PlutoSec

BACKGROUND

Please describe your company and position.

I am the IT Systems and Security Coordinator of Camillo Bortolato

Describe what your company does in a single sentence.

We design and distribute intuitive, visual-based educational tools using the Analogical Method to help children learn math and reading more naturally and effectively.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Internal network penetration testing
• Web application security assessment
• Cloud infrastructure vulnerability scanning
• Email system phishing simulation
• Firewall configuration audit
• Endpoint protection evaluation and hardening

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Pricing fit our budget
• Good value for cost
• Referred to me
• Company values aligned

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a comprehensive security assessment across our digital infrastructure. The project began with internal and external penetration testing to identify vulnerabilities within our local network and exposed services. Their team also performed a full web application security audit, focusing on authentication, input validation, and session management flaws.

Additionally, they evaluated our Microsoft 365 email environment for phishing risks and carried out simulated attacks to test user awareness. Cloud infrastructure on AWS was thoroughly reviewed, with a focus on misconfigured services and exposed storage buckets.

Key deliverables included a detailed penetration testing report, prioritized vulnerability list, remediation roadmap, phishing simulation results, and a firewall rule set review with security recommendations.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project achieved strong measurable results. Within 30 days, 87% of the identified vulnerabilities were remediated based on PlutoSec’s recommendations.

Our phishing simulation click rate dropped from 28% to just 6% after the awareness training was completed.

Firewall misconfigurations were reduced by 90%, improving our overall perimeter defense significantly.

Cloud infrastructure exposures were fully addressed, with all S3 buckets and IAM roles properly secured.

The web application successfully passed all OWASP Top 10 compliance checks in the final assessment.

Endpoint protection scores improved by 35% following PlutoSec’s system hardening efforts.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. They maintained clear timelines, provided regular status updates, and delivered all items on schedule.

Their team was highly responsive to our needs, quickly addressing concerns and adjusting priorities when required. Communication was smooth, and they remained accessible throughout the assessment.

They also showed strong coordination across technical and non-technical teams, ensuring that deliverables were clearly understood and actionable.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their deep technical expertise combined with a practical, business-focused approach. They didn’t just identify vulnerabilities—they explained the real-world impact and guided us through effective remediation.

Their ability to simulate realistic attack scenarios and tailor their methods to our specific environment was impressive. The level of clarity and detail in their reports also made them stand out from other vendors we’ve worked with.

Are there any areas for improvement or something PlutoSec could have done differently?

One area for improvement could be faster turnaround on the final validation phase after remediation. While the initial assessments and support were prompt, the re-testing took slightly longer than expected.

Additionally, offering more proactive security recommendations beyond the scope of the engagement—such as roadmap planning or architecture reviews—would have added even more value.

BACKGROUND

Please describe your company and position.

I am the IT Operations Manager of Alluvione TV

Describe what your company does in a single sentence.

Alluvione TV Sat specializes in the design, installation, and maintenance of terrestrial and satellite TV systems, as well as custom Wi-Fi and LAN networking solutions for residential and commercial clients.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Simulate targeted cyberattacks to assess the resilience of our centralized TV control infrastructure
• Perform deep manual penetration testing on our cloud-based technician dispatch system
• Audit the security of IoT-enabled signal amplifiers and routers deployed at client sites
• Stress-test remote firmware update processes to identify potential exploitation paths
• Review internal data storage practices to detect weak encryption or access control flaws

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• Close to my geographic location
• Pricing fit our budget
• Good value for cost
• Referred to me

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec was hired to perform a full cybersecurity assessment, including external and internal network penetration testing, web application testing, and a cloud security audit of our AWS infrastructure. They also evaluated endpoint configurations, reviewed firewall and IDS/IPS setups, and conducted a phishing simulation followed by employee awareness training.

