Sekurno

BACKGROUND

Introduce your business and what you do there.:

 I’m Mads, the CTO at Kaunt.

Kaunt provides an AI-driven account coding engine that automates the invoice account coding process, enabling greater efficiency and accuracy in finance operations. We are based in Denmark and operate in a high-trust environment with enterprise clients. As such, we prioritize strong security practices and strict compliance with industry standards such as ISO and SOC 2. Our goal is to maintain trust and credibility by demonstrating a mature and proactive approach to security.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address?
As a company operating in the finance and AI sectors, we needed to demonstrate that our systems were secure and compliant with industry standards like ISO and SOC 2. This was not only a compliance requirement but also a strategic need to earn the trust of large enterprise clients who carefully assess the security posture of their partners.

We hired Sekurno with two key objectives in mind.

First, we wanted a professional penetration test that would go beyond a standard checklist and offer in-depth insights into our systems. We needed a testing partner who would not just validate our security but help us improve it.

Second, we were looking for peace of mind across the organization. This included our engineering team, our leadership, and our salespeople who are often asked to provide proof of security to prospects. The ability to show a rigorous test report and explain how we responded to findings was important to our credibility.

This was our second engagement with Sekurno. After being impressed by their work in the first year, we expanded the scope this time to include more systems and infrastructure.

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

• Pricing fit our budget
• Great culture fit
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

What was the scope of their involvement and team dynamic?

 This year, the scope of Sekurno’s work increased significantly. Initially, we focused on backend services, but for this engagement we included the frontend and key parts of our infrastructure as well. The idea was to cover all critical components of our application.
The engagement started with threat modeling sessions, where we worked together to define which areas needed testing and how the testing should be prioritized. This helped us build a more structured and thoughtful security review process.
The team at Sekurno was highly collaborative and technically skilled. One of the things we appreciated the most was having direct conversations with the actual penetration testers. This allowed us to go deeper into the findings and understand the context behind each issue. It was a much more technical and valuable interaction than dealing with general project managers.
A new and very effective improvement this year was the use of a dedicated Slack channel. Communication was fast and fluid, similar to how we work internally. This helped speed up discussions, reduce delays, and made the whole process feel more integrated.

What's the status of this engagement?

The formal penetration testing engagement has been completed, but our collaboration with Sekurno continues. We now involve them whenever we have questions related to security, even when it comes to other companies within our group. They’ve become a trusted partner we can rely on not only for testing but also for general guidance on security architecture, tooling, and best practices.

RESULTS & FEEDBACK

How did your relationship with your partner evolve?

 Our relationship with Sekurno has grown from a trial engagement into an ongoing partnership. In the first year, we wanted to see how they worked and whether the collaboration would add value. Based on the quality of their findings and their collaborative approach, we've chosen to continue working with them.

This year, we were able to share part of the penetration testing report with some of our enterprise clients. Their response was very positive. A few even commented that “these guys know what they’re doing,” which helped us build trust and credibility. The depth and clarity of the testing helped us demonstrate that we are serious about security and that we invest in it not just for compliance, but because it matters to our business and our customers.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

In what ways can they improve?

 Overall, the engagement was excellent. If there is one area for improvement, it would be to provide more proactive updates during the testing phase. Even short status messages could help give more visibility into the timeline and reassure the client that everything is on track. This is especially valuable when working with tight deadlines.

What advice do you have for clients with similar needs to yours?

 If you are going to invest in penetration testing, make sure it is more than just a formality. Work with a partner who helps you learn something from the process and improves your actual security. With Sekurno, we received useful feedback and our team became more security aware as a result.

Also, provide the testers with all the information they need from the beginning. The better the context they have, the more precise and efficient the testing will be. That way, you get real value from the engagement and not just a report to satisfy compliance requirements.

UPDATED REVIEW

This review was published on 02/06/2024

Mads Ellersgaard Kalør
CTO, Kaunt A/SInformation technology

Arhus, Denmark

1-10

Jan 2024 - Jan 2024

$10,000 to $49,999

Verified

Project summary
An IT company hired Sekurno to provide cybersecurity services. The team fulfilled compliance requirements and conducted penetration testing and security risk penetration for the client.

