Sekurno

BACKGROUND

Introduce your business and what you do there.

MGID is a global advertising platform helping brands reach unique local audiences at scale. It uses privacy-first, AI-based technology to serve high-quality, relevant ads in brand-safe environments. The company offers a variety of ad formats, including native, display and video to deliver a positive user experience. This enables advertisers to drive performance and awareness, and publishers to retain and monetize their audiences.

Every month, MGID reaches 900 million unique readers, with 200 billion ad impressions, across 25 thousand trusted publishers. For more information, please visit www.mgid.com

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Sekurno?

We faced multiple challenges. First, as we began targeting customers from regulated sectors such as banking and automotive, as well as enterprise-level clients, we were met with strict security and privacy requirements. Second, our approach to security wasn’t structured enough; our processes weren't documented, making it difficult to address client inquiries about our security measures.

Additionally, the introduction of GDPR presented considerable challenges due to our limited expertise in privacy and data protection. 

SOLUTION

What was the scope of their involvement?

Our collaboration with Sekurno commenced with the penetration testing of two applications, a step initiated in response to increasing security inquiries from our clients. As our engagement progressed, we recognized the necessity of a more holistic approach to security. This led us to focus on constructing an Information Security Management System (ISMS) and attaining ISO27001 certification, a process that was executed efficiently and swiftly due to the collaborative efforts of both teams.

Furthermore, to ensure comprehensive security coverage, we extended our efforts beyond the initial scope. This included conducting vulnerability assessments of both our internal and external infrastructures. Additionally, we expanded the penetration testing to cover more than 10 applications, a critical step towards achieving full compliance with ISO27001 standards.

The third and equally significant phase of our engagement involved building processes to comply with GDPR regulations. This phase was not limited to our IT department but also involved our legal team.

Overall, the solution provided by Sekurno was multifaceted, addressing our immediate security needs while also laying a foundation for ongoing compliance and security management.

What is the team dynamic?

The team dynamic was highly collaborative and professional. Sekurno brought together a team of high-level specialists who were responsive and open to communication on any issue. On average, about 10 people were involved, ensuring a diverse range of expertise and perspectives. This dynamic facilitated a thorough and effective approach to addressing our security needs.

How did you come to work with Sekurno?

When we faced the necessity of a cybersecurity solution, we reached out to our network, and Sekurno was recommended to us as a trustworthy security partner.

How much have you invested with them?

I can share that our investment with Sekurno has been significant in terms of both time and resources. It's important to note that their C-Level was involved and was always there to listen to our feedback. The major work being carried out in collaboration with Sekurno’s Team and our Legal and IT teams. This approach ensured that we had the right expertise involved at every stage, optimizing our investment and maximizing the impact of their services.

What is the status of this engagement?

The engagement with Sekurno began in May 2020 and is still ongoing. We continue to work closely with them to ensure our security and privacy measures are up-to-date and effective.

RESULTS & FEEDBACK

How did your relationship with Sekurno evolve?

Our relationship with Sekurno evolved from a client-vendor dynamic to a more collaborative partnership. As we faced various challenges, Sekurno's team was always there to provide expert advice and solutions. Their responsiveness and ability to adapt to our changing needs played a significant role in this evolution.

How did Sekurno address the challenges that arose?

Sekurno addressed our challenges by providing comprehensive solutions tailored to our specific needs. They were proactive in identifying potential issues and quick to respond whenever challenges arose. Their structured approach to security and privacy, especially in compliance with GDPR and ISO27001, was instrumental in overcoming these challenges.

Describe the impact this engagement has had on your business.

The impact of this engagement on our business has been profound. With Sekurno's help, we were able to implement a structured approach to security, which not only enhanced our internal processes but also significantly improved our market position. Notably, we signed agreements with world-known brands, something that wouldn't have been possible without the security measures and certifications we achieved through this collaboration.

How was project management handled?

Project management was handled professionally and efficiently. Deadlines were consistently met, and if there were any delays, they were usually on our end. The Sekurno team was organized and maintained clear communication throughout the project, ensuring that all parties were aligned and informed

Is there anything that the vendor did well or that you would consider a strength?