The deliverables included a detailed technical report with vulnerabilities and remediation steps, an executive summary for leadership, a cloud misconfiguration report, phishing test results, and a 30-day window for retesting and validation. Their work helped us identify key risks and significantly strengthen our overall security posture.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project led to the identification and remediation of 26 critical and high-risk vulnerabilities across our network, applications, and cloud infrastructure. After remediation, PlutoSec’s retesting confirmed a 100% fix rate for the critical issues. Employee awareness improved significantly, with phishing simulation click rates dropping from 42% to just 6% after training. Firewall and endpoint misconfigurations were corrected, reducing our internal threat exposure score by over 70%. As a result, we passed our internal security audit and achieved compliance readiness for ISO 27001 and SOC 2 standards.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. All milestones were delivered on time, and their team maintained clear and proactive communication at every stage. They provided regular status updates, quickly responded to our questions, and adapted to changes in scope without delays. Their ability to align with our internal timelines and coordinate effectively with our IT team made the entire process smooth and efficient.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their deep technical expertise combined with a highly personalized approach. Unlike many firms that rely heavily on automated tools, they performed extensive manual testing and provided detailed, real-world insights. Their team didn’t just identify issues—they explained the potential impact in our specific business context and guided us through remediation. Their professionalism, transparency, and commitment to going beyond the basics truly set them apart.

Are there any areas for improvement or something PlutoSec could have done differently?

While the overall experience was highly positive, one area for improvement could be the addition of a more interactive dashboard or portal for tracking testing progress and remediation status in real time. Although their reports were detailed and clear, having a centralized platform to view live updates or schedule follow-ups would enhance the client experience further.

BACKGROUND

Please describe your company and position.

I am the IT Systems & Data Security Coordinator of Manipura Studio Torino

Describe what your company does in a single sentence.

Manipura Studio Torino is a holistic wellness center specializing in massage therapy, energy healing, and natural treatments to restore physical and emotional balance.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Perform external penetration testing on our website and client portal
• Conduct internal network penetration testing to identify lateral movement risks
• Assess the security of our online booking and payment system
• Identify and exploit potential vulnerabilities in our web applications
• Simulate real-world attacks to evaluate our overall security posture
• Test for misconfigurations and exposed services in our hosting environment
• Perform social engineering assessments to test employee awareness
• Validate security controls through manual and automated testing
• Test for OWASP Top 10 vulnerabilities across digital platforms
• Provide a detailed pentesting report with critical, high, and medium-risk findings

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec was engaged to perform a full offensive security assessment for Manipura Studio Torino. The primary goal was to evaluate our overall cybersecurity posture by identifying vulnerabilities in our digital assets.

They conducted external penetration testing on our website and online booking platform to uncover risks like SQL injection, authentication flaws, and exposed services. This helped us understand how an attacker could gain unauthorized access from the outside.

An internal assessment was also carried out to simulate attacks from within the network. This focused on detecting misconfigurations, privilege escalation paths, and potential lateral movement opportunities.

PlutoSec reviewed the security of our web applications using OWASP Top 10 standards and assessed our cloud hosting environment for weak configurations, unsecured storage, and API exposure.

They delivered a detailed vulnerability report that included CVSS scores, technical findings, and practical remediation steps. After applying the fixes, their team conducted a retest to confirm the vulnerabilities were properly addressed.

A light-touch social engineering simulation was included to test our staff’s awareness and response to phishing or manipulation attempts.

Finally, we received an executive-level summary report that covered business risks, compliance considerations with GDPR, and long-term cybersecurity recommendations tailored to our business.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The penetration test revealed several critical and high-risk vulnerabilities that were previously unknown. After receiving PlutoSec’s detailed report, we were able to fix 100% of the critical issues and most of the high-risk ones within two weeks.

Our booking platform, which had insecure authentication mechanisms, was reconfigured based on PlutoSec’s recommendations. This significantly reduced our exposure to unauthorized access attempts.

PlutoSec conducted a re-test after remediation, which showed that the attack surface had been substantially minimized. No critical vulnerabilities remained, and our overall risk score dropped by over 70%.

Our internal team also reported improved awareness following the simulated phishing attempts. After the test, we introduced internal security protocols that have reduced staff-related risks.

Lastly, we gained clear visibility into compliance gaps related to GDPR. With PlutoSec’s help, we implemented changes that brought our handling of client data into closer alignment with regulatory expectations.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. All phases of the project—from scoping and testing to reporting and retesting—were delivered on time and according to the agreed schedule.

Communication was clear and responsive at every stage. Their team was quick to address our questions, adjust timelines when needed, and explain technical findings in a way that was easy to understand.

They kept us updated with regular progress reports and followed a structured approach that made the entire process smooth and transparent. We felt fully supported and informed from start to finish.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their hands-on, manual approach to penetration testing. Unlike many firms that rely heavily on automated scanners, PlutoSec’s team conducted deep, real-world attack simulations that uncovered complex vulnerabilities we never knew existed.

