Blaze Information Security

Introduce your business and what you do there.

I’m the CEO of a social impact platform. We connect employees at large companies with opportunities to share their time, skills, and money with different causes and nonprofits they care about.

What challenge were you trying to address with Blaze Information Security?

We hired them to conduct penetration tests.

What was the scope of their involvement?

We started by providing Blaze with access to our platform. We have multiple instances: a nonprofit portal, a corporate social responsibility manager, an admin dashboard, and our app which is on multiple platforms. 

Blaze got access to each one of those instances and began their testing.

What is the team composition?

We worked with two or three people.

How did you come to work with Blaze Information Security?

We started working with them based on a recommendation from one of our partners. We had a few conversations with different vendors, and Blaze seemed very professional and flexible. 

What is the status of this engagement?

We worked together in December 2019.

What evidence can you share that demonstrates the impact of the engagement? 

Blaze’s work was very thorough. We got a detailed report, and they did a retest, which they prioritized over the weekend because we absolutely needed it. 

The team was aware of our deadlines and very flexible around our needs. They were able to provide comprehensive feedback and solutions to any vulnerabilities they identified.

How did Blaze Information Security perform from a project management standpoint?

It was great. We had a joint Slack channel, so everyone was always on the same page. Everything was visible and clear. It was perfect.

What did you find most impressive about them?

Their overall customer service, attentiveness, and flexibility as a service provider was really impressive. I found it very helpful and useful, especially as an earlier stage company, to have that attention to detail. 

Blaze is also really good technically. The team did an excellent job from both my perspective and the perspective of our tech team. 

Are there any areas they could improve?

Any of the challenges probably came from our side. We asked a lot of them with our deadline, and they did their best.

Do you have any advice for potential customers?

As an early stage company, it’s hard to be proactive when it comes to things that don’t necessarily get you more clients immediately. However, make sure to prioritize this type of service with ample time to address any results or do retests.

Introduce your business and what you do there.

I’m the application security lead at Delivery Hero SE, an online food ordering marketplace. We have multiple entities across the globe that help in delivering food to end-customers via different portals. We own multiple organizations.

What challenge were you trying to address with Blaze Information Security?

We hired them for information security services on our web and mobile platforms.

What was the scope of their involvement?

Blaze Information Security mainly does penetration testing of our web and mobile platforms. They also do red teaming activities on the organization's background.

They audit our system and deliver a set of reports to apprise us of all of the potential exploits or vulnerabilities on our public-facing applications or portals.

What is the team composition?

There are approximately 4–5 people. I work directly with the director. He has multiple information security consultants working under him who perform the assessments.

How did you come to work with Blaze Information Security?

I got their contact information from a colleague of my previous organization. He highly recommended them. 

We hired them for a sample penetration test, and we were very happy with the results. Based on the price, they suited our environment and what we required.

How much have you invested with them?

My company has spent €20,000 (approximately $24,600 USD).

What is the status of this engagement?

We started working together in March 2020, and the work is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

Based on what I’ve seen from the reports and results, they have really in-depth knowledge of the application and its underlying architecture. Their reports are very detailed. Their platform is designed to make it easy for us to access the reports, find the vulnerabilities, and map the vulnerabilities to multiple internal developers. This is convenient from an organizational perspective.

How did Blaze Information Security perform from a project management standpoint?

The director is responsible for end-to-end delivery. From the time the information gathering phase starts, he is involved, along with his information security consultants. He deals directly with the developers or the teams to get an idea of the platform. 

I don’t have to personally be involved at every step, which makes my job much easier. I don’t have to micromanage each and every one of them. I just give them the project, and they execute it. At the end, they come back to me with the results. Then, we perform due diligence to understand what the vulnerabilities are or how they discovered them.

What did you find most impressive about them?

Their price sets them apart. It’s very competitive compared to what I see from other vendors. I wouldn’t say they’re the best, but they’re really excellent in what they do, and the price matters. 

We’re a smaller company, and reaching out to them is really easy. I don’t have to go through the bureaucracy of submitting a ticket or something like that. I can just get on a call with the director, and we discuss the project.

Are there any areas they could improve?

I wouldn’t tell them to improve anything. What they’re doing is really good. They could hire more people geographically. Most of the people working with us are based out of Brazil, and there may be one person from Europe. If they expanded their presence to have more people available locally, we might be able to use them for some onsite activities as well, without it costing a fortune.

Do you have any advice for potential customers?

Communication is important. Put your expectations right upfront at the beginning. If you’re clear with them, they can accommodate your needs. They have a very standardized reporting format, but they’re ready to tweak the reports based on the requirements of the current organization.

Introduce your business and what you do there.

My position is the head of platform for a cryptocurrency exchange platform. We provide trading services for people.

What challenge were you trying to address with Blaze Information Security?

We needed help with testing for our platform.

What was the scope of their involvement?

We have had several different products over the years, and we've had 4–5 engagements with Blaze. We are required to do yearly testing of our platform. 