One of Sekurno's key strengths is their team of high-level specialists. Their expertise was evident in every aspect of the engagement. Additionally, their responsiveness and open communication were crucial in building a strong and effective working relationship.

In what specific areas can they improve?

It's hard to say as we only see part of their iceberg. But as of now, we are satisfied and find the team excellent.

What advice do you have for clients with similar needs to yours?

For clients with similar needs, my advice is not to neglect security and privacy. Allocate a sufficient budget for these areas, as they are crucial for business development and cannot be compromised. Also, understand that security and privacy compliance is a continuous process. It's not something that can be achieved once and then forgotten. The landscape is constantly evolving, and staying up-to-date is essential for maintaining security and compliance.

UPDATED REVIEW

BACKGROUND

Please describe your company and position.

I am the Director of Snippet Digital

Describe what your company does in a single sentence.

Snippet Digital is a state of the art software company specializing in building bespoke tools for digital marketers and the SEO industry

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Ensure platform security
• Compliance with rigorous Enterprise security requirements
• Achieve internal security assurance

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• Pricing fit our budget
• Referred to me
• Other

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

• Introductory Meetings and Sales Process: The project began with detailed initial meetings where Sekurno thoroughly explained their approach to security. Their expertise and understanding of our needs built immediate trust, leading us to commit to a 2-year contract without hesitation.
• Project Execution: Throughout the execution phase, we were constantly informed about the project's progress. Sekurno's team was diligent in communicating all critical findings promptly, ensuring we could take swift action when necessary.
• Reporting Phase: The culmination of the project was marked by Sekurno delivering a comprehensive, password-protected report. This not only detailed the vulnerabilities found but also underscored Sekurno's serious commitment to maintaining our security. The report provided us with clear guidance on prioritizing and addressing the identified issues.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

A key outcome was the identification of various security vulnerabilities within our system. The detailed report from Sekurno highlighted these issues, ranked by their criticality, providing a clear pathway for our team to act upon and fix the urgent vulnerabilities first. This identification was a significant step towards enhancing our platform's security.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management was exemplary. Sekurno provided a dedicated account manager, and we were included in a Slack channel for real-time updates. All deliverables were provided on time or ahead of schedule, and Sekurno was proactive in ensuring that we were kept informed and engaged throughout the process.

What was your primary form of communication with Sekurno?

Virtual Meeting

What did you find most impressive or unique about this company?

The most impressive aspect of working with Sekurno was their genuine care and proactive approach. The constant follow-ups and the quality of service were beyond our expectations. It was evident that Sekurno's team was invested in our success and security, which is quite rare in service-based companies.

Are there any areas for improvement or something Sekurno could have done differently?

From a service and management perspective, there are no apparent areas for improvement. The technical aspects were handled well, and the overall service delivery was excellent. Our team had no complaints, and the process was smooth and effective from start to finish.

BACKGROUND

Please describe your company and position.

I am the Head of Development of 24Slides

Describe what your company does in a single sentence.

We specialize in redesigning presentations, transforming content or draft presentations into standout visual materials for impactful presentations

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Meeting Compliance Requirement
• Provide Evidence for Customers of our commitment to security
• Internal Security Assurance

SOLUTION

How did you find Sekurno?

• Online Search
• Clutch Site

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Great culture fit
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

• Sales Process: The project began with an initial conversation about our need for penetration testing. Sekurno was one of five vendors we considered. Their presentation stood out due to its directness and the thorough explanation of the need for white box testing, which was different from what other vendors offered.
• Negotiation Phase: We had a smooth negotiation process with Sekurno, focusing on aligning our budget and security needs. The agreement reached was mutually beneficial.
• Project Execution: The project involved an extensive penetration test. Communication was effective and mainly through Slack, which kept us well-informed about the project’s progress.
• Key Deliverables: We received a comprehensive vulnerability report followed by a retest to ensure all the identified issues were resolved. The deliverables also included an attestation letter confirming the successful remediation of the vulnerabilities.
• Final Phase: The project concluded with the presentation of a detailed report and the provision of the attestation letter. The report was particularly noted for its clarity and easy readability, combining both technical details and high-level information effectively.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project led to the identification and rectification of various vulnerabilities in our system. The fact that some vulnerabilities came as a surprise was a testament to the depth of the penetration test. This process not only enhanced our system’s security but also provided a clearer understanding of our security posture. It was a revelation to see how certain overlooked aspects of our system could be potential risks, and addressing these has significantly fortified our defenses.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Sekurno’s project management was commendable. The project was not only completed within the stipulated timeline but was also managed with a high degree of professionalism. The team’s responsiveness was particularly noteworthy. They were quick to adapt to our requirements, and their proactive communication ensured that we were always in the loop. This adaptability was crucial, especially when the project required slight shifts in focus or approach.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

