Berezha Security Group

Introduce your business and what you do there.

I’m the CTO of a video analytics company.

What challenge were you trying to address with Berezha Security Group?

We needed their team to conduct security assessment tests on our software.

What was the scope of their involvement?

Berezha Security Group conducts penetration tests and security assessments to identify any potential issues and report on their findings, so we can address any problems that their team will discover. In line with those services, they also ensure that the software’s resilience, resolution, and robustness are at ideal levels. 

What is the team composition?

Our main point of contact is Vlad (Co-Founder & CEO), while they’ve designated an entire team of coders and security analysts to work on the project itself.

How did you come to work with Berezha Security Group?

I reached out to a few companies that we could potentially onboard for this particular project — Berezha Security Group was the first team to respond to us. Additionally, we went with them because we liked their proposal and work approach.

How much have you invested with them?

We’ve spent about $1,000 so far.

What is the status of this engagement?

We kicked off the engagement in May 2021, and it’s ongoing. We’ve just wrapped up the first phase of the project.

What evidence can you share that demonstrates the impact of the engagement?

I’m satisfied with Berezha Security Group’s work. They know how to identify accurate areas of weakness or potential issues, and they work quickly to address each issue to ensure that the software runs seamlessly. Their work has been absolutely impeccable so far.

How did Berezha Security Group perform from a project management standpoint?

We use Slack as our main communication channel. Berezha Security Group manages our project well. We’re always given transparent updates, so we know that we can trust their workflow and management. Their team is also keen on accomplishing tasks based on the priorities or urgencies we relay.

What did you find most impressive about them?

Berezha Security Group is a smart and ethical team that handles the vulnerabilities of our platform well. They gain access to different platforms without disrupting any system or workflow, and that’s a great indication of their expertise.

Are there any areas they could improve?

I’m happy with Berezha Security Group’s performance, so I don’t have any complaints.

Do you have any advice for potential customers?

Maximize your interaction with their team to ensure that everything is on track and at par with your standards. They’re a hardworking team that can bring your vision to life.

Introduce your business and what you do there.

I’m the head of development and a digital banking consultant for Credo Bank. It’s a large Georgian bank.

What challenge were you trying to address with Berezha Security Group?

We needed a security assessment and testing done on all of our digital channels, including internet and mobile banking.

What was the scope of their involvement?

Berezha did security testing on the structure of our systems and codes. After, they provided reports, along with recommendations for repairs. We will have them retest us once the repairs have been made.

What is the team composition?

We work with 5–6 people, including a project manager and several engineers.

How did you come to work with Berezha Security Group?

Our cybersecurity resource found them. They were chosen based on their reputation and ratings.

How much have you invested with them?

We’ve spent more than $25,000 so far.

What is the status of this engagement?

We began working together around April 2021, and it is an ongoing relationship.

What evidence can you share that demonstrates the impact of the engagement? 

Berezha is professional and works extremely fast. For example, we had a meeting on a Monday, and they were working on the task we discussed by Tuesday. In general, we’re quite happy with everything they’re doing.

How did Berezha perform from a project management standpoint?

They provide detailed reports and excel at keeping timelines. We have Zoom meetings and use Microsoft Teams for communication. They also have some other tools, but I don’t recall the names.

What did you find most impressive about them?

Berezha’s team pushes to make sure that they’re doing high-quality work. We are all comfortable working with them.

Are there any areas they could improve?

There was a minor language barrier, but it wasn’t serious at all. 

Please describe your company and your position there.

/n software is the leading provider of professional tools and components for Internet Communications and Security. I am a product manager responsible for the development and release of our flagship product lines.

For what projects/services did your company hire Berezha Security Group?

We were looking for a cybersecurity firm to asses the security of our internal cryptographic implementations.

How did you select this vendor and what were the deciding factors?

We chose Berezha Security Group after discussions with several people and establishing a level of trust that put us at ease with their experience.

Describe the project in detail and walk through the stages of the project.

