Black Hills Information Security

Black Hills Information Security is a penetration testing and security consultancy based in Spearfish, South Dakota, founded by John Strand in 2008. The company has built an outsized reputation relative to its location and size through its exceptional commitment to community education, open-source tool development, and deeply practical approach to offensive security. BHIS is widely known in the cybersecurity community for their free webcasts, training courses through their Wild West Hackin' Fest conference, and the Active Countermeasures platform for network threat hunting.

Their penetration testing services cover network testing, web application testing, social engineering, red teaming, and purple teaming, with a philosophy that emphasizes teaching clients to defend themselves rather than simply producing vulnerability reports. BHIS consultants are prolific speakers at security conferences and active contributors to the offensive security community.

The company is particularly respected for their work in active defense and deception technologies, helping organizations detect and respond to attackers in real time. They serve mid-market organizations, state and local government, and enterprises across various industries. Their consultants hold OSCP, GPEN, GCIH, and other certifications and are known for their approachable, practical teaching style.