[big_youth]

I'm a white hat hacker!

I think a better question is what are you looking for or what type of organization do you run or work for? A good security firm can provide application reviews to find everything from xss bugs in your web app to remote code execution in kernel components. This is done either black-box or source assisted and staffed with a team reflective of the size and complexity of the application.

Another aspect of security assessments can be network and infrastructure, these generally mean someone running nmap and looking for entry ways further into your network. I am biased but my organization almost never fails to find critical bugs or breach networks.

I'm not a salesman but my firm is NCC Group, we are a global pure security consulting firm, which means we don't make or push products. We also have tons of research https://www.nccgroup.trust/us/our-research/ which you can check out to see a sample of what you be paying security consultants for.