Pen Testing

As more of the world’s business moves online, it is critical to ensure your information and technology is safe from potential threats. Segal LLP has partnered with The Bonadio Group’s Enterprise Risk Management Division to make available the testing program you need to keep your data protected. Bonadio is the largest CPA and consulting practice in Upstate New York, and their elite team have developed a national reputation in the U.S.


Penetration testing (PEN testing) is a practice in which a trusted data security expert intentionally attempts to hack into a client’s security system. Through this process, the PEN tester will be able to gauge the possibility of a cyber-attack and offer helpful and practical solutions to help clients improve their data protection.


A threat to your security can result in stolen information, wiped databases, phishing scams, and many other unwanted situations. Avoid embarrassment and/or loss of trust from your clients by ensuring that all your files and information are safe from attackers.


Bonadio’s team of trusted information technology experts are well-versed in cyber-security measures and testing.

Their team takes pride in staying ahead of cyber-attacks by constantly learning new and better methods of enhancing digital security.

Bonadio’s methods of PEN testing and data security have helped protect thousands of sensitive client records and business data from malicious cyber-attacks.


From security testing to implementation, Bonadio’s expert team covers a broad range of services to better protect your data:

  • Vulnerability scanning includes a search through systems for known vulnerabilities using industry-standard tools.
  • External penetration testing is performed against publicly accessible devices and services to exploit vulnerabilities in security.
  • Internal penetration testing focuses on simulating a real-life attack, testing internal defenses and mapping out paths of attack.
  • Wireless network penetration testing identifies ways to penetrate a wireless network and compromising clients on that network.
  • Social engineering is performed against people and processes, typically in the form of a phishing campaign.

Information captured is integrated into a detailed report that also draws on a knowledge base of experts.



As Information Technology Manager, Javier brings more than 20 years of hands on experience in vital information systems, technologies and operations to Segal. Javier provides leadership for the continued development of a robust and secure information technology environment, and oversees a wide variety of mandates including IT policy and protocols, security systems and compliance and infrastructure resource organization and allocation.


Charlie is an Executive Vice President at Bonadio Group’s Enterprise Risk Management Division. He has over 20 years of experience in the information technology industry, with a focus on security hardening, data privacy, vulnerability identification and remediation, internal and external auditing, controls optimization and compliance, system administration, disaster recovery, and business continuity and impact analysis, as well as general project management.

Prior to joining Bonadio, Charlie worked in the Systems Performance Assurance group at a Big 4 firm, where he obtained extensive enterprise risk management experience with respect to IT security reviews in support of critical business processes for clients in a variety of industries. Charlie identified critical business processes and specific IT threats, and recommended controls to mitigate those threats to ensure that clients maintained stable and efficient computing/business environments.