Cyberlands.io

BACKGROUND

Introduce your business and what you do there.

I’m the chief information security officer for a fintech startup. The target is crypto markets.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Cyberlands.io?

We needed help with penetration testing and API security posture.

SOLUTION

What was the scope of their involvement?

Cyberlands.io performed web penetration testing and security assessment before our platform went live. They used Cloudflare.

What is the team composition?

We had a project manager, a test penetration expert, and a web penetration expert.

How much have you invested with them?

We spent £4,000 (approximately $5,000 USD).

What is the status of this engagement?

We worked together from February–March 2022.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They did excellent work.

How did Cyberlands.io perform from a project management standpoint?

They met the one-month deadline, and we communicated via email and Telegram chat.

What did you find most impressive about them?

They created so many possibilities for our company.

Are there any areas they could improve?

No, there was nothing to improve.

BACKGROUND

Please describe your company and your position there.

I am a Project Director at Dinatech – multi-sourcing integrator company serving top-notch financial institutions in Moscow.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Cyberlands.io?

We procured Cyberlands services to augment our capabilities and perform SOC Program Maturity Assessment of a major bank in Moscow.

SOLUTION

How did you select this vendor and what were the deciding factors?

We needed proven subject matter expertise on how Security Operations Centres are built and operating.

Describe the project in detail and walk through the stages of the project.

First step was to study current state of SOC program, particularly his playbooks, SIEM, determine skills of his SOC analysts, data sources available as how they have been applied for threat detection and automated threat response.

Second step was to create SOC Blueprint with target processes, skills and technologies outlined. Third step was to develop 10 specific playbooks and EDR configuration aimed at jump-starting bank’s threat detection capability at very short timeframe.

How many resources from the vendor's team worked with you, and what were their positions?

3 people – Project Manager, SOC Architect and Offensive Expert.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

6 from 6 (previously 0 from 6) bank SOC analyst were covered with Personal Development Plans, bank got 10 new threat detection and response playbooks, three operation procedures were developed and one EDR configuration was created.

How effective was the workflow between your team and theirs?

They used mix of waterfall and agile practices, applied Trello, messengers and Google Docs. The overall collaboration was more than satisfactory. The main tools for communication and project management were Slack and Jira.

What did you find most impressive or unique about this company?

Their world-class expertise, constructive communication, and reasonable cost are all impressive.

Are there any areas for improvement or something they could have done differently?

They might be more flexible in procurement process.

BACKGROUND

Please describe your company and your position there.

Serial Entrepreneur, Visioner, Cybersecurity Geek, CEO and Founder of Hideez Group Inc. - Cybersecurity company providing an all-in-one security key for physical and digital access.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire CYberlands.io?

Cyberlands B.V. API Penetration Testing company conducted a security assessment of Hideez Enterprise Solution (Windows environment).

SOLUTION

How did you select this vendor and what were the deciding factors?

We searched online and ask recommendations from our partners who can make these tasks for us.

Describe the project in detail and walk through the stages of the project.

Particularly they checked whether Hideez Enterprise Solution:

• allows using Hideez Key without the user being present in front of PC with Bluetooth adapter
• allows extracting secrets from Hideez Key using low-level operations system calls
• allows stealing user credentials by a regular keylogger cybercrime tool
• allows stealing user credentials by targeted sealer cybercrime tool
• protects itself from a reverse engineering attack.

How many resources from the vendor's team worked with you, and what were their positions?

We cooperated with CTO and Project Manager. Some peoples work inside Cyberlands Team.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

We got recommendations to implement in our secure environment and implemented that in the short term. https://hideez.com/pages/proofs-of-security

How effective was the workflow between your team and theirs?

We got three very productive conversations online.

What did you find most impressive or unique about this company?

We know the CEO from previous experience and got unique deep cybersecurity experience from CTO.

Are there any areas for improvement or something they could have done differently?

We would like a more formal approach to start cooperation and fill in a brief description of our solution and security questions. But in our not standard case, I think that was very professional.

BACKGROUND

Please describe your company and your position there.

My company is a provider of digital banking services in UK. I'm an chief information security officer who is responsible for IT security and PCI DSS compliance matters.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire CyberLands B.V.?

In order to comply with the PCI DSS, our company must undergo penetration testing every six months. Since we do not have in-house penters, we have hired Cyberlands B.V. to do this project

What were your goals for this project?

Our goal for this project was to ensure that the services that process, store and transmit our customers' payment card data have a high level of security and do not contain any critical vulnerabilities

SOLUTION

How did you select CyberLands B.V.?

