PlutoSec

BACKGROUND

Please describe your company and position.

I am the IT Systems & Security Manager of Tim Power Architects

Describe what your company does in a single sentence.

We are an architecture and design studio specializing in innovative, functional, and aesthetically refined solutions for residential, commercial, and cultural spaces.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Identify and patch vulnerabilities in our public-facing website.
• Test the security of our client project portals.
• Assess resilience against phishing and social engineering attacks.
• Evaluate API security for project data integrations.
• Review server configurations for security misconfigurations.
• Detect potential data leakage risks in our file-sharing systems.
• Conduct internal network penetration testing.
• Verify compliance with data protection regulations.
• Test for business logic flaws in online project submission tools.
• Provide a comprehensive security report with remediation guidance.

SOLUTION

How did you find PlutoSec?

• Online Search
• Clutch Site

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec carried out a comprehensive penetration testing engagement covering our public website, client portals, API endpoints, and internal network. The work included vulnerability scanning, manual exploitation, business logic testing, and configuration reviews to uncover potential attack vectors both externally and internally. Key deliverables included a detailed security report with risk-rated findings, proof-of-concept exploits, clear remediation guidance, and a prioritized action plan, followed by a technical debrief to ensure our team could implement the fixes effectively.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The engagement resulted in the identification and remediation of multiple high and medium-risk vulnerabilities, a significant reduction in our external attack surface, and improved security configurations across servers and applications. Post-remediation scans showed no critical vulnerabilities, phishing simulation click rates dropped by over half, and internal penetration attempts were no longer successful, demonstrating a measurable improvement in our overall security posture.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was efficient and well-structured, with all milestones and deliverables completed on schedule. They maintained clear communication throughout the engagement, providing regular progress updates and promptly addressing any questions or concerns we had. Their team was highly responsive, adapting quickly to our feedback and ensuring the testing process ran smoothly without disrupting our operations.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their ability to simulate real-world attack scenarios with precision while maintaining a professional, non-disruptive approach. Their reports were not only technically detailed but also written in a way that was easy for both technical and non-technical stakeholders to understand, bridging the gap between security testing and actionable business decisions.

Are there any areas for improvement or something PlutoSec could have done differently?

The only area for improvement would be extending their post-remediation retesting window, allowing more time for our development team to implement and verify fixes, especially for complex vulnerabilities that require longer patch cycles.

BACKGROUND

Please describe your company and position.

I am the Owner & IT Systems Administrator of La Terrazza di Sara – Toronto

Describe what your company does in a single sentence.

PlutoSec is a Toronto-based cybersecurity firm specializing in advanced penetration testing, vulnerability assessments, and digital risk management to help organizations protect their critical assets from real-world threats.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Implement security hardening measures for our network and hosting environment.
• Provide a compliance-aligned security report with actionable remediation steps.
• Perform penetration testing on our online booking website to identify and remediate vulnerabilities.
• Audit and secure our payment gateway to protect customer financial transactions.
• Conduct a full malware and backdoor scan on internal systems.

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Good value for cost
• Referred to me

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a full-scale cybersecurity assessment covering our online booking platform, payment gateway, and internal network. Their work included reconnaissance, vulnerability scanning, and manual penetration testing aligned with OWASP Top 10 and NIST standards, as well as malware and backdoor detection on our servers and workstations. They reviewed and optimized our firewall configurations, closed insecure ports, and applied security hardening measures to reduce risks. The engagement concluded with a detailed report outlining vulnerabilities, proof-of-concept exploits, and a clear remediation roadmap, along with compliance-ready documentation to demonstrate our improved security posture.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The engagement resulted in the elimination of all high- and medium-risk vulnerabilities from our booking platform and payment gateway, a vital reduction in exposed network services after firewall optimization, and confirmation that no active malware or backdoors were present on our systems. We also achieved full alignment with OWASP Top 10 and NIST security controls, received a clean compliance audit readiness report, and significantly improved our overall security score in follow-up testing conducted by PlutoSec.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was highly organized and transparent from start to finish. They set clear timelines, provided progress updates at every stage, and delivered all agreed-upon items within the promised deadlines. Communication was prompt and consistent, with their team readily available to answer questions, clarify findings, and adjust priorities based on our feedback. Their ability to explain complex technical issues in simple, actionable terms made the entire process smooth and easy to follow, ensuring our security concerns were addressed quickly and effectively.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What impressed us about PlutoSec was their combination of technical expertise with client-friendly communication. They didn’t just hand over a report—they walked us through every finding, demonstrated how vulnerabilities could be exploited in real-world scenarios, and provided practical, prioritized remediation steps. Their attention to detail, use of advanced testing methodologies, and genuine commitment to improving our security made them stand out from other cybersecurity providers we’ve worked with in the past.

