[tptacek]

This is a consulting offering at several low-end app sec firms (if you're a high-end appsec firm that does this stuff, sorry, I didn't know). It's one of those attractive "scales across every employee of the company" services consultants love. Happy to see it productized.

[packetwerks]

We're a mid-level appsec firm, how's that? :) The problem is that high, med, and low end attackers are using spear phishing to get a foothold inside many organizations. This is testing that everyone should be doing today. Read any recent mainstream media article about any breach and Cmd-F "phish".