cyber security services
We assess, develop, implement, certify and maintain secure systems. We teach security. Add our deep IT and cybersecurity expertise to your projects.
Our distinctions:
1. Highest flexibility. Our slogan is “professional services for any budget”. We even provide free services. We study your needs carefully. Unlike other companies, our pre-engagement documentation includes a comprehensive set of detailed project parameters. You understand exactly what you pay for. We have a great deal of experience and are continually improving our methodology.
2. International security certifications. The specialists of H-X have earned and maintain internationally recognized certifications (CISSP, OSCP, CISA, ISO 27001, CEH, CLPTP, ISA/CFS, etc.). These certifications cannot be obtained without proven years of experience and successfully passing rigorous exams.
3. Absolute reliability. We value our reputation, so we strictly adhere to all laws and our Code of Ethics. We respect the rights and interests not only of our clients and partners but also the legitimate rights and interests of third parties. Our specialists sign your commitment forms personally, just like your employees. Such reliability is usually unreachable with small companies, let alone freelance or bug bounty platforms.
4. Experience in IT and information security. Since 1998, we have gained a lot of experience in IT, particularly in information security assessment and management, in various spheres (industrial, medical and pharmaceutical, telecommunication, retail, financial, SaaS, IT outsourcing, etc.) and in different countries.
5. Highest quality. H-X uses modern, comprehensive methodologies and tools for development, assessment, and management of IT and cybersecurity. We are attentive to details.
6. Sustaining our team. We are the only Teal company in Ukraine in the field of information security. We highly value the comfort of our employees, who, in addition to decent pay, can always choose interesting tasks.
Recommended Providers
Focus
Portfolio
Security incident response. Forensic investigations
It is always wiser and cheaper to prevent than to ‘cure’ or to ‘make an autopsy’, but if you are under attack now or require a cyber security incident investigation, you can get help here.
Our experts help mitigate and cease cyber attacks and other computer incidents, restore data and normal operations. Specialists of H-X Technologies take into account your business goals to choose the right incident response strategy and give corresponding priorities to your data integrity or confidentiality, your business continuity, identification of the attackers or their prosecution.
We provide detailed forensic examination and analysis of computers, hard drives, mobile devices and digital media. We know how to investigate difficult cases and employ cutting-edge techniques such as analysis of Random-Access Memory (RAM), registry, shadow volumes, timeline analysis and other methods.
Last few years, we have witnessed the increase of computer crimes. Criminals are becoming more aware of digital forensic and investigation capabilities, therefore use more sophisticated methods to commit their crimes without leaving usual evidences. To identify, respond, examine, analyze and report on the computer security incidents, computer forensics and digital investigation methods are constantly evolving.
Our skills include but not limited to:
- Acquiring Data and Evidence
- Live Incident Response and Volatile Evidence Collection
- Advanced Forensic Evidence Acquisition and Imaging
- File System Timeline Analysis
- Advanced File & Registry Analysis including Unallocated Metadata and File Content Types
- Discovering Malware on a Host
- Recovering Files
- Application Footprinting and Software Forensics
- Data Preservation
- System Media and Artifact Analysis
- Database Forensic
- Mobile Forensic
Managed Security and Compliance: ISO 27001, etc.
Audit, implementation and support of ISO 27001, PCI DSS, VDA, TISAX, ISO 16949, ASPICE, HIPAA, GDPR and other standards and regulations. Official certification
The international standard ISO/IEC 27001:2013 “Information technology – Security techniques – Information security management systems – Requirements” is the most recognized worldwide framework for building modern Information Security Management Systems (ISMS) and their official certification.
Our certifications (CISSP, ISO 27001 Lead Auditor, CISA, OSCP, CEH, etc.) allow us to cover both formal and practical aspects of security compliance and security management.
When building an ISMS or security controls, we rely not only on ISO 27001/27002 or PCI DSS, but also actively use other standards and frameworks, when this is appropriate or explicitly required by our customers or their partners. For example, ISF SoGP (Information Security Forum Standard of Good Practice for Information Security), COBIT (Control Objectives for Information & Associated Technologies), VDA ISA (Verband der Automobilindustrie - Association of the Automotive Industry - Information Security Assessment), TISAX (Trusted Information Security Assessment Exchange), ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Privacy Regulation), and so on.