Their ability to explain technical risks in simple, actionable terms was also impressive. They didn’t just deliver a report — they educated our team, helped us prioritize fixes, and guided us through remediation with genuine care and attention.

The blend of technical depth, clear communication, and personalized support made them truly stand out.

Are there any areas for improvement or something PlutoSec could have done differently?

While our overall experience with PlutoSec was excellent, one area for improvement could be the addition of a brief training session after the final report delivery. Although their documentation was clear, a short walkthrough or live session for our non-technical staff would have added even more value.

Additionally, offering a dashboard or portal to track remediation status in real-time could make ongoing security management more efficient. Other than that, their service was thorough, professional, and exceeded expectations.

BACKGROUND

Please describe your company and position.

I am the IT & Digital Security Coordinator of ENABLE Sverige

Describe what your company does in a single sentence.

We foster collaboration between football clubs, supporters, authorities, and communities in Toronto to promote safer, more inclusive, and sustainable match-day environments.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Penetration testing
• Vulnerability assessment
• Cloud security review
• GDPR compliance audit
• API security testing
• Network hardening
• Social engineering simulation
• Firewall misconfiguration check
• ISO 27001 readiness
• Threat detection setup

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget
• Good value for cost

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a full-scope cybersecurity assessment focused on enhancing the digital security of ENABLE Sverige’s online platforms and internal infrastructure. The engagement included black-box and white-box penetration testing of web applications, vulnerability scanning of internal systems, API security evaluation, and phishing simulations targeting staff and partners. Key deliverables included a comprehensive risk-based report, detailed remediation guidelines, a GDPR compliance gap analysis, and a prioritized vulnerability matrix. PlutoSec also reviewed our firewall configurations, ensured cloud platform security settings were aligned with best practices, and provided a strategic roadmap for ongoing ISO 27001 alignment and threat monitoring implementation.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

PlutoSec helped us remediate all critical vulnerabilities identified during penetration testing. Our systems showed significant improvement in overall security posture after their assessment.

They reconfigured our cloud infrastructure and secured exposed API endpoints, eliminating risks related to insecure authentication and data leakage.

Phishing simulations led to improved staff awareness, and our GDPR compliance was strengthened through better encryption and data handling practices.

Firewall settings were optimized, reducing lateral movement risks, and we implemented faster incident response through enhanced monitoring.

The project concluded with a clear cybersecurity roadmap and well-structured documentation for future compliance and audits.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was highly organized and efficient. They delivered all milestones on time and maintained consistent communication throughout the engagement. Their team was responsive to our questions and flexible when priorities shifted, ensuring our concerns were addressed promptly. Regular progress updates, clear timelines, and actionable insights made collaboration smooth and productive. Their ability to adapt to our organizational needs while staying aligned with the project goals was especially appreciated.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their deep expertise in manual penetration testing and their ability to simulate realistic attack scenarios tailored to our environment. They didn’t just rely on tools—they took a hands-on approach, which uncovered issues automated scans would have missed. Their reporting was clear, prioritized by risk, and directly aligned with our operational needs. Most importantly, they treated the engagement like a partnership, offering guidance and support beyond the scope to help us strengthen our long-term security posture.

Are there any areas for improvement or something PlutoSec could have done differently?

PlutoSec delivered excellent results overall, but one area for improvement could be the addition of a real-time dashboard to track vulnerability remediation progress. While their reports were thorough and timely, a centralized portal would have made it easier for our internal teams to monitor and collaborate during the remediation phase. A few more proactive follow-up sessions post-assessment would also help maintain momentum and ensure long-term security goals stay on track.

BACKGROUND

Please describe your company and position.

I am the IT Security Consultant of Grandoni & Associati

Describe what your company does in a single sentence.

We provide strategic management consulting and international business development services to help organizations grow, innovate, and expand into global markets.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Secure DevOps and CI/CD environments from code to cloud
• Run phishing simulations and cybersecurity awareness training
• Perform black-box and white-box penetration testing
• Identify vulnerabilities in AWS and Azure cloud systems
• Conduct internal and external network security assessments
• Test API endpoints using OWASP API security standards
• Implement full vulnerability scanning and risk prioritization
• Assess mobile app security for iOS and Android platforms
• Ensure ISO 27001, SOC 2, and GDPR compliance readiness
• Simulate real-world attacks through red teaming exercises

SOLUTION

How did you find PlutoSec?