Feedback summary
Thanks to Sekurno, the client met compliance requirements with a detailed and approved report. The team provided valuable security insights, delivered on time, hosted efficient meetings, and adapted to the client's requirements. Sekurno's thorough testing was crucial to the project's success.

BACKGROUND

Please describe your company and position.

 I am the CTO of Kaunt A/S

Describe what your company does in a single sentence.

We provide an AI driven account coding engine that automates the invoice account coding process.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Compliance Requirement Fulfillment
• Valuable Penetration Testing
• Security Risk Mitigation

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

• Pricing fit our budget
• Great culture fit
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

The project commenced with a thorough vendor research phase. We evaluated four offers, considering factors like price, urgency, and the specific nature of our requirements. Sekurno stood out due to their competitive pricing and a deep understanding of our needs, particularly with regard to compliance and penetration testing. 

During the pre-sale process, Sekurno distinguished themselves through efficient communication and a personalized approach. The contract and related documents were managed smoothly, a vital aspect given our tight deadlines. In the execution phase, Sekurno's team displayed professionalism and technical expertise. They provided clear guidelines on what was needed from our end, ensuring efficient use of resources. 

The engagement with our developers was particularly noteworthy, as Sekurno’s team was open and informative, facilitating productive discussions about security. The reporting was comprehensive and accessible. It detailed the penetration testing process and results, providing valuable insights into our security posture.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project led to tangible outcomes that significantly impacted our business. Firstly, it enabled us to meet our compliance requirements with a detailed and approved report, reassuring our customers and partners about our security measures. 

Secondly, the penetration testing provided invaluable insights, identifying vulnerabilities in our code, which enhanced our overall security. This process also boosted our development team's confidence, validating the security of their work and providing an external perspective on areas for improvement. The thoroughness of Sekurno's testing and their ability to go beyond mere compliance checks significantly contributed to the project's success.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Sekurno’s project management was exemplary. Despite a short timeline, they delivered the report on schedule and ensured all processes were aligned with our needs. Communication was efficient, and the number of meetings was optimal, avoiding unnecessary time expenditure. 

The team was always reachable and responsive, adapting seamlessly to our requirements. The involvement from our side was minimal, mainly overseen by myself, which speaks to Sekurno’s ability to manage projects independently and effectively.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

The most impressive aspect of Sekurno was their commitment to providing more than just a compliance service. They showcased a deep understanding of security risks and a dedication to thorough testing, distinguishing themselves from other vendors who might focus solely on compliance. 

This approach, coupled with their transparent and down-to-earth communication style, made them stand out. Their ability to convey technical details effectively and engage in meaningful discussions about security was particularly noteworthy.

Are there any areas for improvement or something Sekurno could have done differently?

A minor area for improvement would be in communication during the testing phase. Providing a more proactive and frequent update on the progress, perhaps through brief emails, would enhance the overall client experience, especially when working under tight deadlines. This would offer reassurance and a clearer view of the project timeline, ensuring that clients are continually informed about the stages of testing and any developments.
Overall rating:    5

Quality:    5

Cost:    5

Schedule:    5

Willing to refer:  5

BACKGROUND

Please describe your company and position.

I am the Software Developer of Coreway

Describe what your company does in a single sentence.

Coreway.de develops a health app that predicts flare-ups for chronic inflammatory bowel diseases like Crohn’s and colitis, empowering patients with personalized tools and nutrition guidance to manage their condition and improve quality of life

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• MDR compliance
• Increased security
• Peace of mind

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Good value for cost
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

We hired Sekurno to perform a penetration test primarily to meet MDR (Medical Device Regulation) compliance requirements. We discovered them on Clutch where they were highly rated. From the first meeting, they stood out with their ability to recall and understand even the smallest details about our product. Their communication was clear and efficient, with a detailed roadmap and rationale for each testing step that other vendors failed to provide.

