Berezha Security Group

BACKGROUND

Please describe your company and your position there.

I'm an internal security team member of a global IT outsourcing company.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

We were looking for a vendor to perform penetration testing of our IT infrastructure, critical systems and web applications. Satisfied with the cooperation, we also hired Berezha Security Group to conduct application security training for our internal development team.

SOLUTION

How did you select this vendor and what were the deciding factors?

We compiled a list of 3 firms with the best reputation in our area and sent the request for proposal to them. After the interview, we chose Berezha Security Group based on its reputation and proposal.

Describe the project in detail and walk through the stages of the project.

During the first project, they performed a thorough Web Application Security Assessment and Network Penetration Testing Report of our assets according to the common methodologies. The team classified vulnerabilities and defined security risks based on OWASP TOP 10 & CWE taxonomies. As the result, we received a detailed report with vulnerabilities and remediation steps. They also provided a free re-test. On the second project, the practitioners for Berezha Security Group conducted application security training for our internal development team. The training included theoretical and practical knowledge with hands-on examples.

How many resources from the vendor's team worked with you, and what were their positions?

For the first project, the team included 3 penetration testers and a project coordinator. The second project included 3 trainers.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

During the penetration testing, they were thorough and professional. The team identified relevant and true-positive issues and provided detailed remediation steps. They were flexible and open. App security training provided by the team was very useful and practical. Our team got valuable knowledge on secure development practices.

How effective was the workflow between your team and theirs?

We were constantly on chat and they always kept us updated.

What did you find most impressive or unique about this company?

We were impressed by their professionalism and thoroughness. They always stayed updated on the latest approaches, techniques, and practices.

Are there any areas for improvement or something they could have done differently?

As of now, we don't have anything worth mentioning.

BACKGROUND

Please describe your company and your position there.

Doxy.me -- telemedicine for all. My role is VP Infosec.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

We had created doxy.me middleware to interact with a 3rd party system. The middleware was created by an outside team, and we could not feel comfortable putting it into use until it had been audited for vulnerabilities, and those vulnerabilities had been remediated.

SOLUTION

How did you select this vendor and what were the deciding factors?

We had previously worked with BSG for company-wide security training, at the recommendation of a director who had worked with them before. The training went so well, that we were convinced BSG could also provide this service.

Another deciding factor was timeline. We had previously used another vendor for application security reviews, and still use that vendor. But they were not able to move quickly enough this time to satisfy the project timelines.

Describe the project in detail and walk through the stages of the project.

They performed a thorough security audit of the application middleware, both by reading the code, and then by testing the running software in a testing environment provided for that purpose.

How many resources from the vendor's team worked with you, and what were their positions?

3 resources worked on auditing the application middleware. All were programmers / code security specialists.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

We received a thorough report with recommendations, which were prioritized into high, medium, low severity. Each vulnerability had detailed instructions on how to reproduce, along with sample output. We were able to share a list of issues with the vendor of the middleware to get the most important issues done in a short time, and the less important issues done on a longer timeframe.

How effective was the workflow between your team and theirs?

The workflow was very effective. We joined slack channels together, and answered requests as they came in. The BSG team was similarly responsive.

What did you find most impressive or unique about this company?

We really appreciated that they were available when needed, and the professionalism of the results.

Are there any areas for improvement or something they could have done differently?

We were very pleased with the service.

BACKGROUND

Please describe your company and your position there.

My name is Danylo Prokopiv and I am a Chief Product Officer at a technology provider and product development company. We develop state-of-the-art software solutions for the manufacturing and construction industries. These include Manufacturing Execution System (MES), Supply Chain Management System and others. Our company has a global presence with a large partner network serving our customers for over 40 years.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

We are developing a SAAS MES solution to serve multiple industries on a global scale; Secure Software Development Principles is one step in delivering secure solutions, and we were looking for professional, expert cybersecurity and secure software development training to raise awareness of this area among our developers.

SOLUTION

How did you select this vendor and what were the deciding factors?

We searched the software development community and Berezha Security Group was recommended to us among five other organizations (UK, Ukraine, USA). After a series of introductory calls, a decision was made to cooperate with BSG. Even though our organization already had a certain level of cybersecurity expertise, we made the decision to start from scratch with planned improvements along with product expansion. The first step was to conduct a training on developing secure software and raising awareness.

