Most startup founders know they should get a pentest. Fewer know what kind, what scope, or what a reasonable price looks like and the industry hasn't made this easy to figure out. Pricing is rarely published. Scope conversations happen after you've already given your email to a sales rep. And the word "pentest" gets used to describe everything from a lightweight automated scan to a two-week manual engagement by a team of three. This guide gives you a framework to self-assess what you actually need, based on where your company is and what you're building. The variables that actually determine what you need There are four factors that map pretty cleanly to pentest scope and cost: 1. Company stage Pre-seed and seed companies usually need a lighter engagement — enough to surface critical vulnerabilities and satisfy early security questionnaires, but not a full-blown compliance audit.…