Throughout the project, Sekurno was autonomous and efficient, working with minimal input and still delivering quality results. The key deliverables included a penetration testing report, threat modeling, and a checklist of all tests performed. These gave us full transparency and assurance that the process was thorough and legitimate. They also clearly explained vulnerabilities and how to remediate them during a Q&A session, which was especially helpful for us since we’re new to backend, web, and mobile security.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

Delivered everything within the agreed timeline
Discovered vulnerabilities we didn’t anticipate
Increased our peace of mind regarding the security posture
Gained a better understanding of what’s essential for compliance
Clear documentation and threat modeling ensured transparency

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Project management was excellent. Sekurno delivered everything on time and proactively kept us updated through Slack. Kristina, who managed our communication, did a great job of keeping things clear and organized. We always knew the status by the end of each week and the team was always responsive

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out about Sekurno was their ability to work independently and efficiently. They quickly understood our product with minimal input, unlike other vendors who required extensive explanations and forms. Their strong domain knowledge in HealthTech and clear, purpose-driven approach to testing gave us confidence. We didn’t need to micromanage—they simply understood what mattered and delivered.

Are there any areas for improvement or something Sekurno could have done differently?

A minor improvement could be adding a real-time progress tracker, especially for projects with tight deadlines. This would help alleviate trust concerns during periods without updates. While not necessary, it could enhance transparency and provide peace of mind earlier in the process.

BACKGROUND

Please describe your company and position.

I am the Engineering Manager of Usersnap

Describe what your company does in a single sentence.

Usersnap is a feedback and bug tracking tool that allows users to report issues directly from within a web application using annotated screenshots and comments.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Compliance assurance
• Identify hidden vulnerabilities
• Prove security to enterprise clients

SOLUTION

How did you find Sekurno?

Referral

Why did you select Sekurno over others?

• Good value for cost
• High quality work

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

We engaged Sekurno for a penetration test of our web application based on a strong referral. During our initial call, we discussed different testing approaches, clarified deliverables, and aligned on the scope. We proceeded with the whitebox solution as we saw a higher effectiveness in finding security vulnerabilities. 

One of the standout moments was when we were asked to deliver a detailed walkthrough of our platform to help Sekurno understand the business logic and threat landscape in our specific industry.

Key deliverables included:

• A comprehensive final security report
• Threat Modeling
• Registry of all tests performed
• A leaked credentials check
• A revised report after follow-up discussions on impact levels

We appreciated that Sekurno went beyond surface-level checks and found issues that had been overlooked in previous assessments. The report was high quality and has already been useful in conversations with our enterprise partners.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

• We were reassured to see that no critical, customer-impacting issues were found.
• The audit still uncovered previously unknown issues of varying severity, reinforcing the depth of the testing.
• The mitigation guidance included in the report was actionable and helpful.
• We’ve successfully used the report to demonstrate our security posture to partners.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Project management was smooth and reliable. Aside from a minor rescheduling request (which was clearly communicated in advance), everything was delivered on time. We received weekly updates, and communication was responsive throughout. The project manager handled logistical questions efficiently, while the technical lead was available when deeper details were needed. We appreciated the transparency and availability.

What was your primary form of communication with Sekurno?

Email or Messaging App

What did you find most impressive or unique about this company?

We were impressed by how much information Sekurno requested before beginning the audit. The team clearly wanted to understand our application, business logic, and market-specific risks. This level of preparation gave us confidence that the audit would focus on relevant threats and not just standardized checks. 

Our CEO, who previously worked with security teams, also appreciated the depth and professionalism of the audit. Something she noted is not often seen in similar engagements.

Are there any areas for improvement or something Sekurno could have done differently?

To be honest, it’s difficult to point out a specific area for improvement, as the overall experience was very positive and everything went smoothly. If anything, the weekly updates could have been a bit more detailed by default—but I always felt that if I needed more information, the team was readily available and responsive. I was confident that I could reach out at any time to get a deeper view into where the project stood, which gave me a strong sense of transparency and control throughout the engagement.

BACKGROUND

Please describe your company and position.

I am the Head of Security of CloudLinux

Describe what your company does in a single sentence.