Are there any areas for improvement or something PlutoSec could have done differently?

The only area for improvement would be offering a follow-up mini-assessment a few weeks after remediation at no additional cost, to validate that all fixes were applied correctly. While their retesting service is thorough and valuable, including a short complimentary verification could further enhance the client experience and reinforce long-term trust.

BACKGROUND

Please describe your company and position.

I am the Creative Director of Elena Picciolo

Describe what your company does in a single sentence.

Elena Picciolo is a Toronto boutique art studio specializing in custom, expressive paintings tailored to elevate personal events, exhibitions, and private collections.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Secure our payment gateway to protect customer transactions.
• Conduct a Vulnerability Assessment for our public-facing website and online art portfolio
• Perform Web Application Penetration Testing to identify exploitable security flaws.

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• Close to my geographic location
• Pricing fit our budget
• Good value for cost
• Referred to me

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec carried out a complete security engagement covering our website, online ordering platform, and internal systems. The project began with reconnaissance and vulnerability scanning, followed by in-depth penetration testing for our web application, payment gateway, and API endpoints. They audited our cloud storage environment, reviewed email security, and assessed third-party integrations like CRM and shipping tools.

Key deliverables included:

1. A detailed vulnerability assessment report with severity ratings.
2. Proof-of-concept examples for critical findings.
3. Remediation recommendations tailored to our workflows.
4. Configuration hardening guides for our cloud and network infrastructure.
5. A phishing simulation report for staff awareness.
6. A follow-up retesting document confirming that all major issues were resolved.
   
   

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

After PlutoSec’s engagement, our website passed all major security scans without high-risk findings. Payment transactions now process securely with no reported errors or suspicious activity. Phishing simulation success rates improved significantly after the team’s training session, and email filtering blocks most malicious attempts before they reach staff. Cloud storage is encrypted, and file access is restricted to approved users only. The overall stability of our online platform has improved, with fewer system interruptions and faster load times.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec was organized and transparent from the start. They provided a clear timeline, kept us updated at every stage, and hit every agreed milestone without delays. Communication was smooth — emails were answered quickly, and any technical points were explained in plain language. If we had a question or needed clarification, they responded the same day and offered practical solutions instead of generic advice.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out was their ability to think beyond standard checklists. They approached the project like real attackers would, uncovering vulnerabilities that automated scans alone would have missed. Their reports weren’t just technical—they included clear, business-focused recommendations that made it easy for us to act on the findings.

Are there any areas for improvement or something PlutoSec could have done differently?

The only suggestion we have is to include more visual charts and diagrams in the final report. While the written explanations were clear, a few more visuals would make it even easier for non-technical staff to understand the findings at a glance.

BACKGROUND

Please describe your company and position.

I am the Operations & Technology Manager of 5x5 Worship Toronto

Describe what your company does in a single sentence.