Our approach to implementation begins with simple steps in order to give you the first value for free, to introduce you to the process and to allow you to understand clearly the essence of the implementation works and your role in them.
Audit of Smart Contracts
We review and verify project specifications and the source code of smart contracts to assess their overall security, with a focus on weaknesses and potential vulnerabilities. We complement our findings with solutions that mitigate the risk of future attacks or loopholes.
PROBLEMS OF SMART CONTRACTS
- Inconsistency between specification and implementation
- Flawed design, logic, or access control
- Arithmetic overflow operations (integer overflow and underflow)
- Reentrancy attacks, code injection attacks, and Denial of Service attacks
- Exceeded limits on bytecode and gas usage
- Miner attacks on timestamp and ordering, transaction-ordering dependence (TOD)
- Race conditions, other known attacks and access control violations
METHODS AND TOOLS
Our audits of smart contracts comply with the following requirements:
- The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities.
- The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation.
- The smart contract audit includes the following stages:
- The tests are conducted by a team of specialists with more than 17 years experience in different IT security domains; CISSP, OSCP, CISA and CEH certification holders.
- In general, the code review follows the best practices: Solidity Style Guide and Ethereum Smart Contract Security Best Practices.
The tools we use: Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Geth, Ganache, Mist, Metamask, solhint, mythx, etc.
VDA ISA and TISAX implementation
International information security standard VDA ISA was developed by the German Association of the Automotive Industry VDA (Verband der Automobilindustrie) based on ISO/IEC 27001 and 27002 standards.
Our certifications (CISSP, ISO 27001 Lead Auditor, CISA, OSCP, CEH, etc.) allow us to cover both formal and practical aspects of security compliance and security management.
The standard VDA ISA (Information Security Assessment) contains strictly structured information security assessment criteria, KPIs and additional optional modules:
- Connection to 3rd parties
- Data protection
- Prototype protection
TISAX (Trusted Information Security Assessment Exchange) is a framework for VDA ISA which allows independent vendors to share their certification and assessment results with their customers (usually from the automotive industry).
When building an Information Security Management System (ISMS) and security controls, we rely not only on ISO 27001/27002, VDA ISA and TISAX requirements, but also actively use other standards and frameworks, when this is appropriate or explicitly required by our customers or their partners. For example, ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination), GDPR (General Data Privacy Regulation), and so on.
Our approach to implementation begins with simple steps so that you receive the first results for free. That would also introduce you to the process and help you understand how the implementation works and your role in it.
Security audit and Penetration testing
Penetration testing (pentest, pen-test) — is a security assessment of IT systems, personnel or the whole organization, using ethical hacking methods ("white hat"). Security experts simulate the behavior of computer criminals to assess whether unauthorized access, leakage of confidential information, interruption of service, physical intrusion, or other security incidents are possible. Pentest is not only an automated vulnerability scan, but mostly manual work. Depending on your preferences, the pentest may include interaction with your staff (social engineering).
We have a wide, deep and unique experience and competence in IT and corporate security. Both in GRC (Governance, Risk management and Compliance), and in technical security. Both in Defensive Security and Offensive Security.
We are highly qualified, flexible and reliable:
- Experience in information security
- International security certificates
- Absolute legitimacy and confidentiality
- Highest customization and flexibility
- Highest quality
Our pentests are at the highest level: reverse engineering, 0-day vulnerability research, Red Team, etc.
- We participate in and win CTF and bug bounty.
- We effectively do security analysis of source code and find vulnerabilities and problems that even commercial static security scanners cannot find.
- We have rare competencies, such as the auditing of smart contracts.
- We teach software architects, developers and testers how to program securely.
- We have decades of experience in large international corporations.
