Introduce your business and what you do there.

I’m one of the co-founders and current COO of ICwhatUC, Inc. We are a technology company based in Calgary, Canada, and we provide a built-for-business video calling platform. 

Our customers are in two big segments. The first segment is utility customers, who are responsible for the heating and cooling of our homes. The second segment is home builders and home services companies, like plumbers and painters. All of our clients use our video calling platform to connect with their customers and help them remotely diagnose or solve issues that they’re facing in their homes.

What challenge were you trying to address with CyberHunter Solutions, Inc?

We are going through some different security and privacy checks and controls this year. We hired CyberHunter to do penetration testing and provide an independent review of our technology solutions from a privacy and security standpoint. 

One of the unique things about our platform is that all of the video calls are recorded and stored within our customers’ environment. For example, one of our clients has conducted 5,000 furnace inspections in the last 6–8 months during the winter season. All of that data needs to be stored securely and privately in a way that everybody’s comfortable with.

What was the scope of their involvement?

CyberHunter did a bit of research and discovery beforehand. They’ve conducted vulnerability scanning and penetration testing for several years. They did some specific research on us as a client and our industry, but what they provided was a pretty standard set of services that they provide to lots of clients.

They spent four days doing penetration testing and issued a report that same week, which was really impressive. The team worked with automated scanning equipment to test IP addresses. They also manually tested our system, trying multiple logging routines, automating scripting, and uploading files to our system. They tried everything they could to break the system. 

We are now in the post-review process, where we’re cleaning up a few things that they found. We have a 90-day window, during which their team will come back and do retests. 

What is the team composition?

Two main people have been involved: Chris (CEO) and a team member who did the primary testing and writing of the report. 

How did you come to work with CyberHunters Solutions, Inc?

I found them through online research, and they were also recommended to me. I was having a hard time finding a good service provider. There are many large companies with high-end service offerings that have SaaS platforms for vulnerability scanning and penetration testing. On the other hand, there are many contractors that are good at their work, but it’s a difficult buying decision to pick one coder in a particular part of the world and know the type of services that they’re going to provide. 

Our company went through an accelerator program called Acceleprise last year. I found CyberHunters separately, but it was through our cohort at Acceleprise that I got the first reference of them being a great service provider. 

I connected with them, and we talked about the service offering. Then, they sent me a well-done proposal. The team had a really structured process; they laid out the work, explained how it was going to be conducted, and executed it in a great manner. We had a kickoff meeting where we set the scope and verified everything was ready to go.

How much have you invested with them?

Our company has invested about $5,000.

What is the status of this engagement?

I connected with them in February 2021, and the main project was done in March of the same year. We still have some work to do to close the identified gaps and do retests.

We also have to do an annual penetration test, so we’ll hire them at least once a year. We have a big release coming up, and depending on the scope of the work we do, we may hire them again this year.

What evidence can you share that demonstrates the impact of the engagement?

The biggest benefit that I found working with CyberHunter is how easy it is to work with them. They’re an excellent service provider, and I have nothing but great things to say about them. I’m really happy with their services, and I plan on using them for more work.

How did Cyber Hunter Solutions, Inc. perform from a project management standpoint?

They've been excellent to work with — they were on budget and on time. The team had clear communication and met their deliverables. 

We mostly communicated through video calling to get introductions, kick things off, and do scoping. We had a few calls and emails during the testing itself and when things were being identified. 

What did you find most impressive about them?

As I said, there are big companies and small contractors, but I felt that they were the right fit for us. We are a growth-stage technology company and only a year-and-a-half old; it didn’t make sense to go with a massive business for 5–6 times the cost. I really liked that they were able to tailor their services to where we are as a company.

I also appreciated how timely and clear their communication was. I haven’t ever had an engagement with a service provider where they finished testing on a Friday and had a draft report to us the same day. Penetration testing is a complicated service, and their team was able to create a well-documented report that anybody could pick up and understand. The draft report was well-documented, and it included screenshots guiding the process. They clearly laid out what the gaps were and what their recommendations were to fix them.

The cleanness and the quality of that deliverable are unlike anything I’ve seen from any audit or review in my entire 20-year career. 

Are there any areas they could improve?

I'm really happy with the work that they've done. Looking back on it, I don’t know how they could be a better partner for us. 

Do you have any advice for potential customers?

For anybody interested in having a good service provider in this industry, just reach out and ask them questions. This is our first time going through a penetration test. I, a non-technical person, certainly had questions; their team was willing to take the time and explain those things to me. They were responsive and easy to work with. 

Please describe your company and your position there.

QA Manager for an experiential learning solution provider for post-secondary institutions in Canada.

For what projects/services did your company hire CyberHunter Solutions Inc.?

We hired CyberHunter to perform Penetration & Vulnerability Tests on our Outcome platform to ensure we had as robust and secure a platform as possible.

What were your goals for this project?

We wanted to ensure that we were adequately defended against any new exploits or attacks.