CloudLinux provides secure, optimized, and stable Linux-based operating systems and cybersecurity solutions for hosting providers and enterprises, enhancing server security, performance, and reliability.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Regular security assessments
• Compliance with Clients’ Requirements
• Improving security posture through deep testing

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

• Great culture fit
• Good value for cost
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

Our partnership began as part of a vendor procurement process. We shortlisted two companies and contracted both to perform security testing on the same scope, directly comparing their results. After the pilot project, Sekurno demonstrated significantly better performance. They identified security issues that we were already aware of internally but that no external vendor had previously detected. Their depth of analysis and accuracy in findings set them apart, leading us to select Sekurno as our preferred vendor.

Following this successful evaluation, we signed an annual contract with Sekurno, engaging them for penetration testing and regular vulnerability assessments.

The project delivered a comprehensive security assessment, including well-documented findings that were immediately actionable for our engineering team. The key deliverables included:

• Penetration testing report
• Documented Threat model
• A registry of all security tests performed

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The penetration testing engagement resulted in actionable security improvements, with vulnerabilities identified that were previously undetected by other vendors. The findings were well-documented, requiring minimal effort from the internal security team to validate and communicate with engineers, which streamlined the remediation process. Additionally, these penetration testing and vulnerability assessments satisfy our compliance requirements and clients’ requests for information regarding our security testing, ensuring transparency and trust in our security posture.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Sekurno demonstrated strong project management skills, ensuring clear communication and adherence to timelines. The engagement was well-structured, with defined milestones and expectations. They were responsive to Cloud Linux’s needs, facilitating an efficient and productive collaboration. Their flexibility in providing necessary documentation and attestation letters further contributed to a smooth workflow.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

Sekurno’s ability to deeply understand Cloud Linux’s infrastructure and uncover vulnerabilities that other vendors missed was particularly impressive. Their approach went beyond compliance-driven security checks, focusing on real security improvements. Additionally, their clear documentation and streamlined reporting process significantly reduced the internal team’s workload, making remediation more efficient.

Are there any areas for improvement or something Sekurno could have done differently?

While the project was highly effective, a potential improvement could be streamlining the process of requesting and receiving reports and attestation letters. Automating parts of this process, such as generating customized executive summaries, could further ease internal workflows. However, Sekurno’s responsiveness in addressing ad-hoc requests was already a strong point.

BACKGROUND

Please describe your company and position.

I am the Software developer of Daymi

Describe what your company does in a single sentence.

Daymi is a workflow software company that simplifies daily operations, controls, and oversight for businesses by consolidating tasks, procedures, and compliance processes into a single platform.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Improve internal security posture
• Find optimal security balance
• Demonstrate security maturity

SOLUTION

How did you find Sekurno?

Referral

Why did you select Sekurno over others?

Pricing fit our budget

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

Our company engaged Sekurno for a security assessment to evaluate our security posture and ensure alignment with industry expectations. As a small company, we aimed to find an optimal security balance—securing our environment while maintaining efficiency. 
The project involved an initial consultation phase to understand our systems and requirements, followed by technical assessments, penetration testing, and reporting.

Sekurno demonstrated flexibility in adapting to our setup, working within our existing environments rather than demanding separate testing environments, making the process more efficient. The deliverables included a detailed security report outlining vulnerabilities, risk levels, and recommendations. 
The level of detail in the findings was comprehensive, and while some aspects were highly technical, the report provided clear insights into our security posture. The engagement concluded with a follow-up retest to validate fixes and improvements.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

• Identified vulnerabilities and security gaps
• Improved understanding of security risks
• No high or critical vulnerabilities found, validating security practices
• Provided assurance to clients and prospects about security commitment
• Helped plan for future security improvements

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management was excellent. The Sekurno team was proactive in planning, setting clear expectations, and maintaining smooth communication. They provided timely updates, set clear milestones, and adhered to deadlines. Communication through Slack was seamless, and we appreciated their responsiveness to our needs. 
Although we occasionally delayed certain tasks on our side, the Sekurno team remained adaptable and ensured everything stayed on track. Overall, the delivery was on time, and their approach was professional and efficient.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

One of the most unique aspects of working with Sekurno was the cultural alignment between our teams. We found it easy to communicate with their team due to shared cultural and business values. Their team was technically proficient, highly detailed in their approach, and flexible in adapting to our constraints. 
The depth of the security report and the technical expertise demonstrated during discussions were also impressive. While we found some aspects of the report to be highly detailed, their overall thoroughness and dedication to security stood out.