Security of industrial information technology (IT) and operational technology (OT)
Security of industrial information technology (IT) and operational technology (OT): Industrial Control System (ICS) and Supervisory Control And Data Acquisition (SCADA)
We provide Industrial IT/OT Security audit, implementation and training services together with our partners AT Engineering (ATE). This is a team of software, electrical and industrial process engineers who specialize in the field of industrial automation. The experience in industrial automation and software of ATE's staff begins in 1995, and they have completed more than 120 projects. Since 2005, they have completed more than 80 projects with an average capacity of 500 man-hours each.
Our international certifications in industrial IT/OT security are ISA CFS and CRS. Our international certifications in general information security are ISC2 CISSP and SSCP, ISACA CISA, Offensive Security OSCP, EC-Council CEH, ISO 27001 Audit/Implementation and others.
To show the level of our competence and erudition, the methods and tools that we use in everyday work are listed below.
For audits, consultations and implementations in the field of security of technological processes, operations, equipment and software of industrial IT/OT, we use the following standards, frameworks and methodologies:
- ISO/IEC 27001, VDA/TISAX
- ISA99, ISA/IEC 62443
- North American Electric Reliability Corporation (NERC) Reliability and Security Guidelines
- NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security, NIST Framework for Improving Critical Infrastructure Cybersecurity
- DHS guidelines for critical infrastructure protection and the Critical Infrastructure Protection framework
In the field of assessment and implementation of OT security, we work at the level of specific vendors. For example, we work with Siemens PLCs using Step7 and TIA Portal, with Schneider Electric equipment using Concept, UnityPro and SoMachine, with Mitsubishi using GX Works, with Omron using CXOne, with Carel using 1tool and with Wago using CoDeSys.
In urgent cases, when it comes to preventing great material damage from a security incident, we are able to reverse engineer not only industrial software code, but also proprietary industrial protocols.
We assess the security of SCADA computers and switches using common automatic and semi-automatic tools (vulnerability databases and scanners, exploits, IDS, IPS, EDR, SIEM, SOAR, etc.) with special configurations, and we also do manual analysis of SCADA scripts and other source code in white box mode.
Security analysis of source code
Get an outstanding level of security with our automated and manual analysis of source code of your applications, smart contracts, services and software components!
You never get such level of assurance with penetration testing, solely automated code review or any other security activities. This service can be delivered as a separate project, in combination with white-box penetration testing or as a part of Application Security or Security Assessment services.
Check out our business cases of security analysis of source code.
The objective of this analysis is security assessment of the source code of your systems or applications: checking integrity and consistency of your code, secure coding principles, finding unsafe or deprecated functions, hidden logical bombs and traps, backdoors, undocumented features, non-optimal coding practices and OWASP top 10 vulnerabilities.
We support the following languages:
- .Net/ASP.Net
- Java EE (JBoss, Tomcat, etc.)
- Java Android
- Objective-C/Swift iOS/MacOS
- PHP
- Javascript
- Python
- C/C++/Assembler
- Solidity
- Golang
- Lua
- your language or platform.
To achieve the objectives, the auditors use two methods:
- SAST (Static Application Security Testing), which allows analyzing source code for known vulnerabilities using automated tools.
- Manual source code review and analysis, in order to reveal unsafe and non-optimal coding practices, hidden logical bombs and traps, backdoors and undocumented features.
Reviews
the project
Code Audit & Penetration Testing for NFT Company
“They’re really engaged when it comes to caring for their customers.”
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I'm the COO of Theos.fi. We have three projects doing activities within the NFT space, such as minting, putting them in the marketplace, and pooling them. This allows fractionalization of NTFs and instant liquidity, solving the two main issues in the market. My role includes binding together the company's building blocks, including development, UI design, marketing, and commercial operations, to ensure a good outcome.
What challenge were you trying to address with H-X Technologies?
We hired them to do security audits of our code, including our app and smart contracts.
What was the scope of their involvement?
H-X Technologies provides us with security audits and penetration testing. Using standard instruments and working offsite, they’ve tested our app and smart contracts to ensure our codes are working, bug-free, and without attack vectors. They did the test in three phases: first, they did manual tests looking into the code. Then, they looked at well-known bugs and well-known hacking attack vectors for us to proof against. The third test was automated testing.
