Berezha Security Group

Please describe your company and your position there.

I'm CIO of Foxtrot Group of companies, I'm responsible for the digital transformation of our holding.

For what projects/services did your company hire Berezha Security Group?

Our company develops a new e-com platform. We hired Berezha Security to evaluate the safety of our new web-app and to identify any existing vulnerabilities.

What were your goals for this project?

To make safe E-Com solution.

How did you select Berezha Security Group?

Berezha Security was our reliable partner at the previous projects.

Describe the project in detail.

We held several initial meetings, at which we discussed the requirements and objectives of the project, agreed on the time of the work. After that, we provided the Berezha Security representatives with the necessary access and at the agreed time (09/21/2020) they began testing.

Testing lasted 17 working days. During testing, we constantly maintained online communication, consulted on issues arising in the process of performing work. At the end of testing, we were provided with a detailed report, which we discussed at a joint meeting.

Within 60 days after submitting the report, Berezha Security rechecked the elimination of the vulnerabilities we identified in the process.

What was the team composition?

The team was composed of:

• Application Security Analyst – 3 persons
• Application Security Lead – 1 person
• Co-founder of Berezha security, LLC

Can you share any outcomes from the project that demonstrate progress or success?

Berezha carried out a high-quality check of the site's security, provided an extended report, including the identified problem areas and vulnerabilities in the security of the site and the settings of the CMS system, the devops environment in which the site will be deployed, as well as providing comprehensive comments on methods of eliminating vulnerabilities and fixing settings.

How effective was the workflow between your team and theirs?

The communication was easy. The team was responsive, we had no blockers all along the way.

What did you find most impressive about this company?

Berezha has experience and knowledge in the field of security testing and secure development technologies. They do their job quickly and efficiently.

Are there any areas for improvement?

We are completely satisfied with BSG work.

Please describe your company and your position there.

Demio is a hassle-free webinar platform built for marketers. With our platform, companies can generate leads, filter prospects, perform group demos, host engaging sales presentations, integrate with their CRM, view advanced webinar reporting, track conversions, and more.

 It’s truly unlike any other product on the market. I am one of the co-founders here at Demio and help run the operations and general administrative functions.

For what projects/services did your company hire Berezha Security Group?

Demio is always looking to improve and we've put a big emphasis on the security/privacy aspect of our engineering in 2020. We ended the year with a full-service penetration test to find any weak points in our architecture. We searched for a quality penetration testing company and found Berezha Security Group as a highly rated company, already recommended.

What were your goals for this project?

Our goal was to have a full breakdown of any security or privacy issues within our SaaS architecture. We are always looking for ways to operationally improve, but in this instance, we wanted to find any technical items we may have missed. This serves to provide a safer experience for our customers, reduce risks to the company, and make it easier to scale.

How did you select Berezha Security Group?

One of our Senior engineers recommended a list of certified vendors and on this list was the highly-rated Berezha Security Group. The Demio Director of Engineering lives in Ukraine and was in the same city/timezone as Berezha. This made communication a breeze and perfectly synced timezones.

Describe the project in detail.

Once we reached out, the Berezha Security Group worked with us on a timeline and project scope for the project. We had a shorter timeline and they were generous enough to find a way to get a schedule for work through the end of the year and on our timeline.

They joined the Demio Slack group and aligned with our Engineering team to walk through the Demio application and architecture. They were able to view both the user experience and gained access to an account using a non-production environment. After the penetration testing, we spent time on a call to review the report and individually view/diagnose any problems that were found.

They work to outline risks by different categories and are realistic in both the business and privacy concerns each one holds. You can then run a re-test when we complete the findings.

What was the team composition?

We spoke and worked with the CEO/Founders to set up the project and had a project manager and security engineers inside of the Demio team. The project flowed smoothly with communication and calls.

Can you share any outcomes from the project that demonstrate progress or success?

With the help of Berezha, we've diagnosed all pending issues on our production servers and closed 50% within the first week. We've then used their risk categories to outline new changes for the future, based on priority in our current roadmap.

How effective was the workflow between your team and theirs?

Our workflow was very smooth. The fact that both our Director of Engineering and the Berezha team were in the same city made the timezones work out perfectly. English was perfectly communicated and the report/findings were extremely thorough.

What did you find most impressive about this company?

Just how helpful they have been through the process. They were there to guide us through each step of the penetration test and understand the business use case almost immediately. This made getting the results a breeze.

Are there any areas for improvement?

We felt that Berezha firmly upheld their promises and delivered the test on time, on budget, and with great communications. We look forward to working with them more in the future.

Introduce your business and what you do there.

