fast. Meanwhile, security gets treated as a cost center, a checkbox, or someone else’s job entirely… until it’s too late.

I've been pulled in post-breach more times than I can count. Acquisitions where the tech team didn't even realize how exposed they were. Big-name institutions reeling from leaked credentials, full access tokens, debug builds running in production, or S3 buckets spilling sensitive data. Sound familiar?

Every time, it starts the same: a little oversight, a rushed deadline, a “temporary” setting that never got flipped back. Before long, the business is scrambling to clean up — and that’s when we get the call. Our work isn’t hypothetical. We’re not reading textbooks. We’re wading through the wreckage of real-world mistakes and figuring out how to make sure they don’t happen again.

Even before this was my job, I had a habit of breaking things. But not in the way the industry glamorizes — I’m talking about digging into how things are built, then thinking sideways. How could someone else take this apart? What assumptions did the developer make that won’t hold up under pressure? What’s exposed that shouldn’t be?

We don’t lean on automated scanners and pretend they’re doing the work for us. (Yes, we see you, Kali Linux users who think running a scan equals a pentest — *cough*.) At MyPentestPal, we do deep dives. Hands-on testing. Live demonstrations. I want your C-suite to see, in real terms, the damage that could be done if the wrong person got access.

It’s not about scaring people — it’s about opening their eyes. Nothing changes perspectives faster than showing, live, how a tiny misconfiguration leads to full access. That moment when I say, “This isn’t a simulation — that’s your real data on screen”? That’s when priorities shift.

And we don’t just test. We help teams understand what went wrong, why it happened, and how to avoid it again. Education is a massive part of our mission. We want to leave our clients stronger, smarter, and more self-sufficient than we found them.

The Team

Today, we’re a team of eight highly experienced gray hats. We've operated in high-stakes environments across finance, healthcare, tech startups, and government systems. Every member of our team has years of real-world penetration testing experience — we’ve found exploits no tool could ever catch and traced vulnerabilities down to the smallest overlooked assumption.

We’ve been called in to clean up security disasters. We’ve secured systems under active attack. We’ve even helped companies quietly prepare for acquisition by hardening systems so thoroughly the buyers stopped asking about due diligence.

We don’t just look at your app and say “run a scan.” We crawl through your CI/CD pipeline, peek into your infrastructure, and test like real adversaries do. We’re the team that finds the thing no one else did — and we don’t stop until we’ve mapped every path to compromise.

We've seen rapid growth recently, and we're always on the lookout for more real-world operators. If you're someone who thinks like an attacker, builds like a defender, and knows that security is about creativity, not checklists — let's talk.

Contact Me

Want to chat, connect, or throw a challenge our way? You can reach me directly at ben@mypentestpal.co.uk.

I’m also active on X (@SimplyBendy), where I post about tech, security, and sometimes the odd late-night exploit thread.