• Online Search
• Clutch Site

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Good value for cost
• Referred to me

How many teammates from PlutoSec were assigned to this project?

6-10 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a comprehensive cybersecurity engagement covering black-box and white-box penetration testing across our web applications, internal network, cloud infrastructure, and APIs. The scope included vulnerability scanning, manual exploitation, privilege escalation, and lateral movement testing. Key deliverables included a detailed risk-based penetration testing report, executive summary for stakeholders, vulnerability remediation roadmap, OWASP Top 10/API Top 10 analysis, secure configuration review of AWS resources, and phishing simulation results. Additionally, PlutoSec provided security awareness training material and consultation sessions to guide our team through secure DevOps practices and compliance alignment with SOC 2 and ISO 27001. 

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project resulted in the elimination of most critical vulnerabilities discovered during the initial penetration tests. Our web application security posture significantly improved, with follow-up testing confirming successful remediation efforts. Cloud infrastructure, particularly AWS environments, was hardened through secure configuration reviews. The external attack surface was reduced by removing exposed and unused services. OWASP Top 10 issues like broken access control and injection flaws were addressed. Internal security awareness improved, reflected in much better phishing simulation results. The incident response team demonstrated faster detection and response times during red team simulations. Compliance gaps related to ISO 27001 and SOC 2 were closed, and all API endpoints were secured with proper authentication and validation. Finally, PlutoSec delivered a clear, actionable roadmap that’s now being used for ongoing risk reduction.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. They adhered strictly to deadlines, delivered all key milestones on time, and maintained clear communication at every stage. Their team was highly responsive, quickly adapting to our evolving requirements and providing timely updates, technical clarifications, and expert guidance. They used structured reporting formats, shared progress via weekly check-ins, and were proactive in offering solutions during remediation. Overall, their collaborative and professional approach ensured the project stayed on track and aligned with our security goals.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their deep technical expertise combined with a hands-on, manual testing approach that went far beyond basic automated scans. Their ability to simulate real-world attack scenarios, especially in complex cloud and API environments, impressed us. They tailored their testing specifically to our infrastructure, provided clear and actionable reporting, and worked closely with our team to ensure we understood every risk. Their commitment to education, transparency, and delivering value made them feel more like a security partner than just a vendor.

Are there any areas for improvement or something PlutoSec could have done differently?

While PlutoSec delivered outstanding results overall, one area for improvement could be providing a more interactive dashboard or portal for real-time vulnerability tracking and remediation status. While their reports were comprehensive and well-structured, having a centralized platform to monitor progress visually would enhance ongoing collaboration. Additionally, offering more post-assessment follow-ups or periodic check-ins could help maintain momentum on remediation and ensure long-term security posture improvements.

BACKGROUND

Please describe your company and position.

I am the IT & Data Privacy Coordinator of Studio Francesca Bulzoni

Describe what your company does in a single sentence.

We provide psychological and neuropsychological services, including therapy, assessments, and cognitive rehabilitation for adolescents, adults, and seniors.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Strengthen our overall cybersecurity posture to protect patient trust
• Assess the security of stored patient records and therapy session notes
• Evaluate third-party integrations for potential security gaps
• Provide a detailed report with prioritized remediation steps
• Conduct a full penetration test of our website and patient portal
• Identify and fix vulnerabilities in our online booking and payment systems
• Ensure compliance with GDPR and healthcare data protection standards
• Perform a risk assessment of our email and communication tools

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• Close to my geographic location
• Pricing fit our budget
• Referred to me

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec carried out a comprehensive security assessment of our digital infrastructure, focusing on our website, patient portal, and backend systems. The engagement included web application penetration testing, vulnerability scanning, and data security evaluation—especially around sensitive health records and appointment data. They analyzed our online booking system, payment integrations, and email communication tools for potential attack vectors. Key deliverables included a detailed technical report outlining discovered vulnerabilities, a prioritized risk matrix, proof-of-concept exploit examples for critical issues, and step-by-step remediation guidance tailored to our healthcare operations.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The engagement with PlutoSec led to several clear and measurable outcomes. Multiple high-risk vulnerabilities in our patient portal and booking system were identified and successfully remediated. Sensitive data storage practices were improved, ensuring stronger encryption and access controls. Our website passed a follow-up penetration test with zero critical findings. Email systems were hardened to reduce phishing risk, and all third-party integrations were secured with updated API handling. Additionally, we received a final risk assessment showing a significant reduction in overall exposure, along with increased staff awareness regarding cybersecurity protocols. 