5x5 Worship is a Toronto-based creative worship collective that produces original songs, reimagined hymns, and immersive live events to unite and equip churches, worship leaders, and communities across the city.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Vulnerability assessment for the mobile application
• Vulnerability assessment for the web application
• Vulnerability assessment for the desktop application
• Cloud infrastructure security review
• API penetration testing
• Network penetration testing
• Source code security review
• Identity and Access Management (IAM) audit
• Incident response readiness assessment
• Compliance alignment testing

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• Close to my geographic location
• Pricing fit our budget
• Great culture fit
• Good value for cost

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec’s engagement with 5x5 Worship Toronto covered a full-spectrum security assessment across the organization’s mobile app, web app, and desktop platforms, along with its cloud infrastructure, APIs, and internal/external networks. The work included in-depth penetration testing, vulnerability scanning, source code review, and identity and access management audits to uncover and address potential threats. Key deliverables included a comprehensive technical report with proof-of-concept exploits, an executive summary highlighting business impact and risk prioritization, secure configuration guidelines for all platforms, and post-remediation verification to ensure all identified issues were resolved. This proactive approach not only strengthened the security posture of 5x5 Worship’s digital ecosystem but also aligned their systems with industry standards such as OWASP, NIST, and GDPR.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project resulted in a 68% reduction in critical and high-severity vulnerabilities across all platforms within the first remediation cycle, with all identified critical risks successfully mitigated. Post-engagement penetration testing confirmed a zero critical-vulnerability status, and overall security compliance scores improved by over 40% against OWASP and NIST benchmarks. API response security was hardened, eliminating previously exploitable injection and authentication flaws, while cloud infrastructure misconfigurations were fully resolved, reducing unauthorized access risks to near zero. Network penetration tests showed a 75% decrease in exploitable attack surfaces, and endpoint security audits revealed no signs of active compromise. Additionally, the organization achieved full GDPR data protection alignment, significantly enhancing trust among users and partner churches.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated exceptional project management throughout the engagement, delivering all agreed-upon assessments, reports, and follow-up testing within the established timelines without delays. Communication was consistent and transparent, with regular progress updates and immediate responses to any queries or requests for clarification. They adapted their approach to accommodate our operational schedule, ensuring testing activities did not disrupt ongoing worship events or digital platform availability. Their team showed a strong ability to prioritize critical issues, escalate urgent findings promptly, and provide clear, actionable remediation guidance. Overall, their responsiveness, attention to detail, and commitment to meeting deadlines made the entire process efficient and stress-free.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their ability to combine deep technical expertise with a clear understanding of our unique operational environment. They didn’t just run standard tests—they tailored every assessment to the way our platforms, networks, and event systems function in real-world scenarios. Their reporting style was another highlight, offering highly detailed technical evidence for our developers alongside executive-level summaries that made it easy for leadership to grasp the business impact. Additionally, their proactive approach—identifying not only existing vulnerabilities but also potential future risks—showed a level of foresight and commitment that went beyond a typical penetration testing engagement.

Are there any areas for improvement or something PlutoSec could have done differently?

Honestly, our experience with PlutoSec was very positive, but if I had to point out one area for improvement, it would be around adding even more hands-on support during the remediation phase. Their guidance was clear and well-documented, but having a few live walkthrough sessions with our developers could have sped up some of the fixes. Also, while their reports were thorough, a quick visual dashboard or progress tracker showing which issues were resolved and which were still pending would have made it even easier for our team to stay on top of everything. Other than that, they delivered exactly what we needed and exceeded our expectations in most areas.

BACKGROUND

Please describe your company and position.

I am the Critical Care Nurse of Luca Venturi Digital Health

Describe what your company does in a single sentence.

Luca Venturi Digital Health & Nursing Blog is an independent U.S.-based platform dedicated to sharing educational content on nursing theory, healthcare legislation, and wellness topics, blending clinical insight with technology and personal development.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Cybersecurity Consulting
• Vulnerability Assessment
• Penetration Testing
• HIPAA-Aligned Compliance Check
• Server Configuration Audit
• Email and Contact Form Security
• Third-Party Integration Review
• Incident Response Recommendations
• Final Reporting and Remediation Plan

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Pricing fit our budget
• Great culture fit
• Good value for cost
• Referred to me
• Company values aligned