Sekurno distinguishes itself in the cybersecurity domain not only through its technical prowess but also through its client-centric philosophy. Unlike many others who may view projects as transactional engagements, Sekurno aims to foster a partnership with its clients. This approach was crystal clear in their dedication to understanding our business context and the unique security challenges we face.

Furthermore, what truly sets Sekurno apart is their commitment to an in-depth analysis. Their approach was focused on delving as deeply as possible to uncover vulnerabilities, a stark contrast to competitors who might take a more surface-level approach. This depth of analysis, combined with their commitment to forming enduring client relationships, truly makes Sekurno stand out in the field.

Are there any areas for improvement or something Sekurno could have done differently?

Although we were highly satisfied with Sekurno's service, we believe there's always scope for enhancement. An area that could be improved is the development of an interactive dashboard for clients. This tool could provide a more dynamic and engaging way to interact with the project's progress, findings, and subsequent actions.

It would serve as a centralized platform for clients to access detailed project information and gain deeper insights, further strengthening the partnership approach Sekurno advocates.

BACKGROUND

Please describe your company and position.

I am an executive at Deltafunc

Describe what your company does in a single sentence.

DeltaFunc is a holding that transforms the way people perceive technology through EdTech, MarTech and FinTech projects and solutions.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Enhancing Security
• Optimizing Transaction Efficiency
• Understand security risks better

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• High ratings
• Pricing fits our budget
• Great culture fit
• Referred to me

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

The project undertaken by Sekurno was a meticulous penetration testing of our smart contract. Initially, their team engaged in a detailed information gathering phase, ensuring they had a comprehensive understanding of our project's scope and objectives. This was followed by a strategic planning phase, where they conducted thorough threat modeling to identify potential vulnerabilities and risks associated with our smart contract. 
The execution phase was marked by rigorous testing procedures aimed at uncovering security vulnerabilities and exploring avenues for transaction efficiency enhancement. Key deliverables from this phase included identification of security loopholes and optimization opportunities. The culmination of the project was marked by the delivery of an extensive report, which included a detailed business risks summary and a technical breakdown of the findings. 
Additionally, Sekurno organized a comprehensive Q&A session, providing us with deeper insights and guidance on how to address the identified issues. They also provided us with detailed threat modeling documentation, equipping us with knowledge about potential risks.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The measurable outcomes from the project were significant and indicative of its success. Firstly, we achieved a notable optimization of our smart contract in terms of transaction costs. This optimization led to increased efficiency and reduced operational expenses. Secondly, the identification and subsequent fixing of several security issues enhanced the overall security posture of our smart contract. 
This not only fortified our system against potential threats but also increased the trust and confidence of our stakeholders in our platform. The project's success was further underscored by the enhanced understanding and awareness of potential risks, thanks to the comprehensive threat modeling provided by Sekurno. These outcomes collectively demonstrate tangible progress in both the security and efficiency of our smart contract.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management by Sekurno was exemplary. Not only did they deliver on time, but they also maintained consistent communication throughout the project, keeping us informed of progress and any challenges encountered. Their responsiveness to our needs was remarkable; they were flexible and adapted their approach as the project evolved. 
The team demonstrated a high level of organization and efficiency, ensuring that all phases of the project were executed seamlessly. Their ability to anticipate our needs and proactively address them was particularly noteworthy. The project was managed with a high degree of professionalism, and their commitment to meeting deadlines without compromising on quality was impressive.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about Sekurno was their unique blend of security and development expertise. Their team possessed a deep understanding of both the technical and security aspects of smart contracts, enabling them to conduct an exceptionally thorough analysis. This dual expertise allowed them to not only identify vulnerabilities but also suggest practical and efficient solutions. 
Additionally, their business process was impressively focused on uncovering a wide range of issues, going beyond mere compliance to ensure a comprehensive security posture. Their approach to delving deep into the system and exploring every possible angle was remarkable. This level of dedication and thoroughness in their work was both impressive and unique, setting Sekurno apart as a leader in their field.