Are there any areas for improvement or something Sekurno could have done differently?

One area for improvement would be the presentation of vulnerability reports. While the reports were detailed and informative, adding more practical context on the likelihood of exploitation could help prioritize fixes more effectively. For example, providing insights on how often similar vulnerabilities have been exploited in real-world scenarios or the cost-efficiency of addressing specific risks would be valuable. 
Additionally, emphasizing the significance of criticality levels in a more user-friendly way could enhance decision-making for non-technical stakeholders.

BACKGROUND

Please describe your company and position.

I am the CTO of Makini Inc

Describe what your company does in a single sentence.

Makini provides a unified API for industrial systems, enabling seamless data integration across CMMS, EAM, and WMS platforms. This API simplifies connectivity, allowing tech companies to access and manage data from diverse systems (like Oracle and SAP) through a single, consistent interface 

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Security posture improvement
• Compliance alignment (SOC 2, security standards)

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

• Pricing fit our budget
• Great culture fit
• Good value for cost
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

Our company engaged Sekurno for a second consecutive year to conduct a comprehensive white-box penetration test of our core products, the Makini API and our Developer Portal. Sekurno’s process began with an initial setup phase, where we collaborated on the project scope, provided access to source code, and outlined testing parameters. The scope included assessing our API gateway platform’s vulnerabilities and ensuring our compliance posture was secure.

Sekurno’s deliverables were thorough and impactful, with an in-depth penetration testing report that identified specific vulnerabilities, attack vectors, and detailed remediations. This report uncovered critical vulnerabilities in both this and the previous year’s engagements, highlighting security areas we would have otherwise missed. In addition, threat modeling tailored to our application’s architecture provided clear risk scenarios specific to our unique business logic. The checklist of performed tests offered transparency and insight into the methodology. This second engagement, like the first, also featured a follow-up testing phase, where Sekurno reviewed our remediation efforts, ensuring our security upgrades were effectively implemented. These detailed reports and iterative testing have proven critical in fortifying our product’s security and maintaining compliance with industry standards.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

Sekurno’s work delivered significant, measurable outcomes that enhanced both our security posture and compliance readiness. Their penetration testing report documented vulnerabilities with detailed attack vectors, enabling us to address potential risks preemptively. This documentation also met SOC 2 and security standards, critical for interactions with our customers who require such certifications.

A unique benefit of working with Sekurno was the ability to leave our internal development team fully engaged in core product work while Sekurno provided all necessary testing and compliance reporting. This hands-on support, coupled with Sekurno’s thorough findings and recommendations, gave us a clear understanding of our security state and future improvement pathways, aligning seamlessly with our internal risk management goals.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Sekurno’s project management was highly effective, characterized by proactive communication and consistent updates through Slack. The team maintained a tight schedule, delivering the first round of testing reports within two weeks, crucial for our project timeline. Communication was open and responsive, with dedicated team members, including a penetration testing project manager. The second-year collaboration reinforced Sekurno’s reliability, as they adapted to our evolving needs while keeping our timelines intact.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most was Sekurno’s depth of testing. Their approach went beyond standard practices, with a thorough investigation that identified critical, often overlooked issues specific to our use of third-party tools. Sekurno’s dedication to exhaustive testing gave us confidence in our platform’s security and highlighted their commitment to proactive risk management. Additionally, their project management and communication ensured a smooth process and timely delivery of all project milestones, setting a high standard of professionalism that exceeded our expectations.

Are there any areas for improvement or something Sekurno could have done differently?

To further streamline our workflow, incorporating an option to export findings in structured formats (e.g., JSON) would improve efficiency, allowing us to integrate issues directly into our internal task management systems. This would facilitate quicker remediation by reducing the need for manual data transfer from the reports.