They performed a thorough test and analysis of core cryptographic code then provided a detailed report along with walking us through the report as a team. They were responsive and available throughout the process and the report was detailed so as not to leave any doubts about any issues that were raised.

How many resources from the vendor's team worked with you, and what were their positions?

We worked with a team of 4 or 5 who had a variety of roles, all of whom were experts in security.

Can you share any outcomes from the project that demonstrate progress or success?

The report we received highlighted issues that were then easily addressed in our code.

How effective was the workflow between your team and theirs?

The communication was smooth and their team was always available for questions.

What did you find most impressive or unique about this company?

Their team was highly professional and experienced. There is no question they can produce the results they advertise.

Are there any areas for improvement or something they could have done differently?

There is nothing I would have changed.

Please describe your company and your position there.

I'm the co-founder of a software development company that provides web-based SaaS solutions.

For what projects/services did your company hire Berezha Security Group?

We were looking for an external cybersecurity company to perform an annual security audit of a SaaS platform for our client needs. We needed to make sure there were no potential data leaks.

How did you select this vendor and what were the deciding factors?

We searched online for best cybersecurity firms in Ukraine, got in touch with top 5 companies and decided to go for Berezha because they were very responsive.

Describe the project in detail and walk through the stages of the project.

They performed a thorough security audit of a SAAS platform, identifying potential risks in our infrastructure. They immediately reported all critical vulnerabilities that were found during the audit. After they finished, they delivered a report on all of our risks and provided a list of security recommendations.

How many resources from the vendor's team worked with you, and what were their positions?

We were in touch with their CEO and had a project manager, 2 security analysts, and penetration testers.

Can you share any outcomes from the project that demonstrate progress or success?

They're identifying far more risks than our internal testers could and their team is addressing those changes for us. They tested not only the SAAS platform but also all the 3rd party software that are using for the infrastructure. They also took the time to teach us best practices of cybersecurity.

How effective was the workflow between your team and theirs?

It was very effective. We had few productive meetings and they kept us updated as they went through the testing.

What did you find most impressive or unique about this company?

Their competence level is very high. It's amazing experience to work with a team of professionals.

Are there any areas for improvement or something they could have done differently?

No, I don’t think so. They're the top in the cybersecurity area.

Please describe your company and your position there.

I'm COO of Birghtgrove company. Brightgrove is focused on software development, consulting, and outsourcing. We deliver a broad array of managed services to our clients, including the development of top-quality software applications, quality assurance, testing, web systems design, and offshore staff augmentation.

For what projects/services did your company hire Berezha Security Group?

Berezha Security Group (BSG) delivered an exciting cybersecurity refresher workshop for the senior staff at Brightgrove. The trainer brought the audience up to date with the latest cybersecurity threats to high-tech enterprises and shared insight about how to battle them.

How did you select this vendor and what were the deciding factors?

We had engagements with BSG before, and we based our selection choice on the results of the prior collaboration.

Describe the project in detail and walk through the stages of the project.

The BSG representative has arranged a 3-hour session for the lecture, and then a Q&A series followed. During the course, the audience could freely ask clarifying questions and dig into the specifics of the material presented. We had also dug into a few real business cases of detected and prevented cyber intrusions. During the lecture, the speaker tailored the material according to the interactive poll results. After the session, the video recording has remained privately available on YouTube.

How many resources from the vendor's team worked with you, and what were their positions?

The team for this workshop contained the trainer only.

Can you share any outcomes from the project that demonstrate progress or success?

The audience remained highly engaged all the time during the workshop. The trainer's delivery radically differed from what we expected based on our observations during the selection process or after previous experience with CBT security awareness courses. As a result, the audience has learned a lot and was able to clear out every pre-existing ambiguity in the corporate security requirements and countermeasures with a professional third-party expert.

How effective was the workflow between your team and theirs?

The workflow was easy. The communications during the training preparations and delivery were efficient and straightforward.

What did you find most impressive or unique about this company?

They explained the material in a simple and convenient form, using metaphors and real-world examples. The lecturer was open to discussing the content and ensured that everyone in the audience understands all its nuances.

