If you’re an MSP, an IT consultant, a VAR, or any kind of technology services provider, there’s a good chance your clients are starting to ask about penetration testing. Maybe a cyber insurance carrier required it on the renewal application. Maybe a client received a questionnaire from a new enterprise customer requesting evidence of regular security testing. Maybe they read something about a breach in their industry and want to know if they’re exposed. Maybe you brought it up yourself because you already know they should be doing it.
Whatever the reason, the question has landed in your lap. And for most IT and consulting firms, penetration testing is a specialized discipline that sits outside their core work. Building an internal pen testing practice requires certified testers, specialized tools, specific methodology, insurance, and the ongoing investment to stay current as attack techniques evolve. For most firms, that’s not the business they want to be in.
MainNerve’s partner program was built specifically for this situation. It lets you offer penetration testing as part of your business, either by reselling our services at your own pricing or by simply referring clients to us and earning a referral check, without the overhead, complexity, or minimums that typically come with formal partner programs.
Â
Why This Gap Matters for Your Clients
Your clients trust you with their technology. In most cases, you’re the person they call when something goes wrong, the person who knows their environment, and the person they look to for guidance on what they should be doing. When a client asks whether they need a penetration test, or when you know they do and want to be able to offer it, not having a reliable testing partner creates a gap, either in the services you can offer or in the protection your clients are getting.
Penetration testing demand is growing steadily, driven by cyber insurance requirements, compliance frameworks such as HIPAA, PCI DSS, and CMMC, and a general increase in awareness of cybersecurity risk following years of high-profile breaches. Clients who didn’t ask about this two or three years ago are asking now. The partners with a pen testing partner in place are the ones who can respond to that demand immediately, keep the client relationship intact, and add revenue to their business without increasing headcount.
Â
Two Ways to Partner — Your Choice for Each Client
The MainNerve partner program is deliberately simple. There are no tiers, no complicated structures, and no requirement to pick one model and stick to it. For each client, you choose the arrangement that works best for that relationship.
The Reseller Model
In the reseller model, you take the lead on the client relationship from start to finish. You work with the client to scope the engagement, and if you’ve never scoped a penetration test before, that’s not a problem. MainNerve can walk you through the scoping process, help you identify which questions to ask, and ensure the engagement is appropriately structured for the client’s needs.
Once the scope is defined, you purchase the test directly from MainNerve at a discounted partner rate. You set the price with your client. Whatever margin you want to build in is yours to determine. We don’t set pricing floors on what you charge your clients, and we don’t have visibility into what you charge them. Some partners mark up modestly. Some build in a meaningful margin. That’s your business decision, and the model gives you complete flexibility to make it.
The final report goes to you as the partner, unless you want it to go to the client. MainNerve handles testing, methodology, and deliverables. You handle the client relationship, the invoicing, and the ongoing conversation about what to do with the results, which is typically a conversation your clients would rather have with someone they already trust anyway.
This model works especially well for partners who want to present penetration testing as a seamless extension of their own services, for clients where you want to control the engagement and the pricing, and for situations where you’re the primary point of contact and want to keep it that way.
The Referral Model
In the referral model, you introduce the client to MainNerve, and we take it from there. We work directly with the referred client to scope the engagement, manage the testing, and deliver the report. You’re welcome to be involved as much or as little as you want. If you have information we need for the test, like IP addresses or network details, your involvement makes the process smoother. But if you’d rather simply make the introduction and let us handle everything else, that works too.
Once the client pays in full, we send you a referral check. The process is straightforward and doesn’t require your ongoing involvement to complete.
This model is a natural fit for situations where a client’s need falls outside the scope of what you normally handle, for relationships where you want to provide a trusted resource without taking on project management responsibilities, or for cases where speed matters and you want an expert to take the lead immediately.
Â
No Minimums. No Pressure.
One of the most common concerns we hear from potential partners is about volume requirements. Many formal partner programs require a certain number of referrals or a minimum revenue commitment to maintain partner status and access to discounts. If you don’t hit the numbers, you lose the benefits.
MainNerve’s program doesn’t work that way. There are no minimums. Some of our partners bring us multiple clients every month. Some bring us one client a year. Both are welcome in the program and receive the same access to discounted pricing and referral fees, regardless of volume. If a client comes up who needs a penetration test, the program is there. If six months go by and no one asks, nothing changes.
This structure reflects a simple reality: penetration testing needs don’t follow a predictable schedule. Client demand is driven by insurance renewals, compliance audits, new business requirements, and security incidents, none of which are evenly distributed throughout the calendar year. A partner program that penalizes you for the natural ebb and flow of client needs doesn’t work in the real world.
Â
What You’re Offering Your Clients
When you bring MainNerve into a client engagement, you’re connecting them with a team that has been doing this specific work since 2001. That’s over two decades of penetration testing experience across more than 2,200 organizations. Our testers are U.S.-based, work manually rather than relying on automated scanning tools, and produce reports that are written to be understood and acted on, not just filed away to satisfy a compliance checkbox.
What that means practically for your clients:
Our reports come with executive summaries that make sense to business owners, not just technical staff. Findings are prioritized so clients know which vulnerabilities to address first and why. We don’t disappear after delivering the report. If a client needs to explain findings to their insurance carrier, their auditor, or their board, we can help with that conversation. Pricing is structured with small and mid-sized businesses in mind, which is the market most of our partners serve.
For your MSP or consulting business, that combination matters. The quality of the testing and the report reflects on you when you’ve brought a vendor into a client relationship. A test that generates a confusing, jargon-heavy report or a tester who’s hard to reach during the engagement creates problems for the client relationship you’ve spent years building. MainNerve’s average client retention rate is 80%, indicating that clients return and that partners who brought those clients to us remain in a good position.
Â
Who the Partner Program Is For
The program is well-suited to a wide range of businesses:
- Managed service providers that handle ongoing IT for small and mid-sized businesses want to offer security testing without building a dedicated testing practice.
- IT consultants who work with clients on strategy and infrastructure and get asked about security testing regularly.
- Value-added resellers who are already selling security products and want to add a testing component to their recommendations.
- Compliance consultants who help clients navigate HIPAA, PCI, or other frameworks that require or recommend penetration testing.
- Accountants or attorneys who work closely with business owners and occasionally find themselves fielding security questions.
- Cyber insurance brokers who want to help clients understand their risk before renewal.
The common thread is that you work with organizations that should be doing penetration testing, you have a relationship with those organizations, and right now you either have to say “I don’t do that” or try to find a reliable testing provider on short notice. The partner program solves that problem in about 15 minutes to set up.
Â
Getting Started
Becoming a MainNerve partner doesn’t involve a lengthy onboarding process. One phone call, a partner agreement, and a master service agreement, and you’re ready to go. When a client comes up, you can reach us immediately, and we’ll move into scoping. If you’re not sure whether a client needs a penetration test, a vulnerability scan, or a risk assessment, that’s a conversation we’re glad to have; helping you understand what’s appropriate for a given client situation is part of what we’re here for.
If you have clients who need penetration testing and you want a reliable partner to deliver it, we’d love to talk. Contact us about our partner program today.