BACKGROUND

Please describe your company and position.

I am the CTO of a food software company 

Describe what your company does in a single sentence.

Cloud-based software that helps food producers manage their business

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Evaluate the security posture of the application
• Increase the level of confidence in the application

SOLUTION

How did you find Sekurno?

Clutch Site

Why did you select Sekurno over others?

• High ratings
• Great onboarding process

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

We hired Sekurno Cybersecurity to perform an extensive penetration test, with the goal of ensuring that our system was free of critical vulnerabilities. Sekurno’s team conducted a thorough assessment of our application and its environment and provided a comprehensive report detailing the findings. In addition to the report, we received a detailed checklist of all tests performed, which added transparency to the process and gave us confidence that every aspect of our system had been evaluated. They also performed a threat modeling session, where they walked us through potential threats and recommended specific mitigation strategies. The team also provided us with tailored recommendations for long-term security improvements. Overall, Sekurno’s deliverables gave us greater confidence in our security measures.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The most significant measurable outcome was the identification and resolution of weak points. Sekurno’s prompt action in addressing them improved our system’s security. Additionally, the comprehensive penetration test and security review gave us a higher level of confidence in the security of our infrastructure. Although the nature of security means you can never guarantee 100% safety, the results of this engagement allowed us to rest easier knowing that our base systems passed the test. The increased sense of security and confidence in our operations, paired with the clear, actionable recommendations from Sekurno, were major indicators of success for us.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Initially, there was a bit of confusion regarding the level of involvement our team would have in the project, as we expected more collaboration in the early stages. However, after raising this concern, Sekurno’s team quickly adapted. They initiated weekly updates and were consistently responsive to all of our inquiries. Whenever we had questions or required clarification, they addressed them promptly and thoroughly. The communication was transparent, and the project progressed smoothly once expectations were aligned. In terms of deadlines, Sekurno delivered all key milestones on time, including the final penetration test report, the threat modeling session, and the actionable recommendations. Their flexibility and attentiveness to our needs helped to ensure that the project was completed successfully, without any significant delays or issues.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

One of the most impressive aspects of Sekurno was their deep dive into our product. Unlike other vendors we considered, who gathered basic info and general metrics from us, Sekurno took a hands-on approach. They engaged with us directly, asking thoughtful, in-depth questions about our specific business needs, infrastructure, and security concerns. This demonstrated a hight level of care and attention from the very beginning. They made sure to understand our unique requirements, which made the entire process feel more tailored and customized. Their technical expertise and the depth of their initial discussions gave us a strong sense of confidence, and their commitment to delivering results was evident throughout the project.

Are there any areas for improvement or something Sekurno could have done differently?

While the overall experience was positive, one area that could be improved is setting clearer expectations around the level of client involvement in the early stages of the project. Initially, we expected more direct collaboration on certain business case scenarios and thought we would be more involved during the assessment phase. However, once we raised this concern, Sekurno quickly adapted by providing regular updates and ensuring we were informed at each step. Clarifying the level of expected involvement from the outset could help future clients avoid any initial confusion. Nevertheless, the way Sekurno handled our feedback and adjusted their communication style was impressive, showing a willingness to be flexible and responsive to client preferences.

BACKGROUND

Please describe your company and position.

I am the Chief Technology Architect of KOBIL GmbH

Describe what your company does in a single sentence.

Our company specializes in secure digital identity and multi-sided platform technologies, offering solutions like app shielding, user authentication, and transaction signatures to protect data and enable secure digital interactions.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Annual independent product review
• Find new vulnerabilities
• Provide comprehensive report for clients

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

Other

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

The project involved an independent security review of our mobile application, API, and infrastructure. During the initial sales phase, we were cautious, as Sekurno’s strong emphasis on their capabilities is something we typically approach with skepticism. However, their unique approach and professionalism stood out, leading us to proceed with the collaboration. 