Are there any areas for improvement or something Sekurno could have done differently?

At this point, we honestly have nothing to suggest for improvement. Everything was executed perfectly, from the initial planning to the final delivery. The Sekurno team's professionalism, expertise, and attention to detail were evident throughout the project. We are thoroughly satisfied with the service provided and the outcomes achieved.

BACKGROUND

Introduce your business and what you do there.

As a pioneering force in the ever-evolving global IoT industry, RAKwireless designs and produces inventive, comprehensive IoT solutions. Our robust product portfolio includes over 50 actively produced items, spanning from IoT modules and LoRaWAN Gateways to ready-to-deploy Node devices. These offerings cater to a wide spectrum of customers, encompassing both IoT developers and deployers.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address?

Over the past few years, our growth trajectory has been steep, with numerous B2B and B2C product launches, several of which have seen extraordinary popularity. As our market presence and customer base expanded, the necessity to enhance our product security became increasingly apparent. This became crucial not only to safeguard our customers and their data but also to uphold our reputation. 

Consequently, we set an objective to align our company and products with ISO 27001 standards and GDPR regulations. Thus, we found ourselves in pursuit of a comprehensive, sophisticated cybersecurity program and sought out a proficient and trustworthy service provider.

SOLUTION

What was the scope of their involvement and team dynamic?

Our partnership with Sekurno originated from the penetration testing of our critical software product, a comprehensive remote IoT fleet management system. With its role in handling sensitive data, we needed assurance of its security. 

We aimed to undertake a thorough security audit, scrutinizing our infrastructure and the interaction between cloud and device, to meet the most stringent standards. Accordingly, Sekurno initiated a white box penetration test of our web application and APIs, scrutinizing the front-end, back-end, and source code.
The security concerns identified by Sekurno's pen testers were meticulously documented in a report, which included a proof of concept for each issue. Additionally, they collaborated with our development team in implementing fixes and testing them, ensuring the security of our application and APIs.
Given the fruitful collaboration between Sekurno's experts and our software developers, as well as the insightful penetration test results, we extended our partnership to include the Software Security Development Lifecycle (SSDLC). This step aimed at incorporating top-notch security practices into our software development process. The Sekurno team conducted a gap analysis of our existing code based on penetration test results, followed by a review of our SDLC to uncover specifics of our internal development process. Based on these findings, they assembled a security team to collaborate with our developers throughout all stages of the software development process, including risk analysis during the design phase, establishing security requirements parallel to functional ones, and aligning security testing with development.
In our pursuit of ISO 27001 compliance, we expanded our collaboration with Sekurno to establish an Information Security Management System (ISMS) that aligns with the standard and prepares us for certification. They conducted a comprehensive assessment of our company, developed an action plan to bridge gaps, and guided us through ISO27001 implementation, certification, and subsequent ISMS maintenance tasks.
Sekurno also assisted us in achieving another critical compliance milestone, the GDPR. Given our strategic focus on the EU market, we needed to ensure that our software development abided by the principles of privacy by default and privacy by design. Sekurno carried out a GDPR compliance audit for several RAKwireless software products, delivering an Internal Audit Report, GDPR-required documentation, Records of Processing Activities (ROPA), Legitimate Interests Assessments/Data Protection Impact Assessments (LIAs/DPIAs), Standard Contractual Clauses (SCC), EU representative assignments, Data Protection Officer (DPO) assignments, and a final report detailing the results of the GDPR compliance assessment.

What's the status of this engagement?