How did you select CyberHunter Solutions Inc.?

We selected CyberHunter after reviewing a number of Cyber Security companies and talking with one of their referral customers.

Describe the project in detail.

Regular Penetration & Vulnerability Tests for Outcome platform. In addition, quarterly PCI scans.

What was the team composition?

We worked directly with CyberHunter's Senior Pen Tester Matej Zidek and their CTO Chris Dodunski.

Can you share any outcomes from the project that demonstrate progress or success?

CyberHunter provided us with detailed reports which highlighted both potential vulnerabilities, as well as detailed mitigation strategies. Retests were performed to validated that the potential vulnerabilities had been resolved.

How effective was the workflow between your team and theirs?

The workflow between us and CyberHunter was exceptional. They provided detailed reports, regular updates and got on a call with us to talk through potential mitigation. It really felt like we'd hired a partner, not just a consultant. They cared about our understanding of the issues, and really went above and beyond to help ensure we had mitigated the issues.

What did you find most impressive about this company?

I was extremely impressed by both the technical expertise and the very well crafted technical report. Our team has learned a lot and improved our security practices tremendously based on this and subsequent engagements.

Are there any areas for improvement?

I really don't have any.

Please describe your company and your position there.

We are a climate risk data analytics platform company that produces financial risk scores for investors seeking to reduce their exposure to climate change related risks. I'm the Head of Technology and am responsible for leading the company's cybersecurity initiatives and infrastructure buildout.

For what projects/services did your company hire CyberHunter Solutions Inc.?

We hired CyberHunter to conduct a Penetration Test of our cloud infrastructure and systems, as well as a Vulnerability Assessment.

What were your goals for this project?

Our goal for the project was to get an understanding of the risk exposure of our infrastructure, and to pre-empt attackers, as well as to prepare for future penetration tests conducted by our clients.

How did you select CyberHunter Solutions Inc.?

We found CyberHunter on a list of top 10 providers for penetration testing services, and reached out for a call to them, as well as 5 other providers on that list. After a few calls with Chris and Matej from the CyberHunter team, it became clear that this was a reputable shop that was skillful at simulating attacks.

We appreciated their start-up friendly pricing structure; unlike many other providers, CyberHunter was willing to work with us to expand the scope of their tests in the event a client asked us for a deeper dive, while other providers indicated they'd charge for the same work again, because each test needed to be fully self-standing.

Describe the project in detail.

A strandard Penetration Test, Internal Vulnerability Scan, External Vulnerability Scan and internal automated scan of a linux-based server, all happening over the course of 5 days.

What was the team composition?

3 engineers from CyberHunter supported this project and carried out various components, with Chris as the lead contact point for our team.

Can you share any outcomes from the project that demonstrate progress or success?

We received a comprehensive report as promised as a deliverable from the project.The report was detailed and error-free. As an example, when we changed the email address access point into our systems for the final retest component of the project, they report was changed to reflect this detail. We appreciated this attention and care in the team's work.

How effective was the workflow between your team and theirs?

As a security test, contact was kept relatively minimal, and mostly about ensuring expectations were set correctly and access to systems matched what was needed. We found their team responsive and happy to meet to discuss any questions we had along the way.

What did you find most impressive about this company?

CyberHunter did an excellent job setting expectations and then meeting/exceeding them. The results of the project matched very closely to the Statement of Work originally laid out, and in a few places the team went above and beyond to make sure we had what we needed to present the right components of our reports to our clients.

Are there any areas for improvement?

This was a small project, but our experience was entirely positive!

Please describe your company and your position there.

rTraction is a digital services agency that works with both corporations and non-profit organizations to deliver innovative technology solutions that focus on storytelling and improving brand. I am the VP of Production, overseeing design, development and marketing deliverables.

For what projects/services did your company hire CyberHunter Solutions Inc.?

We required a 3rd party penetration test of our web application for a client.

What were your goals for this project?

The goals for the project were to assess the cyber security of our Drupal-based web application by having a penetration test performed so that we could ensure that there were no security gaps and then to provide evidence of this to our clients.

How did you select this vendor?

Some of our technical team members were assigned the task of finding a cybersecurity company that would be a good fit for this penetration testing effort. We had several questions as well as a budget to adhere to. This was a new challenge for us as we had not had the need for such a service before.

The team compared, compiled and presented their findings to our executive team and CyberHunter was the winning choice on all fronts.

Describe the project in detail.

The project involved some pre-testing discussions about the architecture and application, the overall objectives of the test as well as the desired outcome.

CyberHunter used industry-recognized methodologies that were based on the OWASP Top 10 Most Critical Web Application Security Risks, OWASP Testing Guide v4, CWE/SANS TOP 25 Most Dangerous Software Errors and The Penetration Testing Execution Standard as this was a test against a Drupal 8.0 web site hosted on Pantheon infrastructure.