After testing, the team delivered a full report about all the different code snippets and lines they analyzed and their findings. They separated the report into groups of different severity levels and provided us with some suggestions on what to improve. Our specialists then fixed certain aspects that they found, correcting the code. Then, we had a routine check to see whether the issues had been fixed correctly, and the first part of the project was finished.
They also provided some remarks about the quality of the code. The team published them on social media to inform our community that an external company had audited us, found nothing but low severity issues, and given us the green light.
Currently, we’re about to launch the second version of our app with more functionality, and H-X Technologies is doing penetration testing for us. They’re trying to hack the system using certain tools to assess its vulnerabilities.
What is the team composition?
At the start, we worked with the engagement manager who onboarded us and met the CEO, who joined the first meeting to introduce himself. From there, we’ve worked with three engineers: a frontend specialist, a backend specialist, and a smart contract specialist.
How did you come to work with H-X Technologies?
We found them through recommendations from our network. Auditing smart contracts is sophisticated work, so we needed a vendor who could provide a good experience for a fair price. H-X Technologies had a website and a good reputation, so we sent them an email. The team got back to us very quickly and was very friendly.
After signing an NDA, we openly discussed what kind of code they’d need to analyze, giving them access to GitHub. After 1–2 days, they came back with an offer, estimated cost, and timeframe. The final choice came down to their offer and pricing. Additionally, H-X Technologies has Ukrainian roots, where whitehat hackers have a good reputation, and we also wanted to support Ukraine. Therefore, we signed the contract and gave them the go-ahead.
How much have you invested with them?
We’ve spent $15,000.
What is the status of this engagement?
We started working together in September 2021, and the engagement is ongoing.
What evidence can you share that demonstrates the impact of the engagement?
The engagement with H-X Technologies has been very easy. Their security audit is based on certain methodologies, and they have clear procedures. They delivered a very easy-to-understand report with traffic light colors depending on the issues' severity. Furthermore, their explanations about what they tested and found are very detailed.
How did H-X Technologies perform from a project management standpoint?
Their project management is good. We've set up communication channels and use Signal for secure instant messaging and meetings. Communication with them is straightforward, timely, and good. Whenever there's an issue or something they can't understand, they reach out to us, communicate openly with our developer, and get a good result. This has only happened once, though. When they gave us the report, they talked it through with us to clarify their findings and where we should put our focus.
After we got acquainted, we had the estimate within two days and went into an iteration with the estimate. At first, the price was higher, and this was a misunderstanding because our developers told them to test more than what was needed. They were very open to checking the estimate once more and changing the offer. After that situation, nothing changed in our communication, and there were no bad feelings.
What did you find most impressive about them?
We appreciate that we don't need to look for another service provider to provide penetration testing; we can stick with H-X Technologies and build up our partnership. We know their people and how they work, which gives us a time advantage and a knowledge advantage because we don't need to teach them from zero. Their services also help us be more secure and minimize the possibilities of risks.
Additionally, I'm happy with getting to know the CEO, which shows that we're not just a number; they're really engaged when it comes to caring for their customers. I'm also satisfied with the communication, price, and results.
Are there any areas they could improve?
There's nothing obvious that they need to improve; I'm very happy with them. That said, everyone can improve and should search for ways to do something better than before.
Do you have any advice for potential customers?
Work with H-X Technologies! They're specialists in their field and work based on well-known and efficient methodologies in security testing. You can especially look to them if you're a blockchain company. Security is obscurity, and as a product owner, you need to pay attention to your security aspect because if you get hacked, your users will feel the impact. To get the most out of your engagement, ask questions if you don't understand something, want to know more about their methodologies, or know what is included in their service.
the project
Information Security Testing for Stock Exchange Company
“Their skills were very good, and they also have integrity.”
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m an information security officer at a stock exchange company.
What challenge were you trying to address with H-X Technologies?
In our company, we follow strict policies. Before going live, we needed help doing security assessments, which included penetration testing as well as other information security tests.
What was the scope of their involvement?
They did the security assessment testing. In short, they did gray box testing, which means they performed static analysis, dynamic testing, and static testing. That includes fuzzing testing and penetration tests. They also performed a partial code review as well.