We’re a health company that serves doctors and patients in managing medication. I’m the CEO.

What challenge were you trying to address with Berezha Security Group?

We hired them to handle penetration testing following a software development project our company completed.

What was the scope of their involvement?

They were responsible for testing two web apps as well as our native apps. Working remotely, they provided a set of testing credentials for both doctor and patient users. Their job was to use as many techniques as possible to attempt to compromise the system. 

What is the team composition?

We worked with about four people, including a business representative, a senior software engineer, and two junior software engineers. 

How did you come to work with Berezha Security Group?

I found them on Clutch, which was quite useful in my search. We found that their services were in our price range and ranked toward the top of the page. Our team reached out to the top 4–5 vendors on the site, and they were highly engaged. They also offered a very reasonable price, so we hired them. 

How much have you invested with them?

We spent about $10,000 on the work. 

What is the status of this engagement?

We worked together from November–December 2020.

What evidence can you share that demonstrates the impact of the engagement?

They produced an extensive report detailing their findings and recommendations. Once our team implemented their recommendations, they provided a follow-up testing. To verify the robustness of their work, we had an external coder look at the product. They confirmed that they approached the penetration test using best practices and were quite thorough in their work.  

How did Berezha Security Group perform from a project management standpoint?

Their communication was excellent, and they did very well with deadlines. We had a situation that required us to move very quickly on our end. They ramped up speed along with us, working around the clock and on weekends, to help get things done.

What did you find most impressive about them?

They were extremely upfront and transparent with us. I appreciated that they communicated recommendations in a clear, straightforward way. They even helped some of our developers in the process. It was great to have a partner that was completely transparent about what we could expect from them and what they could not do. Most vendors want to sell the dream rather than the reality, so their honesty was appreciated. 

Are there any areas they could improve?

I think they’re doing a fairly excellent job with what they’re doing. I’d love to see their business expand into other areas such as reviewing general compliance standards. 

Do you have any advice for potential customers?

Have your software engineers primed and ready to be completely responsive to their team. Sometimes, their team will identify critical vulnerabilities that need to be fixed instantly. Ensure your team is prepared and not feeling at all threatened by the presence of a penetration testing team.

Please describe your company and your position there.

R&D Director at a developer and manufacturer of the most award-winning wireless security system in Europe. We have around 200 employees in engineering and 1000 employees in manufacturing.

For what projects/services did your company hire Berezha Security?

We hired Berezha Security to perform a security audit and a "white hat" hacking of our IoT platform

What were your goals for this project?

We wanted to find either a proof of a good security level of our system or a list of security vulnerabilities to fix

How did you select Berezha Security?

I've received a few personal references from people in the industry

Describe the project in detail.

The scope of security audit was: IoT devices, cloud and mobile and desktop applications

What was the team composition?

Berezha Security formed a team of 3 security specialists to perform an audit. I'm not sure about their specialities, but AFAIK they were network and cloud security specialist, protocol reverse engineering specialist (who was also a team lead) and hardware reverse engineering specialists

Can you share any outcomes from the project that demonstrate progress or success?

All I can say that we are satisfied with the results.

How effective was the workflow between your team and theirs?

The communication was easy. The team was responsive and no blockers along the way.

What did you find most impressive about this company?

Guys have taught us the way of hacking IoT devices which has given us a lot of ideas on how we can improve our security.

Are there any areas for improvement?

It would be nice to have weekly updates about how the project is going during the project itself. However this feedback could be very specific to our case.

Please describe your company and your position there.

I'm Head of IT Security at Parimatch Tech. Parimatch Tech - is a technological company which focused on making innovative products for gaming industry.

For what projects/services did your company hire Berezha Security?

We have our internal security awareness program and need to external stress test for employees to be sure that all of employees understood and use at least basic IT security rules and don't click risky emails.

What were your goals for this project?

We want to make "fake" phishing email company to motivate employees click our link and give their production credentials. For sure we wanted all employees successfully pass this exam and don't give credentials to "bad guys"

How did you select Berezha Security?

We searched mature external team or company with proven record at pentests and social engineering. Company or team need to be located at CIS region or perfect understand ukrainian mentality to make most effective phishing campaign

Describe the project in detail.

Our plan for this project was:

1. Initial meeting when we discuss our request in details
2. Technical meeting when we discuss technical realization and provide some internal information which should help to make phishing more applicable and effective. Also we discuss communication channels for this activity and create work chats at messenger. Berezha gives us PoC for web UI which collect credentials and PoC for collecting 2FA.
3. In addition we define list of internal recipients. as a part of our project before 2nd meeting Berezha collect list of 150+ recipients from internet by themselves using OSIOT methodology
4. At the third meeting we discuss results and pentest report. We defined some GAPs for 3rd party VPN solution and detect our zone for improvements at security awareness activities

What was the team composition?