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. All tasks were delivered on schedule, and their team maintained clear and proactive communication from start to finish. They were quick to address our concerns, flexible when we needed to adjust priorities, and provided regular progress updates without us having to follow up. Their responsiveness and structured approach made the entire process efficient and stress-free.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting

What did you find most impressive or unique about this company?

What impressed us most about PlutoSec was their ability to combine deep technical expertise with a clear understanding of healthcare-specific privacy requirements. They didn’t just focus on general cybersecurity—they tailored their approach to protect sensitive patient data, offered practical remediation strategies, and explained everything in non-technical language that our team could easily act on.

Are there any areas for improvement or something PlutoSec could have done differently?

The overall experience was excellent, but one area for improvement could be providing a brief cybersecurity awareness session for our staff as part of the engagement. While their technical work was outstanding, a short training or live Q&A could have further empowered our team to maintain strong security practices going forward.

BACKGROUND

Please describe your company and position.

I am the IT Security & Infrastructure Manager of Cartomanzia Seria

Describe what your company does in a single sentence.

We provide professional tarot and psychic consultation services by experienced and empathetic readers, available via phone and online across toronto,

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Web application penetration testing
• Payment gateway security testing
• GDPR compliance verification
• Vulnerability assessment
• Firewall and server configuration audit
• SQL injection testing
• Cross-site scripting (XSS) detection
• Data leakage prevention
• Social engineering testing
• Security hardening recommendations

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Pricing fit our budget
• Good value for cost
• Referred to me

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a comprehensive penetration testing engagement targeting our web application, backend infrastructure, and payment processing systems. The scope included both black-box and gray-box testing approaches. Key deliverables included a detailed vulnerability assessment report, exploitation proofs for critical findings, a prioritized risk matrix, and tailored remediation guidance. They also reviewed our GDPR compliance posture and tested for OWASP Top 10 vulnerabilities, ensuring our customer data remained protected and our services met security best practices.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project led to several measurable outcomes that demonstrated clear success. We identified and remediated multiple high and medium-risk vulnerabilities across our web and payment systems. Our external attack surface was reduced by disabling unnecessary ports and services. GDPR compliance was strengthened through improved data handling and privacy controls. Authentication and session management were enhanced, resulting in stronger user security. A follow-up retest confirmed that all critical issues had been resolved. Our overall security posture improved based on PlutoSec’s final risk assessment. We also reduced our response time to potential threats by optimizing firewall rules and alert configurations. Input validation across the platform was tightened, mitigating injection and XSS vulnerabilities. PlutoSec provided a clear remediation roadmap for future improvements. Most importantly, the engagement boosted both customer trust and internal confidence in our system’s security.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. All deliverables were provided within the agreed timelines, and their team maintained consistent communication during each phase of the project. They were highly responsive to our questions and quickly adjusted the scope when we needed additional testing on specific components. Their structured approach, regular updates, and clear documentation made the entire process smooth and transparent. 

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their deep technical expertise combined with a hands-on, human approach. They didn’t just run automated scans—they manually validated vulnerabilities, explained the real-world impact in simple terms, and tailored their recommendations to our specific business model. Their commitment to both technical accuracy and client education truly set them apart. 

Are there any areas for improvement or something PlutoSec could have done differently?

The overall experience was very positive, but one area for improvement could be offering a more interactive reporting session—perhaps a live walkthrough of findings with our technical team. While their written report was thorough, a collaborative debrief could have helped us prioritize remediation even faster.

BACKGROUND

Please describe your company and position.

I am the Campaign Content & Digital Outreach Manager of Do it for the Planet

Describe what your company does in a single sentence.