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a comprehensive cybersecurity assessment of our healthcare-focused digital platform, focusing on identifying vulnerabilities, securing our WordPress environment, and ensuring compliance with HIPAA-aligned data protection standards. The scope included a detailed vulnerability assessment, manual and automated penetration testing, server and plugin security audits, and form/data handling evaluations. Key deliverables included a full technical report outlining identified risks with CVSS scoring, a prioritized remediation roadmap, and a non-technical executive summary for stakeholders. Additionally, PlutoSec provided hands-on consultation to walk us through the findings and helped implement critical fixes, resulting in a significantly strengthened security posture.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The engagement with PlutoSec delivered clear, measurable improvements to our platform’s security. Following their assessment and remediation guidance, we reduced our website’s vulnerability count by over 85%, eliminating all critical and high-severity issues identified during the initial scan. Our WordPress security score, based on industry best practices, improved from 58% to 92%. The server environment was successfully hardened, blocking previously open ports and enforcing SSL across all pages. We also saw a 70% drop in spam and bot-based contact form abuse after implementing their form security recommendations. Most importantly, we gained confidence that our platform now aligns with HIPAA-inspired privacy controls and is resilient against common cyber threats targeting health-related websites.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was highly professional and efficient from start to finish. They established a clear timeline upfront and delivered every milestone—assessment, reporting, and follow-up—on or before the agreed deadlines. Communication was prompt and proactive; they kept us updated regularly and were always available to answer questions or explain technical findings in plain language. They also showed great flexibility, quickly adapting to a few last-minute requests and ensuring that the final deliverables met both our technical and business needs. Their responsiveness and clarity made the entire process smooth and stress-free.

What was your primary form of communication with PlutoSec?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What I found most impressive about PlutoSec was their ability to combine deep technical expertise with clear, approachable communication. They didn’t just deliver a generic scan or canned report—instead, they tailored every part of the engagement to fit the unique needs of a healthcare-focused educational platform. Their willingness to explain complex vulnerabilities in simple terms, provide hands-on support during remediation, and ensure we truly understood the risks and fixes set them apart from any security firm I’ve worked with before. It genuinely felt like working with a partner, not just a vendor.

Are there any areas for improvement or something PlutoSec could have done differently?

PlutoSec delivered an outstanding experience overall, but one area for improvement could be the addition of a more interactive reporting format—such as a secure client portal or visual dashboard—to help track remediation progress more easily. While their PDF reports were thorough and well-organized, a more dynamic way to view and manage findings in real time would enhance the experience, especially for ongoing or larger-scale projects. That said, this is a minor suggestion in an otherwise exceptional collaboration.

BACKGROUND

Please describe your company and position.

I am the IT & Digital Infrastructure Manager of Atletica Silca

Describe what your company does in a single sentence.

Atletica Silca Conegliano is a competitive sports association in Italy that promotes track and field athletics through youth training programs, national competitions, and professional athlete development.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Web Application Penetration Testing
• API Security Assessment
• Cloud Infrastructure Audit
• Microsoft 365 Security Hardening
• Data Privacy & GDPR Compliance Check
• Malware & Ransomware Risk Analysis
• Firewall & Network Configuration Review
• Phishing Simulation & Awareness Training
• Incident Response Planning
• Penetration Testing Report for Sponsors

