Introducing the Breach Craft Partner Portal: Built by the Community, for the Community
Breach Craft's new partner portal opens the door to MSPs, MSSPs, VARs, individual practitioners, and consultants who refer clients or co-sell our services.
The security community made Breach Craft. The conference talks where someone explained a technique on a bar napkin. The Slack thread at 11 PM where five strangers helped you make sense of a weird DNS finding. The mentors who answered questions they had no obligation to answer. None of us got here alone.
Today we’re opening the Breach Craft Partner Portal. It’s our way of formalizing what’s always been informal. Whether you run an MSP, MSSP, VAR, or systems integrator and need a partner to deliver penetration testing, vCISO work, or compliance assessments to your clients, or you’re a practitioner who hears “we need a pen test” once a quarter and wants to get paid for the introductions you’re already making, the portal is for you. We built it the way we wished partner programs worked when we were on the other side.
Why we built this
Partners have been part of how Breach Craft works since the beginning. We built our reputation as a firm you can trust to do the technical work behind your client relationship: testing, advising, or assessing without poaching, without surprises, without showing up to a sales call and going off-script.
You can see it in the work. We’ve delivered CISA CPG 2.0 gap assessments for a national water utility through an MSP partner, one PWSID at a time. We’ve run penetration testing for a US city government through an MSSP partner, where the MSSP kept the relationship and we did the offensive work. Plenty more never makes it into a public case study; we only publish the engagements we get the green light on, and even those are usually anonymized given the sensitive nature of the work. In every case, the partner keeps the client, and we do the part we’re good at.
Until now, all of that ran on email threads, Slack DMs, scope-of-work PDFs, and a lot of “let me check on that and get back to you.” It worked. But it doesn’t scale, and it puts more friction between a partner and their commission than there needs to be. The portal is the fix. One place to register a deal, see its status, see your commission, talk to the team handling it, and get out of your inbox.
Two ways to partner
The portal supports two distinct paths in. They share the same underlying mechanics (register a deal, see its progress, get paid), but the experience and the relationship are calibrated to who you are.
If you run an organization
Systems integrators, MSPs, MSSPs, VARs, and other technology businesses whose clients ask for security work you don’t deliver in-house. You sign up as an organization, add your team, and register deals on behalf of your clients. The portal supports both models: refer the work to us as a trusted partner and earn a commission on close, or resell our services under your own brand with co-sell support and pricing flexibility. Sometimes it makes sense to keep our work behind your brand. Sometimes it makes more sense to refer the client out and stay in your lane, and that’s a perfectly valid choice. We make either path easy. Read the deep dive on our organization partner program.
If you’re a practitioner, consultant, or sole proprietor
You’re already making introductions. Friend at a SaaS company asks if you know a pen test firm. Old client emails about a SOC 2 prep. You forward the intro, maybe hop on a quick call to make the handoff feel warm, and the deal moves forward without you living in your inbox for the rest of the engagement. The referral side of the portal is for those introductions. Sign up in minutes, register the lead, and get paid when the deal closes. Read more about the referral program for practitioners.
Either way, you can browse both partnership models on our partners page or sign up directly at the portal.
Inside the portal: a quick tour
Sign in and you land on the dashboard. Active deals, recent activity, commissions earned and pending. Everything you’d want at a glance, without making you click around to find it.
When you have a new lead, you click “Register a Deal.” The registration form covers what we actually need to scope the work: who the client is, what they’re asking about, rough scale, your read on timing. You can pull from our offering catalog instead of guessing at the right service name. The form is short on purpose. As you fill it in, you get budgetary pricing on the spot, so you walk away with a number you can share rather than “we’ll get back to you.”
The driving use case here is registering an opportunity while it’s still fresh, immediately after a client conversation or even during one. Picture a partner at lunch with their client. The client mentions an upcoming compliance deadline. Without leaving the conversation, the partner pulls out their phone, enters the client’s email, watches the company info auto-populate, picks the relevant services and rough sizing, and adds a few light details: regulatory requirements, timeline, basic environmental info. Submit. By the time dessert lands, the deal is teed up on our side and we can handle the next steps together.
That’s why the whole portal is built mobile-first. We didn’t optimize for mobile because best practices say to. We optimized for mobile because that’s how partners actually work.
Each deal gets its own page with status updates, a comment thread, and file uploads. Tag us, ask questions, share supporting docs. We respond there, not in a separate email chain you have to dig through later.
The commissions view shows every deal you’ve registered, what stage it’s at, and what’s accrued versus what’s already been paid out. No spreadsheets, no ambiguity, no “let me check with finance and get back to you.”
The whole signup flow takes a couple of minutes. The longest part will be reading and signing your partner agreement, which we handle in the portal so you don’t have to chase a PDF around your inbox.
Built secure, built right
We’re a security firm. We help our clients build defenses, find vulnerabilities, and clean up after incidents. So when we built the portal, we built it the way we’d build it for them.
Every account uses multi-factor authentication. Role-based access controls scope what each user can see and do, so an organization admin can manage their team without that team being able to access another partner’s data. Audit logs track sensitive actions so you, and we, have a clean record of who did what and when. Data is encrypted in transit and at rest. Partner agreements and NDAs get signed in the portal through our RabbitSign integration, so paperwork doesn’t slow down the business.
The whole thing runs on Cloudflare. We use the same defense-in-depth posture for the portal that we recommend in our penetration testing and virtual CISO engagements. We’re not asking partners to trust a piece of software we wouldn’t trust ourselves.
Easy on day one, faster on day two
Day one is sign up, confirm your email, fill out a short profile, sign your partner agreement, and register your first deal. The flow is designed to get you to a registered deal as quickly as possible, because that’s the moment the portal starts paying off for you.
Day two is faster. Returning partners land on the dashboard, see what’s moving, click “Register a Deal” if there’s something new. Two minutes, maybe three if the client has a complicated environment. The mobile experience is the same.
For organizations, day two also means inviting the rest of your team. You set roles. They can register deals on accounts they own. The org admin sees the full pipeline. Nobody steps on each other’s commissions.
What’s next
A few things to know that didn’t make the tour: the portal already includes an enablement resource library with co-branded assets, methodology references, and materials you can pull directly into client conversations. Each partner also has a clear view of their current tier, the requirements and incentives at the next one, and where they stand on progressing.
We’ll keep building from here. The way we approach our consulting work is to tailor each engagement to a client’s specific needs, and we’ll do the same with the portal. As partners use it and tell us what’s working and what isn’t, we’ll dedicate future cycles to the features the community actually wants. If you have ideas, we want to hear them.
If you’re already partnering with us, you’ll see those updates land in your dashboard. If you’re new, the right move is to sign up at the portal or learn more at our partners page. Either path starts the same: a short profile, a signed agreement, and a deal you’ve been sitting on that’s ready to go.