Do It For The Planet is a Toronto-based civic-tech initiative that empowers voters to make climate-conscious decisions by comparing political parties’ environmental commitments through secure, user-friendly digital platforms.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Full Website Pen Testing
• OWASP Top 10 Risk Coverage
• Secure Code Review
• Cloud Infrastructure Audit
• GDPR Compliance Check
• Privilege Escalation Testing
• Real-World Attack Simulation
• Remediation Roadmap Delivery
• Authentication Flow Hardening
• API Security Validation

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget
• Referred to me

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec performed a comprehensive security assessment of our digital platform, which included manual penetration testing, secure code review, and cloud infrastructure auditing. The scope covered our public-facing website, voter engagement tools, backend APIs, and AWS-hosted services. They tested for OWASP Top 10 vulnerabilities, session and access control weaknesses, and potential misconfigurations in our S3 storage, IAM roles, and API gateways. Key deliverables included a detailed vulnerability report with severity ratings, proof-of-concept (PoC) exploitation for critical findings, a prioritized remediation plan with CVSS scores, a compliance gap analysis for GDPR, and a post-remediation validation report confirming that all major risks were addressed.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project with PlutoSec resulted in several measurable outcomes that clearly demonstrated progress and strengthened our overall security posture. Multiple high and medium-risk vulnerabilities were identified and fully remediated, including flaws in session handling, API authentication, and form input validation. Our AWS configurations were hardened, with S3 bucket permissions corrected and IAM roles tightened. We implemented multi-factor authentication (MFA) across all admin accounts, encrypted all sensitive voter data at rest and in transit, and passed an external compliance readiness review aligned with GDPR. Post-engagement testing confirmed that all critical issues had been resolved, and we experienced improved system stability and increased stakeholder confidence going into our live campaign launch.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was highly efficient and well-structured. They provided a clear timeline from day one and delivered every phase—testing, reporting, and validation—right on schedule. Communication was smooth and responsive; they were quick to adapt to our changing priorities and worked around our campaign deadlines without compromising quality. Whether it was clarifying technical findings or jumping on a late call to discuss remediation, their team was consistently supportive, professional, and aligned with our mission-critical needs.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What impressed us most about PlutoSec was their ability to blend deep technical expertise with mission-driven sensitivity. They didn’t just identify vulnerabilities—they explained them in terms of real-world impact, especially in the context of civic engagement, voter data protection, and public trust. Their manual testing approach, attention to detail, and collaborative mindset made them feel like an extension of our internal team. It’s rare to find a cybersecurity partner that’s both technically elite and socially conscious. 

Are there any areas for improvement or something PlutoSec could have done differently?

One thing we would have liked was a more collaborative debrief session that included non-technical stakeholders. While their reports were crystal clear for our IT team, a short, high-level walkthrough tailored for leadership or campaign staff would’ve helped us communicate the “why” behind the fixes more effectively. Also, a bit more proactive follow-up a few weeks post-engagement would’ve gone a long way in keeping momentum on security culture internally. Nothing major—but a more structured post-project wrap-up would make a great service even better.

BACKGROUND

Please describe your company and position.

I am the Head of IT Security & Compliance of Milano Fertility Clinic

Describe what your company does in a single sentence.

Milano Fertility Clinic is a specialized reproductive health center in Milan offering advanced IVF, fertility preservation, and personalized care to patients from Italy and abroad.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Staff Security Awareness Training
• Post-Engagement Validation Testing
• Full-Scope Penetration Testing
• HIPAA & GDPR Compliance Readiness
• Encryption & SSL/TLS Hardening
• Authentication & Access Control Improvements
• Vulnerability Remediation Plan
• Cloud Infrastructure Security Review
• Third-Party Risk Assessment
• Incident Response Strategy

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Great culture fit
• Good value for cost
• Referred to me

How many teammates from PlutoSec were assigned to this project?

6-10 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a full-scope cybersecurity assessment for Milano Fertility Clinic with a focus on securing patient data, ensuring regulatory compliance (HIPAA & GDPR), and improving overall system resilience. The scope included manual penetration testing of their patient portal, appointment booking system, internal APIs, and cloud-based electronic medical records (EMR). We audited their authentication mechanisms, data storage configurations, encryption standards, and third-party integrations (such as payment processors and labs). Key deliverables included a detailed vulnerability assessment report with severity ratings, proof-of-concept (PoC) exploits for critical findings, a remediation roadmap prioritized by business impact, a compliance gap analysis for HIPAA and GDPR, and a follow-up revalidation test to confirm fixes. We also delivered internal staff awareness training and a draft incident response plan tailored to healthcare breach notification requirements.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The collaboration with PlutoSec resulted in significant improvements across multiple areas of Milano Fertility Clinic’s cybersecurity posture. All critical vulnerabilities identified during the initial penetration test were fully remediated, including exposed admin interfaces, weak access controls, and outdated third-party components. Encryption protocols were upgraded to current best practices, ensuring that sensitive patient data is protected both in transit and at rest.