We have one of the best team consist of application security lead, application security analysts and co-founder of Berezha security, LLC Each team member played valuable role for success of our project. From PoC of technical solution for collecting credentials and 2FA to developing concept of phishing mail.

Can you share any outcomes from the project that demonstrate progress or success?

1. We defined our readiness for phishing campaign
2. We re-evaluate threats for our corporate infrastructure
3. We make few additional trainings for staff about social engineering
4. We create few new monitoring controls for our customer activity This project gave us opportunity to review our standard approaches to social engineering education and demonstrate/measure impact for our infrastructure in cases of not aware admins click some malicious links and shared credentials

How effective was the workflow between your team and theirs?

In general we have excellent communication during the project. Because this was summer - we faced with vacancies period - so initial estimations of our project increased but we were ready for this changes. It's very useful and comfortable to communicate via messengers - not emails with project team so we discussed each issue and opportunity in a short time

What did you find most impressive about this company?

Berezha security always do their best and always demonstrate complex approach to solve any issues and difficulties at each our joint projects. It's amazing experience to work with such diligent and attentive team of professionals

Are there any areas for improvement?

Berezha security - one of the best team focused on pentests and security awareness. For sure, as a mature professionals their very good know all areas of improvement for their work. From my side - I should say that it's very difficult to find time in acceptable terms for collaboration so please hire new staff to make your services more accesible :)

Please describe your company and your position there.

I am a deputy head of Information security division in one of the leading commercial banks on Ukrainian market. I am creating this review on behalf of CISO of our bank. My company has more than 2500 employees. My main responsibilities is to properly organize and oversee acceptable level of information security and cybersecurity in my organization.

For what projects/services did your company hire Berezha Security?

Our company required efficient training services for our IT staff and IT management staff in the field of cybersecurity.

What were your goals for this project?

The goal was to raise the level of cybersecurity awareness of our IT staff to introduce to our developers and IT management modern trends in the cybersecurity field and present modern approaches in integrating security requirements and features in existing SDLC processes.

How did you select Berezha Security?

The general pitching process was organized by our internal Procurement division according to strict internal rules. After the pitching process, Berezha security had shown the highest competences and experience level in the Ukrainian market.

Describe the project in detail.

Representatives of Berezha security had conducted a series of meetings with our representatives in order to collect desired topics to be introduced during training. After the meetings, they have introduced separate refined training programs according to our demands.

Additional specific lab and use case was developed exclusively for our demands. The training was developed according to the demands of different kinds of our development teams (e.g. Desktop development, Web-platform development, etc.)

What was the team composition?

The team was composed of a leading trainer with two additional lab specialists to introduce the most technical expertise during the session.

Can you share any outcomes from the project that demonstrate progress or success?

All participants highly noted the format and content of the training. What I would especially like to mention is the ability to convey complex things to the participants in simple words. The whole period of training was friendly and in general all participants felt comfortable.

We would also like to mention the stand, demonstrating the vulnerabilities of desktop software applications. This demonstration was very useful for our developers and especially useful during the management session. In general, the training exceeded all of our possible expectations.

How effective was the workflow between your team and theirs?

The workflow was plain and simple. The communication was organized and the highest level possible using modern tools available.

What did you find most impressive about this company?

Their ability to explain complex things in a simple way was amazing. The charismatic trainer and examples from real-life made the discussion good. There was less theory and more practice and live experience during the discussion.

Are there any areas for improvement?

Although there is always a way to make things better in the scope of our project we can`t think of any improvements that could be introduced. Everything was a top-notch level of service and experience for us.

Please describe your company and your position there.

I am a Chief Security Officer at the card payment processing center. Our company provides their services in the Eastern and the Central Europe.

For what projects/services did your company hire Berezha Security?

Our company updated one of the public application with new functionality and needed to assess the security of new code and to test updated system according OWASP Top 10.

What were your goals for this project?

We wanted to ensure that updated application does not have vulnerabilities on the system and application levels.

How did you select this vendor?

I already had a positive experience of cooperation with Berezha Security specialists.

Describe the project in detail.

We had few meeting to discuss and agree the scope and objectives of project, used testing methodologies. During kick-off meeting we agree project schedule, used communication and contacts from both side.

What was the team composition?

Initially we discuss project details with a vendor manager. During the kick-off meeting a testing team was introduce. The team consisted of a team lead and 2 testers. During testing all communication was with the team lead.