Describe the project in detail and walk through the stages of the project.

They started with an overview of the organization, product and roadmap, technology stack and/or roadmap. Based on this, a software security improvement plan was outlined, consisting of secure development training and awareness-raising, software auditing including penetration testing, etc. This review is based on the initial Safe Development and Awareness Training conducted in December 2021. This training covered several subject areas, namely: introduction to cybersecurity, security awareness, secure development platforms, security testing, secure development.

How many resources from the vendor's team worked with you, and what were their positions?

We had a project manager and two specialized trainers

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The training was conducted in English, very professional, with expert knowledge, but understandable for the whole team. The training was based on the specifics of our product and technology stack. The material was presented in a rather concise form, but with great potential for further self-education. In general, our entire team was very satisfied with the volume and level of knowledge that we received during these 15 hours.

How effective was the workflow between your team and theirs?

The training team did a great job of compiling the training material; they answered our special questions and returned when needed. Each session was accompanied by training notes, links to external materials, and a video recording. Communication was efficient and timely.

What did you find most impressive or unique about this company?

This is a company of true fans of their business. we could feel the passion and professionalism in their team. The fact that BSG supports software security initiatives (such as OWASP Ukraine) within the software development community is a telling factor.

Are there any areas for improvement or something they could have done differently?

can't think of any at the moment

BACKGROUND

Please describe your company and your position there.

I'm a CEO in Sellbery company. Sellbery is an all-in-one multichannel listing solution for empowering eCommerce business activities. The platform automatically synchronizes product listings, order and inventory data between multiple shopping carts and marketplaces.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

We were looking for an external cybersecurity company to help with cybersecurity questions for the Amazon MWS audit.

SOLUTION

How did you select this vendor and what were the deciding factors?

recommendation

Describe the project in detail and walk through the stages of the project.

Berezha Security performed a security audit of our application and servers and gave recommendations for company policies. Accompanied on the audit as a security consultant.

How many resources from the vendor's team worked with you, and what were their positions?

Andriy V. (Co-founder & CSO) - cybersecurity consultant

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Amazon MWS audit was successfully finished.

How effective was the workflow between your team and theirs?

The team's workflow was comfortable, fast, and effective.

What did you find most impressive or unique about this company?

Timely completion of tasks, quick answers, and professionalism.

Are there any areas for improvement or something they could have done differently?

The work was done excellent.

BACKGROUND

Introduce your business and what you do there.

I’m the CTO of a video analytics company.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security Group?

We needed their team to conduct security assessment tests on our software.

SOLUTION

What was the scope of their involvement?

Berezha Security Group conducts penetration tests and security assessments to identify any potential issues and report on their findings, so we can address any problems that their team will discover. In line with those services, they also ensure that the software’s resilience, resolution, and robustness are at ideal levels. 

What is the team composition?

Our main point of contact is Vlad (Co-Founder & CEO), while they’ve designated an entire team of coders and security analysts to work on the project itself.

How did you come to work with Berezha Security Group?

I reached out to a few companies that we could potentially onboard for this particular project — Berezha Security Group was the first team to respond to us. Additionally, we went with them because we liked their proposal and work approach.

How much have you invested with them?

We’ve spent about $1,000 so far.

What is the status of this engagement?

We kicked off the engagement in May 2021, and it’s ongoing. We’ve just wrapped up the first phase of the project.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

I’m satisfied with Berezha Security Group’s work. They know how to identify accurate areas of weakness or potential issues, and they work quickly to address each issue to ensure that the software runs seamlessly. Their work has been absolutely impeccable so far.

How did Berezha Security Group perform from a project management standpoint?

We use Slack as our main communication channel. Berezha Security Group manages our project well. We’re always given transparent updates, so we know that we can trust their workflow and management. Their team is also keen on accomplishing tasks based on the priorities or urgencies we relay.

What did you find most impressive about them?

Berezha Security Group is a smart and ethical team that handles the vulnerabilities of our platform well. They gain access to different platforms without disrupting any system or workflow, and that’s a great indication of their expertise.