Having achieved ISO 27001 certification and advanced our GDPR compliance to a level suitable for global operation, particularly within the EU, we have now redirected our partnership with Sekurno towards vulnerability management, DPO, and EU representative outsourcing for GDPR-related activities.

RESULTS & FEEDBACK

How did your relationship with your partner evolve?

Our relationship with Sekurno has evolved gradually, increasing both in the complexity and volume of tasks assigned. We've progressed from conducting a penetration test on a single web application to testing multiple products, eventually incorporating Sekurno into our core software development processes. Their involvement in the Software Security Development Lifecycle (SSDLC) has effectively preempted numerous significant security issues during development, which has proven to be immensely valuable. They later took charge of compliance projects that held, and continue to hold, strategic importance for us.
In terms of outcomes, beyond enhancing our internal and external processes from a security perspective and achieving ISO 27001 and GDPR compliance, one of the most crucial results is our preparedness for security-focused discussions with our customers. Such conversations have been increasingly frequent, and we're now well-equipped to provide detailed and convincing responses to our customers' inquiries.
Our collaboration with Sekurno has consistently been seamless. They've delivered on time, and any extensions in timelines were only due to our decision to expand the scope of tasks. Their project management has been exceptional, exceeding our expectations.
What sets Sekurno apart is their ability to compete with larger firms despite their relatively smaller size. Their compact structure facilitates more manageable project management and offers competitive pricing. They've repeatedly demonstrated their capabilities and competence.
One particularly commendable aspect of our collaboration with Sekurno is their integrity. They never attempt to push services we don't need, focusing instead on what's currently essential and beneficial for us as a client.

In what ways can they improve?

While there's hardly anything to critique, one recommendation would be the implementation of a customer portal. This platform could facilitate sharing of findings and deliverables with customers, and also support additional workflows. I believe such an initiative could bring substantial benefits to both parties.

What advice do you have for clients with similar needs to yours?

For companies contemplating cybersecurity programs, my recommendation would be not to delay until the situation becomes critical. Select individuals and teams with the required expertise and place your trust in them to manage your cybersecurity responsibilities.

UPDATED REVIEW

This review was published on July 14, 2021.

VP, RAKwireless

Manufacturing

51-200 Employees

Shenzhen, China

$10,000 to $49,999

Dec 2020 - Feb 2021

Project summary

Sekurno provided full security audits for an IoT solutions company. The client wanted the vendor to focus on their cloud infrastructures and their vulnerabilities to bugs and cybersecurity threats.

Feedback summary

Sekurno led a transparent, trustworthy service that exhibited confidence in their extensive technical skills. They guided the company through the implementation of their suggestions and even provided additional testing. The client also praised their smooth workflow.

BACKGROUND

Please describe your company and your position there.

RAKwireless is a pioneer in providing innovated and diverse LPWAN connectivity solutions for IoT edge devices, for both enterprises, SMB and individuals. IoT solutions should not be complex. We strive for simplicity and effectiveness in all products we develop.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Sekurno?

We have Fleet Management System for our gateways, which handels sensitive date. We wanted to do a full security audit (to make sure we meet the highest standards) and we wanted Sekurno to review our infrastructure and mechanisms between cloud and device.

SOLUTION

How did you select this vendor and what were the deciding factors?

Our partner referred us to Sekurno, and after interviewing a number of potential candidates, Sekurno came out as best. Professional approach, clear outlines, and a good offer. No hidden fee's whatsoever.

Describe the project in detail and walk through the stages of the project.

The scope of Sekurno included penetration testing of our web-application and API's. They were tasked with checking the front-end, backend, source code, vulnerabilities and security bugs -consolidated in a detailed report with proof of concept for each issue. Besides that Sekurno also worked together with our development team on implementing all the fixes and testing all the implementations, to make sure the application and API's were safe.

How many resources from the vendor's team worked with you, and what were their positions?

Sekurno - Senior Penetration Tester & Lead - Senior Penetration Tester Partner / RAK - PM - QA - DevOps - FE - BA - AWS Experts

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

• Report with business summary, security issues identified, technical details, and recommendations on fixing.
• The Checklist with the results of tests performed.
• Guidance on implementation of fixes
• Additional testing to make sure all issues are fixed

How effective was the workflow between your team and theirs?