Sekurno quickly proved their expertise, delivering a thorough penetration test that uncovered critical vulnerabilities, helping us enhance our product’s security. The key deliverables included:

• A comprehensive report that categorized findings by severity
• A threat modeling document
• A detailed checklist of all the tests performed

The report’s structure made it accessible to both technical and non-technical stakeholders, featuring a high-level management summary and in-depth explanations of each finding. This provided us with valuable insights and a clear path for future security improvements.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project resulted in the discovery of vulnerabilities that had not been previously identified by our internal reviews. This allowed us to implement critical fixes and strengthen our product’s security. The final report will be shared with our customers as evidence of our continuous commitment to improving security.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

• Sekurno’s project management was effective, ensuring clear communication throughout the engagement. 
• They were flexible with timelines when we needed extra time to implement certain fixes due to the complexities in our system’s components. 
• They were attentive and ensured consistent follow-ups to make sure nothing was overlooked, which was key in helping us manage our internal processes and keep the project on track.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

The thoroughness of Sekurno’s security testing really stood out. They took an in-depth approach and identified vulnerabilities that were previously missed by both our internal assessments and other auditors. This was particularly impressive given that we were already confident in our security measures, having implemented extensive security protocols and maintaining extremely high standards as a company in the security industry. 

Sekurno exceeded our expectations, providing detailed explanations and crucial actionable recommendations.

Are there any areas for improvement or something Sekurno could have done differently?

One area for improvement would be to offer alternative, more secure methods for document sharing, as we prefer to avoid public platforms for exchanging sensitive information. Providing clients with options for secure collaboration tools would enhance the overall process.

BACKGROUND

Please describe your company and position.

 I am the Deputy Executive Manager of an education company 

Describe what your company does in a single sentence.

Ours is a network of European universities aiming to accelerate the modernisation of the European Higher Education Area by enabling in-depth cooperation among member Universities.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Assess code readiness for releasing in public
• Ensure platform security

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

This cooperation aimed to assess whether our tool's code base was ready to be released in an open-source format. This was essential because the tool currently is used by several thousand higher education institutions, and the publication of the code base should not make the platform vulnerable. 

The platform is an important project for higher education in Europe and is part of the European Commission's endeavor to increase mobility around Europe. Sekurno conducted a comprehensive security review of the tool, including a detailed audit of the architecture, backend, frontend, and functionalities. 

The deliverables included detailed documentation of identified security risks and recommendations for fixes, a threat model document, and a checklist with all tests performed. 

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The measurable outcomes included identifying specific vulnerabilities in the platform and providing detailed documentation and recommendations. The project significantly increased our confidence in open-sourcing our code base. Critical and medium-critical vulnerabilities were identified and addressed, surpassing our expectations. 

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management was well-handled, with clear scoping, planning, and timing. Sekurno's team provided detailed explanations of what to expect at each stage. During the execution phase, the audit was carried out smoothly, and the deliverables were provided on time. We really appreciate the regular follow-ups and responsive communication throughout the process. 

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

The most impressive aspect we found about Sekurno was their ability to identify security issues across a vast range of technologies. Despite the diverse tech stack, including React, Node.js, Golang, and PHP Symfony, Sekurno was thorough in their analysis. Their intercultural team quickly understood the niche environment of higher education and student mobility, which facilitated effective collaboration. 

Are there any areas for improvement or something Sekurno could have done differently?

No significant areas for improvement were noted. We were satisfied with the overall process and outcomes. A minor issue regarding the document extraction functionality in PandaDocs was mentioned, which has since been resolved by Sekurno.

BACKGROUND

Introduce your business and what you do there.

MGID is a global advertising platform helping brands reach unique local audiences at scale. It uses privacy-first, AI-based technology to serve high-quality, relevant ads in brand-safe environments. The company offers a variety of ad formats, including native, display and video to deliver a positive user experience. This enables advertisers to drive performance and awareness, and publishers to retain and monetize their audiences.

Every month, MGID reaches 900 million unique readers, with 200 billion ad impressions, across 25 thousand trusted publishers. For more information, please visit www.mgid.com

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Sekurno?

We faced multiple challenges. First, as we began targeting customers from regulated sectors such as banking and automotive, as well as enterprise-level clients, we were met with strict security and privacy requirements. Second, our approach to security wasn’t structured enough; our processes weren't documented, making it difficult to address client inquiries about our security measures.