Blaze takes a black- or gray-box approach to testing our platform yearly. We also have targeted audits of specific new functionality or critical systems, like login and authorization facilities. They also take a completely white-box approach to testing and source code review. They adapt their approach to our needs and what will work best for us.

How did you come to work with Blaze Information Security?

A mutual friend introduced them. They were also used by other companies where friends of mine work, and they were quite happy with them.

How much have you invested in them?

I think we are getting somewhere close to six figures.

What is the status of this engagement?

I believe we began working together in March 2019, and we are still working together.

What evidence can you share that demonstrates the impact of the engagement?

We used different vendors before, and Blaze’s approach is quite refreshing because they are more proactive in the planning phase. They provide better guidance to their clients on what makes sense depending on what they want to achieve. 

Throughout the engagement, we have definitely found that our quality is much better because we have improved our infrastructure and systems. Also, even though we’re constantly testing, it’s becoming harder to find things, which is a good metric. Blaze’s work has had an impact on our processes and approach to things. 

How did Blaze Information Security perform from a project management standpoint?

They are the best company I’ve worked with when it comes to meeting deadlines. One of the reasons we changed from previous vendors is because they were struggling with all of the deadlines. Blaze is always willing to accommodate. They deliver on time and even before the deadline. We have had quite strict demands regarding timelines, and they have always come through for us.

We are in contact daily. From my perspective, they have a very efficient way of working with their clients. Their approach is more engaged and interactive, which has provided much better results for us. It is also time-effective because we can provide them with additional input, which prevents them from going down wrong alleys and things like that. They have discovered several good findings over the years and provided invaluable insight into how we should solve some of them.

What did you find most impressive about them?

I would say how they engage with clients is definitely one of their very strong suits. Also, the depth of their engagement and technical capabilities shows a lot of understanding and effort that is put into these partnerships, compared to some other vendors who take a shallower approach to things. I really get the feeling that Blaze drills down extensively and wants to understand things. They help us solve the problem instead of just delivering a report.

Are there any areas they could improve?

Nothing really comes to mind. They could potentially get bigger so that they could respond to my insane deadlines even quicker, but I don’t really have any big complaints; otherwise, I would have changed to another company already.

Do you have any advice for potential customers?

Communicate as much as possible so that you have aligned expectations of what you want to get from the engagement. I think that is good advice for any company that you want to work with.

Please describe your company and your position there.

We are Leaders in Big Data Analytics for Latin America with a SaaS Platform. I'm the CISO - Chief Information Security Officer, responsible for manage a team with 14 members, like Red Team, Blue Team, Secops, InfraSec, and more.

For what projects/services did your company hire Blaze Information Security?

Penetration Test for our platform and entire company.

What were your goals for this project?

Find bugs, vulnerabilities and weak parts in Neoway.

How did you select Blaze Information Security?

After review and evaluate several providers, and considering Blaze professionals background, customer's references, and etc, we could choose and select Blaze as Service Provider for this Pentest two times.

Describe the project in detail.

Blaze had the challenge to conduct two different Penetration Tests into our Platform and entire company. For first project, the did authenticated and non authenticated tests into the Platform. Our goal was to try find resources they can hack, stole data, etc. They used scan in exposed servers and also Social Engineering via Phishing Email.

What was the team composition?

A project manager and two analystis plus the Services Director.

Can you share any outcomes from the project that demonstrate progress or success?

The results were absolutely better then we expected. With a Really engaged team, Blaze's shown us a new level of Infosec Services. Excelente communications. Excelente report and really well succeeded projects.

How effective was the workflow between your team and theirs?

Better than ever. Team really engaged and available all the time. Communication really flown using an specific communication tool made us really comfortable and well informed all the time during tests weeks.

What did you find most impressive about this company?

Engagement, Deep Technical Knowledge, Service Results, Customer Service.

Are there any areas for improvement?

Actually I don't see.

Please describe your company and your position there.

I am the Security Information Consultant on a Digital bank in Brazil. We have 2kk+ customers and we are present in all Brazilian territory. We have more than 2,000 employees.

For what projects/services did your company hire Blaze Information Security?

We have internet banking and the mobile application for financial transactions of all our products offered. With that, security tests were requested to validate our controls and even our applications.

What were your goals for this project?

Validate internet banking security and mobile application.

How did you select Blaze Information Security?

In 2019 we had already done a job, and it was very satisfying.

Describe the project in detail.

Validate internet banking security and mobile application.

What was the team composition?

The team was composed of 2 blaze analysts with my monitoring by the bank

Can you share any outcomes from the project that demonstrate progress or success?

As this is a bank application, we are unable to provide details.

How effective was the workflow between your team and theirs?

Everything happened in the best possible way and within the agreed time.

What did you find most impressive about this company?

Professionalism is a highlight of Blaze

Are there any areas for improvement?

I have no observation of improvement for Blaze