After discussing the workflow between the teams, all went very smooth. Sekurno kept us (stakeholders) updated during the investigation and also discussed some things preliminary with our development partner.

What did you find most impressive or unique about this company?

The people at Sekurno clearly know what they are doing and don't shy away from a challenge. Although this review is focussed on 1 project only, we are currently running multiple projects with them in parallel. Sekurno every time finds a way to meet our business needs, even though while in some cases they don't have the expertise in house yet. They have a trusted network of partners. Which is great for us as client.

Are there any areas for improvement or something they could have done differently?

We are very satisfied and at this moment, we have no additional recommendations on what could be done differently or better.

Overall rating: 5

Quality: 5

Cost: 5

Schedule: 5

Willing to refer: 5

BACKGROUND

Please describe your company and position.

I am the information security officer of Performica

Describe what your company does in a single sentence.

Performica is a cloud HRM service designed to provide data-driven guidance to proactively retain employees. It helps HR teams to understand the well-being of the personnel, how efficiently people interact between teams with each other, and what is their opinions about the company.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• conduct penetration test by a third-party pentester to pass the audit for SOC2 type 2.
• assess security posture of our application

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Great culture fit
• Referred to me

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

We approached Sekurno with a grey box pentest task. The pentesters were communicating with the developers, however, did not have access to the source code. Essentially, it turned out to be a web pentest with AWS infrastructure checks included into the scope. Sekurno team provided us with good deliverables: 

• a detailed penetration test report containing clearfindings and actionable recommendations. 
• checklists with all the tests performed by the Sekurno Team 
• Threat Models developed during the project planning phase. Also, we had a very useful QnA session devoted to pentest results with Sekurno team.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

• One of the most important outcomes of the project is that Sekurno team was able to identify the security issue with data filtering. It was not working the way it should have. What makes this result even more valuable, is that this issue had been overlooked by some Cybersecurity giants that had tested our application before Sekurno. 
• They tested this application before, but none of them found it. I think, it is really great that Sekurno researchers were able to find this vulnerability in our application.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management worked really well. Everything was delivered on time; all timelines were observed. The workflows were managed really well. We had access to a shared Slack channel, and everyone from our team was able to get information from the researchers and communicate with the Sekurno team without obstructions. 

At the same time, pentesters were also using it to inform us instantly about new requests, such as IP addresses to whitelist, and ask more questions about how the application works.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

The most impressive about Sekurno is their proven ability to go deeper and discover more than big cybersecurity vendors.

Are there any areas for improvement or something Sekurno could have done differently?

I believe Sekurno is doing everything great already.

BACKGROUND

Please describe your company and position.

I am the Chief AI Officer (CAIO) of DocDigitizer

Describe what your company does in a single sentence.

DocDigitizer is a Cognitive Data Capture / Intelligent Document Processing SaaS , with (near) 100% accuracy guaranteed by SLAs, Zero Set-up and full Pay-per-Use.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Enhancing Information Security
• Compliance and Certification for ISO 27001
• Access the Security Posture
• Run White-Hat Hacking

SOLUTION

How did you find Sekurno?

Summit / Conference

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Great culture fit
• Company values aligned

What was the size of Sekurno’s team?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

During the preparation stage, in order for Sekurno to do a good job, they needed to have access to two things, t the clone of the platform that our customers use, and also the source code of the application so that they could do a deep dive and detect all kinds of vulnerabilities, that may not be evident if the system is accessed only through the web browser.

It was a wise choice to create a clone because Sekurno engineers were able to bring the system down on a number of occasions during testing procedures. Kudos to them for that.

The second challenge at the preparation stage was connected with giving access to the code, for which we created a special isolated infrastructure using VPNs and other mechanisms for our control. Using this infrastructure that we have set up, we deployed the code and gave Sekurno what it needed to access it. All these arrangements were done together with Sekurno and would prove to be helpful to anyone who is the first time on a project such as this like we were.