Are there any areas for improvement or something they could have done differently?

Based on our experience throughout the project, we do not suggest any changes. Everything is good as it is now. We would certainly prefer an in-person session the next time, when everyone gets vaccinated.

Introduce your business and what you do there.

I’m the CEO of Vispato. We offer an online whistleblowing system for companies.

What challenge were you trying to address with Berezha Security Group?

We hired Berezha Security Group to work on security testing for our solution.

What was the scope of their involvement? 

Berezha Security Group mainly provided penetration testing for our whistleblowing system. To start, they did a complete security assessment of the software, performing penetration tests over the course of several days. It was more or less a manual process, though they also used Burp for support. They examined the inside and outside of the application to make sure that there were no vulnerabilities in the software. 

What is the team composition? 

We dealt with about five people, with 3–4 resources on the project itself. That included a head of security, a product manager, and two penetration testers.

How did you come to work with Berezha Security Group?

I found them through a personal recommendation. It’s always good when you know someone who’s worked with a vendor before, so that was the main reason why we decided to go with them.

How much have you invested with them?

We’ve spent €5,000–€£6,000 (approximately $6,000–$7,000 USD).

What is the status of this engagement?

The project for Vispato took place in February 2021. It was a one-time engagement, but we’ll likely have them do a security assessment for our other company, Auditi, too. In that sense, I’d say that the contract is still ongoing.

What evidence can you share that demonstrates the impact of the engagement?

Overall, we were very satisfied with Berezha Security Group’s results. They stood out because they were very thorough in their tests and covered a lot of bases. The communication and reporting that they did were great, too.

A security assessment is very difficult to evaluate. However, we do have quite a bit of experience doing penetration tests with other companies, so I know what to expect out of these engagements.

How did Berezha Security Group perform from a project management standpoint?

They managed the engagement well — it was very professional. We dealt mostly through email and Slack. Regarding timing, there was no particular deadline for the deliverables, but they were quick with the project. The team started right off the bat with no delays. 

What did you find most impressive about them?

Berezha Security Group had very good credentials and references.

Are there any areas they could improve?

No, I was very satisfied with the whole project. I didn’t experience any negative points during the project — otherwise, we wouldn’t be working on the second assessment for our other company. 

Do you have any advice for potential customers?

Their team behaves professionally and knows what they’re doing, so there’s not much advice needed.

Introduce your business and what you do there.

Unifonic is a cloud communication service provider in the Middle East. I’m the software engineering manager for the company.

What challenge were you trying to address with Berezha Security Group?

We were trying to improve security within our cloud software. We wanted to be aware of the status of our security, and that’s why we went to Berezha Security Group.

What was the scope of their involvement?

First, they took a look at our current cloud infrastructure security. Berezha Security Group then tried to breach our systems. We gave them access to our platform as though they were one of our customers, and they tried to break into the system.

They came up with a summary of what they were able to achieve and the holes they found in our system in a report that covered our infrastructure and software.

We provided information on the systems for testing. We gave Berezha Security Group a bunch of IP addresses, hostnames, and credentials for logging into the system. The documentation amounted to a couple of pages.

They performed a scan on our AWS accounts. On the infrastructure side, they checked for best practices for our two-factor authentication system and the safety of API keys and passwords. They checked S3 buckets for the existence of policies that were always permissive or open to abuse.

They checked our software from a customer perspective, doing things like cross-site request scripting. They tried to do SQL injections in order to hijack other customers’ sessions as well.

The output was an executive summary stating how they tried to compromise our system and what they were successful in achieving. They also detailed where we were trailing in terms of cloud infrastructure best practices.

What is the team composition? 

There were at least two engineers involved, along with one of their VPs.

How did you come to work with Berezha Security Group?

We found around four vendors through Clutch and contacted them. Berezha Security Group came across as the most knowledgeable. They felt like real hackers, and that’s what attracted me to them. Based on our conversations, they knew what they were doing.  

How much have you invested with them?

The total spend was $7,000–$7,500.

