[quesera]

This is absolutely true.

BUT, there are charlatans armed with little more than nmap and a cursory understanding of the output that sell themselves as penetration testers, for a whole lot more than I assume this service will cost.

This, at least, is normalized, repeated, reported consistently, and history is kept. That's worth something.

It's incomplete, but I assume at the price point, it will be more cost efficient and trustworthy than the other options -- the most popular of which is doing nothing.

Usual rant about false senses of security elided for brevity.