I know the staff of Cyberlands B.V. well from working on other projects and appreciate his professionalism, when he offered to work together on a project I had no doubts

Describe the project in detail.

We have a scope of services that process payment card data, which includes components: API and backend. The task of Cyberlands B.V. was to test these components and make sure that they have a high level of security and are not exposed to vulnerabilities that could allow our services and customer data to be compromised.

What was the team composition?

I have been in communication with the project manager and the head of penetration testing. Communication with the team was organised via telegram chat, which allowed all organisational and technical issues to be resolved promptly

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The project demonstrated that our services have a high level of security, which Cyberlands B.V. helped us to verify by thoroughly checking the entire project scope

How effective was the workflow between your team and theirs?

The work was initially built efficiently, we started and completed the project on time, and there were no issues during the course of the project

What did you find most impressive about this company?

What I found most impressive was the flexibility of their approach to work, the speed with which all issues were resolved and the state-of-the-art tools used by colleagues at Cyberlands B.V. to conduct penetration testing

Are there any areas for improvement?

The only thing that could be improved is to designate a time frame for discussing the project and milestones during the day. In a distributed team environment, this would make the work even faster

BACKGROUND

Please describe your company and your position there.

I am Head of Special Projects in a major gambling company (undisclosed), we have millions of users daily.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Cyberlands.io?

We procured Cyberlands services to perform security assessment of our mobile app.

SOLUTION

How did you select this vendor and what were the deciding factors?

We heard about their mobile security expertise.

Describe the project in detail and walk through the stages of the project.

They tested mobile app itself (iOS, Android) as well as did analysis of network communications with back-end API server.

How many resources from the vendor's team worked with you, and what were their positions?

2 people – Project Manager, Mobile Penetration testing expert.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Deep security analysis, clear penetration testing report. 2 mobile apps (iOS, Android) and network communications with back-end API server were tested, we can’t disclose our vulnerabilities found.

How effective was the workflow between your team and theirs?

Project took 2 weeks, clear SoW was in place, we experienced prompt response to our requests.

What did you find most impressive or unique about this company?

Their customer focus was impressive.

Are there any areas for improvement or something they could have done differently?

Maybe some discounts for recurring projects

BACKGROUND

Please describe your company and your position there.

I am a Project Manager at Spsoft – a premium technology accelerator from Bay Area.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Cyberlands.io?

Spsoft hired Cyberlands for performing AWS Purple Team exercise (AWS Penetration Testing in general)

What were your goals for this project?

Our goal was to train our SOC analysts in AWS security monitoring and response

SOLUTION

How did you select Cyberlands.io?

We selected Cyberlands because of their reputation and local presence in Ukraine where our involved delivery center is based

Describe the project in detail.

At first, we made a communication channel (Telegram), at second Cyberlands performed services of security check against targeted AWS infrastructure while our team tried to detect their activity. Finally, Cyberlands provided a detailed report on how the exercise of this offensive service was conducted

What was the team composition?

3

• Project Manager
• Offensive Expert
• Offensive Junior

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The project was completed in full and we’ve got a great opportunity to uncover gaps in our SOC analyst's skills.

How effective was the workflow between your team and theirs?

Super effective, I would say. They applied agile as we needed with a heavy focus on Telegram and Google Meet.

What did you find most impressive about this company?

Their scheduling flexibility and depth of expertise are amazing.

Are there any areas for improvement?

They might push us to less agile project management practices, which would make delays from our side lesser.

BACKGROUND

Please describe your company and your position there.

I am a CTO at DV Global B.V. – Dutch cloud & premium hosting infrastructure company.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Cyberlands.io?

We needed API Penetration Testing service to ensure our new offering is secure from external attackers

What were your goals for this project?

1. Ensure our new service is secure from external threats
2. Get penetration testing report to share it with our customers (for marketing purposes)

SOLUTION

How did you select Cyberlands.io?

We found them in LinkedIn and selected over two other vendors

Describe the project in detail.

Cyberlands provided API Penetration Testing in conformance with industry-standard requirements set - OWASP API TOP-10 2019

What was the team composition?

There were two penetration testers - senior and junior

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

We've got a report with 5 API Security risks explained and mapped to our business specifics, as well as 9 remediation actions to be implemented

How effective was the workflow between your team and theirs?

The workflow was effective indeed, delayed were minimal and their customer focus was obvious

What did you find most impressive about this company?

They have provided clear and concise executive summary and risk metrics

Are there any areas for improvement?

We'd like to use electronic signatures, they were not ready for that from beginning