Additionally, the introduction of GDPR presented considerable challenges due to our limited expertise in privacy and data protection. 

SOLUTION

What was the scope of their involvement?

Our collaboration with Sekurno commenced with the penetration testing of two applications, a step initiated in response to increasing security inquiries from our clients. As our engagement progressed, we recognized the necessity of a more holistic approach to security. This led us to focus on constructing an Information Security Management System (ISMS) and attaining ISO27001 certification, a process that was executed efficiently and swiftly due to the collaborative efforts of both teams.

Furthermore, to ensure comprehensive security coverage, we extended our efforts beyond the initial scope. This included conducting vulnerability assessments of both our internal and external infrastructures. Additionally, we expanded the penetration testing to cover more than 10 applications, a critical step towards achieving full compliance with ISO27001 standards.

The third and equally significant phase of our engagement involved building processes to comply with GDPR regulations. This phase was not limited to our IT department but also involved our legal team.

Overall, the solution provided by Sekurno was multifaceted, addressing our immediate security needs while also laying a foundation for ongoing compliance and security management.

What is the team dynamic?

The team dynamic was highly collaborative and professional. Sekurno brought together a team of high-level specialists who were responsive and open to communication on any issue. On average, about 10 people were involved, ensuring a diverse range of expertise and perspectives. This dynamic facilitated a thorough and effective approach to addressing our security needs.

How did you come to work with Sekurno?

When we faced the necessity of a cybersecurity solution, we reached out to our network, and Sekurno was recommended to us as a trustworthy security partner.

How much have you invested with them?

I can share that our investment with Sekurno has been significant in terms of both time and resources. It's important to note that their C-Level was involved and was always there to listen to our feedback. The major work being carried out in collaboration with Sekurno’s Team and our Legal and IT teams. This approach ensured that we had the right expertise involved at every stage, optimizing our investment and maximizing the impact of their services.

What is the status of this engagement?

The engagement with Sekurno began in May 2020 and is still ongoing. We continue to work closely with them to ensure our security and privacy measures are up-to-date and effective.

RESULTS & FEEDBACK

How did your relationship with Sekurno evolve?

Our relationship with Sekurno evolved from a client-vendor dynamic to a more collaborative partnership. As we faced various challenges, Sekurno's team was always there to provide expert advice and solutions. Their responsiveness and ability to adapt to our changing needs played a significant role in this evolution.

How did Sekurno address the challenges that arose?

Sekurno addressed our challenges by providing comprehensive solutions tailored to our specific needs. They were proactive in identifying potential issues and quick to respond whenever challenges arose. Their structured approach to security and privacy, especially in compliance with GDPR and ISO27001, was instrumental in overcoming these challenges.

Describe the impact this engagement has had on your business.

The impact of this engagement on our business has been profound. With Sekurno's help, we were able to implement a structured approach to security, which not only enhanced our internal processes but also significantly improved our market position. Notably, we signed agreements with world-known brands, something that wouldn't have been possible without the security measures and certifications we achieved through this collaboration.

How was project management handled?

Project management was handled professionally and efficiently. Deadlines were consistently met, and if there were any delays, they were usually on our end. The Sekurno team was organized and maintained clear communication throughout the project, ensuring that all parties were aligned and informed

Is there anything that the vendor did well or that you would consider a strength?

One of Sekurno's key strengths is their team of high-level specialists. Their expertise was evident in every aspect of the engagement. Additionally, their responsiveness and open communication were crucial in building a strong and effective working relationship.

In what specific areas can they improve?

It's hard to say as we only see part of their iceberg. But as of now, we are satisfied and find the team excellent.

What advice do you have for clients with similar needs to yours?

For clients with similar needs, my advice is not to neglect security and privacy. Allocate a sufficient budget for these areas, as they are crucial for business development and cannot be compromised. Also, understand that security and privacy compliance is a continuous process. It's not something that can be achieved once and then forgotten. The landscape is constantly evolving, and staying up-to-date is essential for maintaining security and compliance.

UPDATED REVIEW