What is the status of this engagement?

The project ran between September–November 2020. We also got a free retest, after going through the report and fixing what was identified. Berezha Security Group came back in January 2021 for that.

We might consider them for another round of work as we implement standard practices within the organization.

What evidence can you share that demonstrates the impact of the engagement?

It would be hard to directly gauge the impact because it cuts across multiple areas. Berezha Security Group opened our eyes to a lot of things that we weren’t even aware of. They pushed us into taking security a lot more seriously, encouraging us to create a security organization within the engineering department.

How did Berezha Security Group perform from a project management standpoint?

They were excellent in this regard. There’s nothing negative that I could say from a project management perspective.

The initial communication was over Zoom meetings, and we interacted over Slack once the project started. They told us what they needed in the beginning, and they delivered a report at the end.

What did you find most impressive about them?

We weren’t as organized as we could’ve been, but they were very patient and flexible. 

Are there any areas they could improve?

If anything, we were the ones lacking in organization. It’s difficult to see room for improvement on Berezha Security Group’s side. They did a very good job.

Do you have any advice for future clients of theirs?

Clients should be proactive in getting Berezha Security Group what they need. They know their stuff. If they say they’re going to start on a particular date, they will. If the client is late on their side, they’ll end up delaying their own project.

Please describe your company and your position there.

I'm CIO of Foxtrot Group of companies, I'm responsible for the digital transformation of our holding.

For what projects/services did your company hire Berezha Security Group?

Our company develops a new e-com platform. We hired Berezha Security to evaluate the safety of our new web-app and to identify any existing vulnerabilities.

What were your goals for this project?

To make safe E-Com solution.

How did you select Berezha Security Group?

Berezha Security was our reliable partner at the previous projects.

Describe the project in detail.

We held several initial meetings, at which we discussed the requirements and objectives of the project, agreed on the time of the work. After that, we provided the Berezha Security representatives with the necessary access and at the agreed time (09/21/2020) they began testing.

Testing lasted 17 working days. During testing, we constantly maintained online communication, consulted on issues arising in the process of performing work. At the end of testing, we were provided with a detailed report, which we discussed at a joint meeting.

Within 60 days after submitting the report, Berezha Security rechecked the elimination of the vulnerabilities we identified in the process.

What was the team composition?

The team was composed of:

• Application Security Analyst – 3 persons
• Application Security Lead – 1 person
• Co-founder of Berezha security, LLC

Can you share any outcomes from the project that demonstrate progress or success?

Berezha carried out a high-quality check of the site's security, provided an extended report, including the identified problem areas and vulnerabilities in the security of the site and the settings of the CMS system, the devops environment in which the site will be deployed, as well as providing comprehensive comments on methods of eliminating vulnerabilities and fixing settings.

How effective was the workflow between your team and theirs?

The communication was easy. The team was responsive, we had no blockers all along the way.

What did you find most impressive about this company?

Berezha has experience and knowledge in the field of security testing and secure development technologies. They do their job quickly and efficiently.

Are there any areas for improvement?

We are completely satisfied with BSG work.

Please describe your company and your position there.

Demio is a hassle-free webinar platform built for marketers. With our platform, companies can generate leads, filter prospects, perform group demos, host engaging sales presentations, integrate with their CRM, view advanced webinar reporting, track conversions, and more.

 It’s truly unlike any other product on the market. I am one of the co-founders here at Demio and help run the operations and general administrative functions.

For what projects/services did your company hire Berezha Security Group?

Demio is always looking to improve and we've put a big emphasis on the security/privacy aspect of our engineering in 2020. We ended the year with a full-service penetration test to find any weak points in our architecture. We searched for a quality penetration testing company and found Berezha Security Group as a highly rated company, already recommended.

What were your goals for this project?

Our goal was to have a full breakdown of any security or privacy issues within our SaaS architecture. We are always looking for ways to operationally improve, but in this instance, we wanted to find any technical items we may have missed. This serves to provide a safer experience for our customers, reduce risks to the company, and make it easier to scale.