Once the testing was completed by CyberHunter, our team received a comprehensive report describing the identified issues and how to fix them. We corrected the issues, and CyberHunter performed a re-test to ensure they were properly executed. A final report was issued at that point that we were able to deliver to our customers.

What was the team composition?

The team was made up of the CyberHunter tester (Matej), the project manager (Chris) and then from the rTraction side it was myself (Josh Dow, VP Production) and my team.

Can you share any outcomes from the project that demonstrate progress or success?

CyberHunter was able to verify that we had a solid security posture on the web application. They identified certain areas that we needed to fix, and once remediated, they performed a re-test to verify the issues were fixed. They provided a comprehensive report that was easy to understand, had clear remediation advice, and gave our customers the comfort level they were looking for.

How effective was the workflow between your team and theirs?

Very effective. No matter what form of communication we had, CyberHunter always responded promptly and efficiently. They were very respectful to our business needs and worked with us as to when testing could be performed.

What did you find most impressive about this company?

The skill and professionalism in which they executed the tasks required. They identified issues that were completely unknown to us. The CyberHunter team members are clearly experts in their field, and their results and performance consistently identified that.

Are there any areas for improvement?

Regarding our experience and after collaborating with our team, I can’t honestly say that we can think of any areas that CyberHunter could have improved on.

Please describe your company and your position there.

Powernoodle provides a SaaS-based platform to help organizations make better decisions. I am a Director and one of my hats is GRCS.

For what projects/services did your company hire CyberHunter Solutions Inc.?

Third-party penetration testing.

What were your goals for this project?

To identify (and subsequently resolve) any security issues; thereby giving our clients confidence that their data within our cloud-based application is secure.

How did you select this vendor?

Our organization made a commitment to complete regular penetration testing and when that time came around this year, we decided to look at alternatives in the market. As is the norm today, I spent some time online looking at the various options from providers around the world; many of which are located in the US and India. After reading some reviews and visiting a number of other vendor sites, I came across CyberHunter Solutions. Their website was one of the best I encountered; clearly articulating the types of needs in the market and their corresponding solutions. I subsequently reached out to them and had an initial discussion to assess fit from a needs, timing, and cost perspective. As an early stage SaaS company, we have many of the same security needs as a large organization but without the budget of a large organization. CyberHunter got this. I brought out Director of Infrastructure into the conversation and he was similarly impressed. When I laid out the options on the table, our CEO agreed with the recommendation to engage CyberHunter Solutions and the experience has been nothing short of excellent.

Describe the project in detail.

Grey-box penetration testing to verify the security of the platform from both a general and licensed user perspective. A report was provided that detailed description of all discovered attack vectors along with their evidence, severity (based on complexity, probability, user interaction, …) and possible remediation steps. Methodology was based on OWASP Top 10 Most Critical Web Application Security Risks, OWASP Testing Guide v4, CWE/SANS TOP 25 Most Dangerous Software Errors and The Penetration Testing Execution Standard.

What was the team composition?

From the CyberHunter Solutions side, it was Chris and Alex. On our side, our Infrastructure, Development, and GRCS teams were all involved.

Can you share any outcomes from the project that demonstrate progress or success?

While no serious security issues were found, CH identified some lower-severity areas where we could do even better and those insights were used to do just that. After mitigating the issues identified, targeted re-testing was completed to confirm all issues had been addressed.

How effective was the workflow between your team and theirs?

Extremely effective. Via a combination of phone calls and email-based interactions, the communication and workflow among the inter-company team were exceptional.

What did you find most impressive about this company?

Their responsiveness and communications. From the initial inquiry through the preliminary then final reports, CyberHunter solutions is clearly an expert in their field. They are also incredibly in tune with the limited resources of an early-stage company; being beyond accommodating as we worked through implementing enhancements over a number of development sprints.

Are there any areas for improvement?

For the purpose of this engagement, I can’t think of how it could have gone better.

Please describe your company and your position there.

I am the IT director at Horizn, a fintech software firm.

For what projects/services did your company hire CyberHunter Solutions Inc.?

We hired them to perform penetration tests on our platform.

What were your goals for this project?

We wanted to discover any vulnerabilities in our platform.

How did you select this vendor?

We chose them primarily because they were located in Canada and they offered competitive pricing.

Describe the project in detail.

CyberHunter Solutions did vulnerability assessments and penetration tests of our platform. They provided recommendations for improvements and then issued a report for us to provide to our clients. They continue to run tests each quarter.

What was the team composition?

We were assigned a project lead as our main point of contact, along with a penetration tester.

Can you share any outcomes from the project that demonstrate progress or success?

We’ve continued to use them, and we are so pleased with their thorough and fast services that we haven’t looked elsewhere.

How effective was the workflow between your team and theirs?

Their communication and customer service were excellent.

What did you find most impressive about this company?

I contacted them on a Friday afternoon and they were willing to work all weekend to complete my first round of testing.

Are there any areas for improvement?

No, I’m very satisfied.