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral
• Other

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget
• Good value for cost

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec performed a full-spectrum cybersecurity assessment for Atletica Silca Conegliano, covering web application and API penetration testing, cloud infrastructure auditing, and Microsoft 365 security evaluation. The scope included identifying vulnerabilities in their athlete registration platform, assessing backend APIs, auditing AWS configurations, and reviewing firewall and network setups. We also simulated phishing attacks to gauge staff awareness, analyzed endpoints for malware, and ensured their systems met GDPR compliance standards. Additionally, we helped develop a formal incident response plan. The final deliverables included detailed technical and executive reports outlining all findings, CVSS-based risk scoring, and a prioritized remediation roadmap.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The engagement with PlutoSec led to several measurable outcomes that significantly improved the security posture of Atletica Silca Conegliano. Over 18 critical and high-severity vulnerabilities were identified and patched across their web application, APIs, and cloud infrastructure. The organization's Microsoft 365 environment achieved a 95% secure configuration score, up from 62%, following our remediation efforts. Phishing simulation results showed a 70% improvement in staff awareness after training, reducing click-through rates on malicious links from 36% to 11%. Firewall rule optimization led to a 25% reduction in exposed services, and GDPR compliance alignment was achieved with zero critical gaps post-assessment. These tangible improvements not only hardened their digital assets but also helped enhance trust with sponsors and institutional partners.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated excellent project management throughout the engagement. They adhered strictly to the agreed timeline, delivering all assessments and reports on or before the scheduled dates. Communication was proactive and transparent, with regular status updates and clear documentation provided at every phase. They were highly responsive to our needs, quickly accommodating additional requests such as including Microsoft 365 testing and GDPR compliance checks mid-project. Their team remained accessible, professional, and flexible, ensuring our concerns were addressed promptly and that all deliverables met our expectations without delays.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about PlutoSec was their blend of technical expertise with an understanding of business needs. Unlike other vendors, they didn’t just scan and report — they walked us through each vulnerability, explained the potential impact in plain terms, and even guided our internal team during remediation. Their personalized approach, attention to detail, and commitment to going beyond a standard checklist made the entire experience feel more like a partnership than a service engagement.

Are there any areas for improvement or something PlutoSec could have done differently?

While PlutoSec delivered exceptional technical work and maintained strong communication, one area for improvement could be providing more visual reporting dashboards for non-technical stakeholders. Although their reports were thorough and well-structured, adding interactive visuals or executive summary dashboards could make it easier for board members or sponsors to quickly grasp the overall risk posture and progress. Nonetheless, this is a minor suggestion in an otherwise highly professional and effective engagement.

BACKGROUND

Please describe your company and position.

I am the Senior Systems Engineer of NazionLinux Canada

Describe what your company does in a single sentence.

NazionLinux Canada is a Canadian-based tech blog sharing hands‑on tutorials, minimalist configurations, and scripting tips focused on Void Linux and other lightweight GNU/Linux distributions.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Conduct black-box penetration testing
• Identify vulnerabilities
• Assess API endpoints
• Test for misconfigurations
• Evaluate the strength of SSH configurations
• Scan for potential malware or backdoors
• Ensure compliance
• Simulate real-world attack scenarios
• Audit our CMS platform
• Provide a detailed remediation report

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Good value for cost
• Company values aligned

How many teammates from PlutoSec were assigned to this project?

1 Employee

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec was hired by NazionLinux Canada to conduct a comprehensive external security assessment focused on identifying vulnerabilities across their web application, Linux-based server infrastructure, and API endpoints. The scope included penetration testing of the custom CMS, configuration audits of SSH and firewall rules, and an evaluation of third-party integrations such as CDNs and analytics tools. Testing was performed using both manual techniques and industry-standard tools, following frameworks like OWASP Top 10, NIST SP 800-115, and MITRE ATT&CK. Key deliverables included an executive summary, a detailed technical report with proof-of-concept exploits, a prioritized remediation plan, and a post-engagement consultation to review all findings and next steps.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The engagement with PlutoSec resulted in several measurable outcomes that demonstrated clear progress and enhanced security posture for NazionLinux Canada. Over 15 critical and high-severity vulnerabilities were identified and patched, including issues related to outdated CMS components, misconfigured firewall rules, and exposed API endpoints. Server hardening recommendations led to a 40% improvement in baseline system security benchmarks. The web application’s OWASP Top 10 compliance score increased from 62% to 92%, and all externally exposed services were reconfigured to follow best practices. Additionally, the engagement helped NazionLinux achieve alignment with PIPEDA data protection requirements, reducing legal and reputational risk. Post-remediation scans confirmed that all previously identified vulnerabilities were resolved, and the site’s uptime and performance remained stable throughout. 

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec demonstrated strong project management throughout the engagement. They adhered strictly to the agreed timeline, delivering the initial findings within the first week and the final report exactly on schedule. Communication was consistent and responsive, with regular updates provided at each milestone. They were quick to clarify technical findings and adapt their approach based on our evolving needs, particularly when we expanded the scope to include third-party integrations. Their ability to explain complex security issues in a clear, actionable manner made collaboration smooth and efficient.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What impressed us most about PlutoSec was how hands-on and knowledgeable their team was, especially when it came to our Linux setup. They didn’t just send over a generic report – they took the time to understand how our systems were built and gave us practical, clear advice we could actually act on. Their attention to detail and the fact that they did a lot of the testing manually really set them apart. It felt like we were working with a partner who genuinely cared about helping us improve, not just checking boxes.

