The staff includes security consultants specializing in regulatory compliance and vulnerability management issues, manual penetration testers (i.e., ethical hackers), service project managers, custom test-tools developers, and business-unit managers.
In testing a security system, ethical hackers use the same techniques as their ill-intentioned counterparts, but report problems instead of taking advantage of them.