How did you select Berezha Security Group?

One of our Senior engineers recommended a list of certified vendors and on this list was the highly-rated Berezha Security Group. The Demio Director of Engineering lives in Ukraine and was in the same city/timezone as Berezha. This made communication a breeze and perfectly synced timezones.

Describe the project in detail.

Once we reached out, the Berezha Security Group worked with us on a timeline and project scope for the project. We had a shorter timeline and they were generous enough to find a way to get a schedule for work through the end of the year and on our timeline.

They joined the Demio Slack group and aligned with our Engineering team to walk through the Demio application and architecture. They were able to view both the user experience and gained access to an account using a non-production environment. After the penetration testing, we spent time on a call to review the report and individually view/diagnose any problems that were found.

They work to outline risks by different categories and are realistic in both the business and privacy concerns each one holds. You can then run a re-test when we complete the findings.

What was the team composition?

We spoke and worked with the CEO/Founders to set up the project and had a project manager and security engineers inside of the Demio team. The project flowed smoothly with communication and calls.

Can you share any outcomes from the project that demonstrate progress or success?

With the help of Berezha, we've diagnosed all pending issues on our production servers and closed 50% within the first week. We've then used their risk categories to outline new changes for the future, based on priority in our current roadmap.

How effective was the workflow between your team and theirs?

Our workflow was very smooth. The fact that both our Director of Engineering and the Berezha team were in the same city made the timezones work out perfectly. English was perfectly communicated and the report/findings were extremely thorough.

What did you find most impressive about this company?

Just how helpful they have been through the process. They were there to guide us through each step of the penetration test and understand the business use case almost immediately. This made getting the results a breeze.

Are there any areas for improvement?

We felt that Berezha firmly upheld their promises and delivered the test on time, on budget, and with great communications. We look forward to working with them more in the future.

Introduce your business and what you do there.

We’re a health company that serves doctors and patients in managing medication. I’m the CEO.

What challenge were you trying to address with Berezha Security Group?

We hired them to handle penetration testing following a software development project our company completed.

What was the scope of their involvement?

They were responsible for testing two web apps as well as our native apps. Working remotely, they provided a set of testing credentials for both doctor and patient users. Their job was to use as many techniques as possible to attempt to compromise the system. 

What is the team composition?

We worked with about four people, including a business representative, a senior software engineer, and two junior software engineers. 

How did you come to work with Berezha Security Group?

I found them on Clutch, which was quite useful in my search. We found that their services were in our price range and ranked toward the top of the page. Our team reached out to the top 4–5 vendors on the site, and they were highly engaged. They also offered a very reasonable price, so we hired them. 

How much have you invested with them?

We spent about $10,000 on the work. 

What is the status of this engagement?

We worked together from November–December 2020.

What evidence can you share that demonstrates the impact of the engagement?

They produced an extensive report detailing their findings and recommendations. Once our team implemented their recommendations, they provided a follow-up testing. To verify the robustness of their work, we had an external coder look at the product. They confirmed that they approached the penetration test using best practices and were quite thorough in their work.  

How did Berezha Security Group perform from a project management standpoint?

Their communication was excellent, and they did very well with deadlines. We had a situation that required us to move very quickly on our end. They ramped up speed along with us, working around the clock and on weekends, to help get things done.

What did you find most impressive about them?

They were extremely upfront and transparent with us. I appreciated that they communicated recommendations in a clear, straightforward way. They even helped some of our developers in the process. It was great to have a partner that was completely transparent about what we could expect from them and what they could not do. Most vendors want to sell the dream rather than the reality, so their honesty was appreciated. 

Are there any areas they could improve?

I think they’re doing a fairly excellent job with what they’re doing. I’d love to see their business expand into other areas such as reviewing general compliance standards. 

Do you have any advice for potential customers?

Have your software engineers primed and ready to be completely responsive to their team. Sometimes, their team will identify critical vulnerabilities that need to be fixed instantly. Ensure your team is prepared and not feeling at all threatened by the presence of a penetration testing team.