Are there any areas they could improve?

I’m happy with Berezha Security Group’s performance, so I don’t have any complaints.

Do you have any advice for potential customers?

Maximize your interaction with their team to ensure that everything is on track and at par with your standards. They’re a hardworking team that can bring your vision to life.

BACKGROUND

Introduce your business and what you do there.

I’m the head of development and a digital banking consultant for Credo Bank. It’s a large Georgian bank.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security Group?

We needed a security assessment and testing done on all of our digital channels, including internet and mobile banking.

SOLUTION

What was the scope of their involvement?

Berezha did security testing on the structure of our systems and codes. After, they provided reports, along with recommendations for repairs. We will have them retest us once the repairs have been made.

What is the team composition?

We work with 5–6 people, including a project manager and several engineers.

How did you come to work with Berezha Security Group?

Our cybersecurity resource found them. They were chosen based on their reputation and ratings.

How much have you invested with them?

We’ve spent more than $25,000 so far.

What is the status of this engagement?

We began working together around April 2021, and it is an ongoing relationship.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement? 

Berezha is professional and works extremely fast. For example, we had a meeting on a Monday, and they were working on the task we discussed by Tuesday. In general, we’re quite happy with everything they’re doing.

How did Berezha perform from a project management standpoint?

They provide detailed reports and excel at keeping timelines. We have Zoom meetings and use Microsoft Teams for communication. They also have some other tools, but I don’t recall the names.

What did you find most impressive about them?

Berezha’s team pushes to make sure that they’re doing high-quality work. We are all comfortable working with them.

Are there any areas they could improve?

There was a minor language barrier, but it wasn’t serious at all. 

BACKGROUND

Please describe your company and your position there.

/n software is the leading provider of professional tools and components for Internet Communications and Security. I am a product manager responsible for the development and release of our flagship product lines.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

We were looking for a cybersecurity firm to asses the security of our internal cryptographic implementations.

SOLUTION

How did you select this vendor and what were the deciding factors?

We chose Berezha Security Group after discussions with several people and establishing a level of trust that put us at ease with their experience.

Describe the project in detail and walk through the stages of the project.

They performed a thorough test and analysis of core cryptographic code then provided a detailed report along with walking us through the report as a team. They were responsive and available throughout the process and the report was detailed so as not to leave any doubts about any issues that were raised.

How many resources from the vendor's team worked with you, and what were their positions?

We worked with a team of 4 or 5 who had a variety of roles, all of whom were experts in security.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The report we received highlighted issues that were then easily addressed in our code.

How effective was the workflow between your team and theirs?

The communication was smooth and their team was always available for questions.

What did you find most impressive or unique about this company?

Their team was highly professional and experienced. There is no question they can produce the results they advertise.

Are there any areas for improvement or something they could have done differently?

There is nothing I would have changed.

BACKGROUND

Please describe your company and your position there.

I'm the co-founder of a software development company that provides web-based SaaS solutions.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

We were looking for an external cybersecurity company to perform an annual security audit of a SaaS platform for our client needs. We needed to make sure there were no potential data leaks.

SOLUTION

How did you select this vendor and what were the deciding factors?

We searched online for best cybersecurity firms in Ukraine, got in touch with top 5 companies and decided to go for Berezha because they were very responsive.

Describe the project in detail and walk through the stages of the project.

They performed a thorough security audit of a SAAS platform, identifying potential risks in our infrastructure. They immediately reported all critical vulnerabilities that were found during the audit. After they finished, they delivered a report on all of our risks and provided a list of security recommendations.

How many resources from the vendor's team worked with you, and what were their positions?

We were in touch with their CEO and had a project manager, 2 security analysts, and penetration testers.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

They're identifying far more risks than our internal testers could and their team is addressing those changes for us. They tested not only the SAAS platform but also all the 3rd party software that are using for the infrastructure. They also took the time to teach us best practices of cybersecurity.

How effective was the workflow between your team and theirs?

It was very effective. We had few productive meetings and they kept us updated as they went through the testing.

What did you find most impressive or unique about this company?

Their competence level is very high. It's amazing experience to work with a team of professionals.