Multi-factor authentication (MFA) was successfully implemented across all sensitive and administrative accounts, significantly reducing the risk of unauthorized access. The clinic also addressed key HIPAA and GDPR compliance gaps, including access logging, breach notification protocols, and data retention policies. Vendor risk was reduced by enforcing stricter security requirements for external partners, particularly those handling lab results and payment processing.

Additionally, a tailored security awareness training program was rolled out to clinical and administrative staff, greatly improving organizational understanding of phishing threats, data handling responsibilities, and secure login practices. The project concluded with a follow-up validation test confirming that all high-impact findings had been addressed. As a result, the clinic passed its internal audit with strong marks and reported increased confidence from stakeholders, insurers, and international patients relying on their secure and compliant infrastructure.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was smooth, organized, and highly responsive to our specific needs as a healthcare provider. They outlined a clear timeline at the start and adhered to every milestone without delays. Communication was excellent—they provided frequent updates, clarified technical findings in non-technical terms when needed, and were always quick to adjust based on our clinical operations and availability. Whether it was after-hours consultations or aligning testing around patient data cycles, they were flexible and professional throughout. Their ability to balance technical depth with healthcare sensitivity made the entire engagement feel collaborative and efficient.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their deep understanding of both cybersecurity and the unique challenges of working within the healthcare sector. They didn’t just perform a checklist-style test—they approached our systems with the mindset of real-world attackers, while remaining sensitive to patient data privacy, operational uptime, and compliance. Their ability to align penetration testing with HIPAA and GDPR requirements, while clearly communicating business impact, made them feel like an extension of our internal team. It’s rare to find a vendor that combines technical expertise, regulatory awareness, and human-centered professionalism so effectively.

Are there any areas for improvement or something PlutoSec could have done differently?

One area where PlutoSec could improve is by offering a centralized client dashboard to track testing progress, vulnerabilities, and remediation status in real time. While their communication was consistently responsive and detailed, having a visual, interactive platform would make it easier for internal stakeholders to monitor ongoing tasks without relying solely on reports or emails. That said, their hands-on support and clarity throughout the engagement largely made up for this.

BACKGROUND

Please describe your company and position.

I am the IT Operations & Security Coordinator of LUXURY ART S.R.L

Describe what your company does in a single sentence.

We curate and sell limited-edition luxury art, photography, and collectibles that celebrate Italian heritage, craftsmanship, and design.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Penetration Testing
• Cybersecurity Services
• Cloud Security Solution
• Managed Security Services
• Network Penetration test
• Web Penetration Testing

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Referred to me

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a full-scale penetration test and vulnerability assessment of our luxury e-commerce platform, including our website, CMS, APIs, and payment systems. Their team manually identified critical and high-risk vulnerabilities, provided detailed proof-of-concept evidence, and delivered a comprehensive report with prioritized remediation steps. They also aligned their findings with GDPR and ISO 27001 requirements, helping us improve both our security posture and compliance. The engagement concluded with a verification phase to ensure all key risks were properly addressed.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The most measurable outcomes from PlutoSec’s engagement were the identification and remediation of multiple high-risk vulnerabilities that had gone undetected in previous scans. Our website’s overall security posture significantly improved, with hardened configurations, better access controls, and optimized encryption standards. Post-engagement, we passed an independent security audit required by one of our high-end payment partners, and our internal IT team reported increased confidence in managing future security risks.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was highly efficient and well-coordinated. They provided a clear timeline at the start and stuck to it without delays, delivering all reports and findings right on schedule. Communication was smooth throughout—they were quick to respond to questions, flexible with scheduling, and always willing to explain technical details in a way that made sense to our team. Their proactive updates and collaborative approach made the entire process feel seamless and stress-free.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What impressed us most about PlutoSec was their ability to combine deep technical expertise with a strong understanding of our brand’s identity and business priorities. Unlike many cybersecurity firms, they didn’t just throw technical jargon at us—they explained risks in a clear, human way and tailored their recommendations to protect both our security and customer experience. Their hands-on, manual testing approach and dedication to quality made them feel like a true partner, not just a vendor.

Are there any areas for improvement or something PlutoSec could have done differently?

The only area for improvement we noticed was the lack of a centralized client dashboard to track progress and reports in real-time. While their team was very responsive via email and meetings, having a portal to monitor findings, remediation status, and timelines would add even more transparency and convenience—especially for teams juggling multiple priorities.