When Solzorro was founded as a Managed IT Provider, it was long enough ago that we still had to convince people of the importance of backups. The new frontier we find ourselves facing is raising everyone’s awareness of the importance of cyber security. Many people know they need to do a better job with IT security but feel their organization can’t afford it.
Fortunately, the Cybersecurity & Infrastructure Security Agency (CISA) provides a free service called “Cyber Hygiene Services” and it is a cost-effective alternative to pen testing. CISA is an agency of the Department of Homeland Security. You can read more about their program here.

The service is absolutely free and does a great job of helping you identify where you should start to better safeguard your network. This was originally reserved for “Infrastructural Organizations” (banks, hospitals, etc.) but it is now open to the public. In this post, we will explore how you can get free pen testing from CISA.
Here’s How to Get a Free Pen Test
- Send an email to vulnerability@cisa.dhs.gov with the subject line “Requesting Cyber Hygiene Services” with a description of who you are and what your company does.
- They respond with a waiver and form you have to sign to request services.
- After you have sent in the forms they request, you will be assigned a representative from CISA.
- Your CISA Rep will have you fill out a form with what they need to get started:
- Email Host (Microsoft 365, Google Workspace, Zoho, etc.)
- External Office IP Address
- Internal Server IP Address(es)
- Etc.
- Then the CIS Rep does some leg work and schedules a time to work with whoever handles your IT.
- They send a series of emails with “malware” payloads to see if they get blocked
- They perform a series of port scans
- They send some phishing emails
- Etc.
- Then when everything has been completed, they schedule a time with you to debrief you on what they found and what you can do to improve
Conclusion
CISA’s Cyber Hygiene Services offer an excellent opportunity for individuals and organizations to assess their cybersecurity posture without incurring any costs. By taking advantage of this service, you can identify vulnerabilities in your systems and applications that hackers could exploit.
Additionally, the feedback provided by the CISA representative can help you improve your security posture and protect your organization from cyber threats. Overall, it is a valuable service that everyone should consider taking advantage of.
Do you need help with the technical side of the “Cyber Hygiene Services”? We would love to help you. Reach out to Solzorro and we can be your advocate with them.