Are there any areas for improvement or something they could have done differently?

No, I don’t think so. They're the top in the cybersecurity area.

BACKGROUND

Please describe your company and your position there.

I'm COO of Birghtgrove company. Brightgrove is focused on software development, consulting, and outsourcing. We deliver a broad array of managed services to our clients, including the development of top-quality software applications, quality assurance, testing, web systems design, and offshore staff augmentation.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security Group?

Berezha Security Group (BSG) delivered an exciting cybersecurity refresher workshop for the senior staff at Brightgrove. The trainer brought the audience up to date with the latest cybersecurity threats to high-tech enterprises and shared insight about how to battle them.

SOLUTION

How did you select this vendor and what were the deciding factors?

We had engagements with BSG before, and we based our selection choice on the results of the prior collaboration.

Describe the project in detail and walk through the stages of the project.

The BSG representative has arranged a 3-hour session for the lecture, and then a Q&A series followed. During the course, the audience could freely ask clarifying questions and dig into the specifics of the material presented. We had also dug into a few real business cases of detected and prevented cyber intrusions. During the lecture, the speaker tailored the material according to the interactive poll results. After the session, the video recording has remained privately available on YouTube.

How many resources from the vendor's team worked with you, and what were their positions?

The team for this workshop contained the trainer only.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The audience remained highly engaged all the time during the workshop. The trainer's delivery radically differed from what we expected based on our observations during the selection process or after previous experience with CBT security awareness courses. As a result, the audience has learned a lot and was able to clear out every pre-existing ambiguity in the corporate security requirements and countermeasures with a professional third-party expert.

How effective was the workflow between your team and theirs?

The workflow was easy. The communications during the training preparations and delivery were efficient and straightforward.

What did you find most impressive or unique about this company?

They explained the material in a simple and convenient form, using metaphors and real-world examples. The lecturer was open to discussing the content and ensured that everyone in the audience understands all its nuances.

Are there any areas for improvement or something they could have done differently?

Based on our experience throughout the project, we do not suggest any changes. Everything is good as it is now. We would certainly prefer an in-person session the next time, when everyone gets vaccinated.

BACKGROUND

Introduce your business and what you do there.

I’m the CEO of Vispato. We offer an online whistleblowing system for companies.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security Group?

We hired Berezha Security Group to work on security testing for our solution.

SOLUTION

What was the scope of their involvement? 

Berezha Security Group mainly provided penetration testing for our whistleblowing system. To start, they did a complete security assessment of the software, performing penetration tests over the course of several days. It was more or less a manual process, though they also used Burp for support. They examined the inside and outside of the application to make sure that there were no vulnerabilities in the software. 

What is the team composition? 

We dealt with about five people, with 3–4 resources on the project itself. That included a head of security, a product manager, and two penetration testers.

How did you come to work with Berezha Security Group?

I found them through a personal recommendation. It’s always good when you know someone who’s worked with a vendor before, so that was the main reason why we decided to go with them.

How much have you invested with them?

We’ve spent €5,000–€£6,000 (approximately $6,000–$7,000 USD).

What is the status of this engagement?

The project for Vispato took place in February 2021. It was a one-time engagement, but we’ll likely have them do a security assessment for our other company, Auditi, too. In that sense, I’d say that the contract is still ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Overall, we were very satisfied with Berezha Security Group’s results. They stood out because they were very thorough in their tests and covered a lot of bases. The communication and reporting that they did were great, too.

A security assessment is very difficult to evaluate. However, we do have quite a bit of experience doing penetration tests with other companies, so I know what to expect out of these engagements.

How did Berezha Security Group perform from a project management standpoint?

They managed the engagement well — it was very professional. We dealt mostly through email and Slack. Regarding timing, there was no particular deadline for the deliverables, but they were quick with the project. The team started right off the bat with no delays. 

What did you find most impressive about them?

Berezha Security Group had very good credentials and references.

Are there any areas they could improve?

No, I was very satisfied with the whole project. I didn’t experience any negative points during the project — otherwise, we wouldn’t be working on the second assessment for our other company. 

Do you have any advice for potential customers?

Their team behaves professionally and knows what they’re doing, so there’s not much advice needed.