Can you share any outcomes from the project that demonstrate progress or success?

During project 2 high-risk vulnerabilities were identified, repaired and re-tested.

How effective was the workflow between your team and theirs?

The communication was easy and on time. We were informed about identified vulnerabilities before a formal report was ready and had enough time to resolve these vulnerabilities.

What did you find most impressive about this company?

The vendor's testers are experienced and knowledgeable in security testing and secure technics of software code development.

Are there any areas for improvement?

All was done good.

Please describe your company and your position there.

I am Senior Security Engineer in Conductor company which was named a market leader in Forrester's SEO platform evaluation validating our expertise within the industry.

For what projects/services did your company hire Berezha Security?

Conductor company is ISO 27001 compliant. We follow security best practices, and annual security penetration test made by 3rd party - is one of them. Berezha Security made a web application security assessment, source code review and external network penetration test.

What were your goals for this project?

Our goals during this project was to find weak points or vulnerabilities in our web application, and across external perimeter.

How did you select this vendor?

Berezha Security is well known team in Ukraine as they drive the conferences dedicated to information security and promote the need for attention to information technology security.

Describe the project in detail.

We had few meeting before the start of the project discussing the scope and details of how much time needed, communication channels and what needed from our side.

What was the team composition?

We created slack channel for all involved participants, there were 6 people from Berezha Security team.

Can you share any outcomes from the project that demonstrate progress or success?

The report was well organized and easy to understand. We got deep understanding of next remediation steps.

How effective was the workflow between your team and theirs?

During the month of Berezha Security work, we got in touch few times to elaborate some details. After project completed - they shared a full report to us and commented and explained all findings attentively to us.

What did you find most impressive about this company?

They made a huge work and found previously unknown bugs. Also, primary contact from Berezha Security quickly found a common language with the Conductor American team, they knew all the necessary processes for conducting a contract and had a prepared paper.

Are there any areas for improvement?

We are satisfied with their work.

Please describe your company and your position there.

We are Clario, a consumer-focused cybersecurity company on a mission to change an industry. Over 800 professionals including over 600 digital security experts, with the one common goal of digital security for all. We’re bringing change and a next-generation digital security solution. I'm a Security Engineer.

For what projects/services did your company hire Berezha Security?

We want to increase knowladge every developer, QA, system administrator, and R&D specialist about application security deep learn.

What were your goals for this project?

Deep learning knowledge about application security.

How did you select this vendor?

We hear that Berezha Security's the most famous company in Ukraine, also they have really good specialists, and makes a lot of public activity.

Describe the project in detail.

We have 5-day training for our developers, QA, R&D specialists, and Security Engineer. The trainer was a really deep knowledge person, also certified specialists with 10 years of practice in Cybersecurity.

What was the team composition?

Application Security trainer

Can you share any outcomes from the project that demonstrate progress or success?

Developers teams are implementing the knowledge that they have taken from this course in our products and services.

How effective was the workflow between your team and theirs?

They have really good communications, also we have communications channels.

What did you find most impressive about this company?

They really want to improve cybersecurity knowledge in their customers.

Are there any areas for improvement?

Everything is fine.

Introduce your business and what you do there.

I’m the information security manager at a software development company.

What challenge were you trying to address with Berezha Security?

We needed our annual penetration testing done. We also had some internal challenges, such as educating our employees, that needed attention.

What was the scope of their involvement?

Berezha Security performed a full black-box test. They performed SSID coding, created a fake WiFi network in an attempt to get employee credentials, conducted encryption of laptops, and “hacked” us to test our security. Their team prepared fake websites to catch any phishing and tested our endpoint protection, providing a detailed report of their findings to help us understand any breaches we had.

What is the team composition?

Vlad (VP of Business Development) was the project manager and point of contact. There were a few engineers as well.

How did you come to work with Berezha Security?

Berezha Security is a well-known company in the area. Also, I’ve known Vlad for many years and worked with him on many projects.

What is the status of this engagement?

We worked together from March 2018–March 2020.

What evidence can you share that demonstrates the impact of the engagement?

We like the high-quality level of their work. Their specialists are certified, enabling us to show proof that our penetration testing was done by professionals.

How did Berezha Security perform from a project management standpoint?

They’ve always met deadlines on every project. Their team fully achieved our requirements.

What did you find most impressive about them?

Their unique approach sets them apart from other companies. Berezha Security develops their own scripts and their standard scanners can be blocked. They have vast technical knowledge and are able to find a lot of issues using different resources.

Are there any areas they could improve?

Their system has missed some smaller, less-critical yet important breaches. If they were to scan first, they might find those breaches to report.