I've been on the consulting and receiving end of penetration testing services. I've seen how the sauce is made and have been a consumer of this elusive sauce. Over the past decade, I've seen both good and bad penetration tests, and I'm here to tell you it doesn't have to be like this. We, as an industry, can do better. You, as clients, can hold us accountable. This talk consists of five questions that can be asked to start a better evaluation of your penetration testing partners. This is not a complete recipe. Instead, this will serve as a starting point for a larger conversation before the contract is signed.