The pentesting stage started after we clearly defined the scope, listed the APIs, defined the phases and all the requirements, defined what we would be doing, what would be the outcomes, what the report would be like, etc.

The reporting stage was the next one, but I want to stress that Sekurno team instantly notified us of the findings, which, if exploited, had the potential of serious business process disruption, and it was already happening during the pentesting stage. During the reporting stage there was an Analysis Report discussion, then followed the fixing of the vulnerabilities, and resetting the system.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

Sekurno team managed to find critical vulnerabilities which were successfully removed. I have to confess it’s a bit of a sweet-and-sour feeling when you feel happy because you find the vulnerabilities and feel unhappy because you have them. But it’s way better to have them discovered during pentesting, than after a malicious attack. So this pentesting was a great result for both of us.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Everything was great. If there were some minor project pauses caused by delays with deliverables from our side, like restoring the testing environment, we always felt that Sekurno was there and ready to jump in. And they were very helpful during all the stages. These minor impediments were caused by the need to allocate resources for restoring the testing environment, at the same time maintaining normal operation of the essential business processes. And it was really nicely managed by Sekurno.

Never in a moment, we felt like they were too pushy. For each finding we saw that we really needed to look into them, because these guys were providing a very good service. We loved the critical findings reports. The communications were there: we felt during the entire four week project span that Sekurno guys were doing necessary stuff and communicating.

What was your primary form of communication with Sekurno?

• In-Person Meeting
• Virtual Meeting
• Email
• Messaging App

What did you find most impressive or unique about this company?

I would say that the project management was quite good. PM Christina was amazing in dropping us lines when we needed them, and stuff like that, at every stage of the project. The overall clear success of the project was greatly due to the project management and well thought through phases. I would like to add that their project management process greatly helped us increase maturity in securing our applications.

Are there any areas for improvement or something Sekurno could have done differently?

Although this point is not direct responsibility of Sekurno, It would be beneficial for us to have a the start of the project some training sessions regarding the all approach of pen testing. For companies taking the first steps this can be helpful.

BACKGROUND

Please describe your company and position.

I am the CEO of Lobby X

Describe what your company does in a single sentence.

Human Capital Platform and Recruiting Agency

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Penetration test
• Information security check

SOLUTION

How did you find Sekurno?

Referral, Other

Why did you select Sekurno over others?

Referred to me

What was your primary form of communication with Sekurno?

Virtual Meeting

Describe the scope of work in detail. Please include a summary of key deliverables.

Considering the sensitive nature of the personal information of the candidates which we handle at our backend platform for numerous business processes and workflows, we were determined to provide a maximum level of cybersecurity.

So we decided to consult an expert cybersecurity service provider able to minimize breach probability. To achieve this, we ordered a white box penetration test of this backend system and API, to identify vulnerabilities potentially leading to unauthorized access to databases and get recommendations for their elimination.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

• Indicated issues in cybersecurity

Describe their project management. Did they deliver items on time? How did they respond to your needs?

During our intro talks, we described the project details and timeframes. Following the white box pentest procedure we created a testing environment, provided a system brief with a detailed description of functionality and mechanisms, database and application configurations, created testing accounts for 4 different roles and so the project began.

Our DevOps and Sekurno team maintained continuous communication at all stages of the pentest project which lasted for 3 weeks. Pentesters used both manual and automated testing, in particular such tools as TruffleHog and others, and the results presented in the final report appeared to be quite valuable and convincing.

We had recommendations as to the removal of the identified vulnerabilities of different severity levels, as well as general recommendations to be taken into account by the developers for future tasks.

Upon completion of the fixes, the Sekurno team conducted a follow-up testing to make sure everything was fixed as planned and recommended.

What did you find most impressive or unique about this company?

The most impressive thing was how smoothly the whole project was completed. Their competence and professionalism also added to overall positive impression about Sekurno.

Are there any areas for improvement or something {provider_name} could have done differently?

Nothing I can think about, everything’s fine.

BACKGROUND

Please describe your company and your position there.

I'm the CEO of a game studio that develops and publishes mobile games.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Sekurno?