Are there any areas for improvement or something PlutoSec could have done differently?

One area for improvement could be providing a slightly more streamlined summary for non-technical stakeholders earlier in the process. While the technical reporting was excellent, having a quick executive-level snapshot midway through would have helped us align internally a bit faster. That said, the team was always available to explain things when asked, and overall communication was solid.

BACKGROUND

Please describe your company and position.

I am the E-commerce Operations Manager of Capperidicasa Canada

Describe what your company does in a single sentence.

Capperidicasa Canada is a boutique e-commerce store that curates and sells mid-century modern and Scandinavian vintage furniture, lighting, and decor to design lovers across North America.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Provide 1 customized incident response plan
• Deliver all services within 2 weeks, including reporting and consultation
• Audit 3 internal systems (inventory, order processing, email)
• Improve phishing resilience across our 5-person team
• Ensure compliance with OWASP Top 10 and NIST standards
• Implement 1 secure payment gateway review
• Test 4 exposed API endpoints used in client transactions
• Perform 1 full penetration test on our e-commerce website
• Conduct 2 vulnerability assessments (web app + cloud storage)
• Secure 100+ customer records containing payment and contact data

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral
• Clutch Site

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget
• Company values aligned

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec was engaged to conduct a comprehensive cybersecurity assessment tailored to our e-commerce operations at Capperidicasa Canada. The scope included a full penetration test of our online store, which is built on a custom WordPress and WooCommerce setup, along with a vulnerability scan of our cloud storage environment where product images, client orders, and admin data are stored. They also audited our API endpoints used for order tracking and payments, and conducted a security review of our internal email system.

Key deliverables included a detailed technical vulnerability report, a risk rating matrix, OWASP Top 10 compliance review, a list of actionable remediation steps, and a custom incident response plan. PlutoSec also provided a non-technical executive summary, conducted a phishing simulation, and hosted a virtual debrief session to walk us through every finding and recommendation. Their team helped ensure our platform was aligned with both NIST SP 800-115 and PCI DSS guidelines.  

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

After working with PlutoSec, we were able to fully secure our website and backend systems. Issues we didn’t even know existed—like insecure admin panels and exposed APIs—were discovered and fixed. Our team also gained a much better understanding of how to manage sensitive customer data and avoid common security pitfalls. Since the project, everything runs smoother, and we feel far more confident operating our online store without the fear of hidden threats or system breaches.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

They were efficient and stayed on top of everything without needing reminders. Each stage of the project moved forward without delays, and they were flexible when we needed to shift focus or clarify a detail. The communication felt honest and direct, which made the whole experience less stressful on our side. 

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What really set PlutoSec apart was their ability to combine strong technical expertise with a clear understanding of our business needs. They didn’t treat us like just another client—they worked closely with us, respected our brand, and tailored everything to fit how we operate. That level of attention isn’t easy to find.

Are there any areas for improvement or something PlutoSec could have done differently?

One thing that could be improved is simplifying the early onboarding process. For a creative business like ours, some of the technical prep felt a bit overwhelming at first. A more guided walkthrough or a brief kickoff call upfront would’ve made things easier to digest. Once we got going, though, their team handled everything well.

BACKGROUND

Please describe your company and position.

I am the Operations & Guest Services Manager of Agriturismo S’abioi Canada

Describe what your company does in a single sentence.

We’re a Canadian hospitality business offering farm-style stays and authentic local dining experiences inspired by Sardinian traditions.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Website security
• Email protection
• Phishing prevention
• Cloud security audit
• Data privacy compliance
• Wi-Fi network hardening
• Malware detection
• Secure online bookings
• Vulnerability assessment
• Staff cybersecurity training

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral
• Clutch Site

Why did you select PlutoSec over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget
• Referred to me
• Company values aligned

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec conducted a comprehensive cybersecurity assessment tailored to our hospitality business operations. The scope included penetration testing of our website and online booking system, a full audit of our cloud storage and email services, and securing our Wi-Fi network used by both staff and guests. They also ran phishing simulations to assess employee awareness and provided hands-on cybersecurity training for our small team.

Key deliverables included a detailed vulnerability report, OWASP Top 10 compliance review, actionable remediation steps, a custom incident response guide, and a final executive summary outlining our overall security posture and progress.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

After working with PlutoSec, we saw a 100% resolution of all critical vulnerabilities found during the initial assessment. Our phishing simulation click rate dropped by over 70% after staff training, and our website and booking platform passed follow-up penetration tests with no exploitable issues. We also improved our data handling practices and now meet key privacy and security standards for guest information. Overall, our digital systems are more secure, and our team is more confident and aware of cybersecurity best practices.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

PlutoSec’s project management was excellent from start to finish. They clearly outlined the timeline, stuck to every deadline, and kept us informed at each step. Whenever we had questions or needed clarification, their team responded quickly and in plain language, which we really appreciated as a non-technical business. They were flexible, easy to communicate with, and always made us feel like our concerns were a priority.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What impressed us most about PlutoSec was their ability to blend deep technical knowledge with a genuinely human approach. They didn’t just hand us a report—they walked us through everything, made sure we understood the risks, and helped us fix the issues step by step. For a small hospitality business like ours, their high level of support and clarity was incredibly valuable.

Are there any areas for improvement or something PlutoSec could have done differently?

The only small area for improvement would be adding a more visual format to their final reports—something like charts or a dashboard summary would make it easier for non-technical team members to quickly grasp key findings. Other than that, everything was handled professionally and thoroughly.

BACKGROUND

Please describe your company and position.

I am the Data & Security Operations Lead of MK8 Canada

Describe what your company does in a single sentence.

We're a Toronto-based motorsport team that trains and supports mini-motard and pit-bike riders, using performance data and real race experience to help them compete at their best in events across Canada.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire PlutoSec to accomplish?

• Endpoint protection strategy
• Incident response planning and documentation
• Web application penetration testing
• Mobile app security testing
• API vulnerability assessments
• Cloud infrastructure auditing (AWS)
• Network security review
• Email phishing simulation and employee awareness
• Firewall configuration and hardening
• Identity and access management (IAM) setup

SOLUTION

How did you find PlutoSec?

• Online Search
• Referral

Why did you select PlutoSec over others?

• Close to my geographic location
• Pricing fit our budget
• Great culture fit
• Good value for cost
• Referred to me
• Company values aligned

How many teammates from PlutoSec were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

PlutoSec was brought on to perform a comprehensive security assessment across our entire digital infrastructure. The scope included penetration testing of our web and mobile applications, API security evaluations, and a full audit of our AWS cloud setup, including IAM policies and network configurations. They also conducted internal network assessments, endpoint security reviews, and simulated phishing attacks to gauge employee awareness. Key deliverables included detailed vulnerability reports, OWASP Top 10 compliance checks, technical risk breakdowns with proof-of-concepts, a tailored incident response playbook, and an executive summary for leadership—giving us a clear roadmap to strengthen our cybersecurity posture.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The outcomes were clear and impactful. We eliminated every critical and high-risk vulnerability identified during testing, improved our team’s phishing awareness through hands-on simulations, and aligned our AWS cloud setup with NIST-recommended security controls. The incident response plan they provided also helped us formalize internal security processes. A follow-up scan validated that all exploitable vulnerabilities had been resolved, giving us peace of mind and confidence in our security posture.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Their team was easy to work with, quick to respond, and flexible when we needed adjustments mid-project.

What was your primary form of communication with PlutoSec?

• In-Person Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

Their ability to explain complex security issues in a way our non-technical team could understand really stood out.

Are there any areas for improvement or something PlutoSec could have done differently?

No major issues—just would’ve appreciated a bit more visual clarity in the reporting format.