We were looking for an external cybersecurity company to perform an annual penetration test and security assessment of one of our games that runs on desktop as well as mobile.

SOLUTION

How did you select this vendor and what were the deciding factors?

We selected this vendor based on their level of expertise as well as their warm and friendly approach with us.

Describe the project in detail and walk through the stages of the project.

We needed a penetration test and security assessment of our game that runs on the Facebook Platform as part of a Data Protection Assessment Compliance requirements set by Meta Platforms Inc. Specifically, the vendor conducted Static Application Security Testing of the client Code-base as well as Static Application Security Testing of the Backend.

The goal was to identify areas of potential weakness and provide evidence of existing vulnerabilities.

Deliverables included:

• Pentest report
• Document with all tests performed by the team
• Consulting with our development team to help address issues found
• Follow-up test
• Letter of attestation after the follow-up test.

How many resources from the vendor's team worked with you, and what were their positions?

The vendors team comprised a project manager, 1 security analyst and 3 penetration testers.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

They provided a well put together set of security assessment reports that provided comprehensive coverage and analysis of our code base and backend. They also provided competent consulting to help us address and solve the vulnerability and security issues found.

How effective was the workflow between your team and theirs?

They were prompt and very fast! We had a very ambitious schedule to get the security assessment and pen test started and completed and they made themselves available to consult with our team at all key moments. They met all the schedule milestones and shared our sense of urgency to the point that they felt very much a part of our team.

What did you find most impressive or unique about this company?

They had great empathy and understood our needs perfectly. And their level of competence was as high as we could have hoped for.

Are there any areas for improvement or something they could have done differently?

They surpassed our expectations. We can't think of any complaints.

BACKGROUND

Please describe your company and your position there.

My position is CTO at OMO Systems. We are an IoT service provider focussed on all-in-one property automation by integrating partner solutions and devices into a broad IoT ecosystem. We deliver technology solutions for access control, security & comfort suitable for multi-family buildings, HORECA, and commercial properties. Our goal is to make smart places accessible to everyone who has a smartphone.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Sekurno?

We hired the vendor to help us set up an information security management system in accordance with the ISO 27001 standard, follow the best practices in the realm of cybersecurity and eventually prepare ourselves to get certified.

SOLUTION

How did you select this vendor and what were the deciding factors?

When we faced the necessity of a cybersecurity solution, we weighed several vendors against each other and Sekurno’s subscription offer played a decisive role as the format of a continuous support with affordable payload was exactly what fit us best.

Describe the project in detail and walk through the stages of the project.

The project set off with the overall organization profile assessment which led to the creation of the action plan to be implemented in order to fill the gaps which our company had at the time. The action plan included policies creation; asset management; systems and processes updates in order to prepare ourselves for the audit and achieving the compliance status.

How many resources from the vendor's team worked with you, and what were their positions?

There were 2 compliance officers and 1 project manager from the Sekurno team who worked with us during the whole project. The CEO of Sekurno also participated in status update meetings and progress reviews.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The biggest outcomes are:

• clear, reasonable action plan to follow and check the progress against;
• enhanced and more secure operational processes set up by the introduced policies and best practice procedures;
• raised awareness regarding security risks and methods of overcoming them;
• we have obtained a leverage in a communicative process with our potential investors and partners by securing our systems and setting up secured operational processes within the company;
• establishment of an Information Security Management System (ISMS) in the organization.

How effective was the workflow between your team and theirs?

The workflow was rather productive. We can highlight:

1. Their proactive approach allowed us to achieve perceptible results quickly;
2. straightforward communication and a firm control over the task accomplishment kept us alert and focused;
3. clear and understandable workflow allowed us to get familiar with the intricacies of the compliance process.

What did you find most impressive or unique about this company?

Proactivity and leading qualities of the team members; High responsibility and charge of the domain the team if answerable for; Flawlessness of the team integration;

Are there any areas for improvement or something they could have done differently?

No particular advice. The team is doing their job and accumulating experience from it - we felt the dedication and remained satisfied with the cooperation, so there is a high possibility that we’ll stay connected with the vendor for the future security projects as well.