What is the team composition?
There are people responsible for different tasks on the team. We had a project manager and we had other people who had different roles.
How did you come to work with H-X Technologies?
We conducted a procurement process, and H-X Technologies was the winner of the bid. Before distributing an RFP, we did a market analysis. We of course looked at the skills the company has. Security assessment is very highly dependent on skills, and we invited several companies. We chose H-X because we had a good reference from other companies and their team’s skills were among the best. Their price was reasonable, and their approach to security testing met our requirements.
How much have you invested in them?
We spent between $5,000–$10,000.
What is the status of this engagement?
We began working with them in January 2020, and it is ongoing as we haven’t finished yet.
What evidence can you share that demonstrates the impact of the engagement?
Since I am an information security officer, I understand the work they are doing. They would provide us with reports, and I checked the progress.
How did H-X Technologies perform from a project management standpoint?
They’re good. We had weekly calls, and everything was on time. We were behind by a week, but that was because we hadn’t prepared the environment on time, and wasn't from their side.
If I had any concerns or we needed to make any changes in their methodology I would let them know. We didn’t have much to change, and they were very good and very quick to respond. They also provided us with recommendations as well which helped us save time.
What did you find most impressive about them?
Their skills are impressive and they have a very good team. For example, when comparing them to a local company here which only has one team member with a certain certification, on their team, each person has this certification. Their skills were very good, and they also have integrity.
Are there any areas they could improve?
They are located in a different country so we do have a time difference between us. If they had an office in our city, it would be excellent. There were times when we didn’t get a quick response but that was because they were sleeping when we were working.
Do you have any advice for potential customers?
If you have a clear statement of work, everything will go smoothly.
the project
White & Grey Box Penetration Testing for IT Services Firm
"H-X stood out in terms of price relative to the impressive work they delivered."
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m the CTO of astarios. We’re specialized in nearshore IT services and originally worked in the area of software development. We expanded to cybersecurity as of 12–18 months ago. I'm responsible for the technical aspects of customer projects.
What challenge were you trying to address with H-X Technologies?
We had a customer in the med-tech field who’d created a couple of online contact services for the first time. The main focus of the project was doing a penetration test on those new services.
What was the scope of their involvement?
We had two scopes of work: a white-box penetration test on the client’s new case registration form, and a gray-box text on their 3CX VoIP system. This is what H-X Technologies did for us on this project.
What is the team composition?
I worked directly with their CEO and the white-hat penetration tester in charge of the team.
How did you come to work with H-X Technologies?
I’d known their CEO for a couple of years, but this was the first project we did together. I picked H-X because I’d monitored their work and liked the results. They also had a good price point. I didn’t really bother comparing them to competitors.
How much have you invested with them?
The cost of their work was around €6,000 ($7,000 USD).
What is the status of this engagement?
The project ran between August–October 2020. We’re building on this initial success, and we plan to continue the collaboration with H-X.
What evidence can you share that demonstrates the impact of the engagement?
We originally planned one penetration test, but the customer was so happy with the results that they initiated the second one. H-X Tech’s timing and quality of deliverables were excellent. They delivered a huge report, which was impressive to our client.
How did H-X Technologies perform from a project management standpoint?
We communicated using Telegram, and they were very responsive. Any questions we had were answered within 15–30 minutes. We had a lot of questions and overall communication, and I can’t say anything bad on this front. The statement of work was 1–2 pages, and it was quite clear on what should be delivered so we didn’t need any project management tools. A penetration test takes 5–7 days, so it was a pretty short project. It wasn’t something that needed heavy management.
What did you find most impressive about them?
I come from Switzerland, which is a very expensive country. H-X stood out in terms of price relative to the impressive work they delivered. There is nothing negative to be said.
Are there any areas they could improve?
In the context of this engagement, I really have no advice for them.
Do you have any advice for future clients of theirs?
Thinking of the work I did with H-X, there’s really nothing to watch out for. It was all pretty straightforward and detailed, and we got reports at the end of the day. It exceeded my expectations.
the project
Cybersecurity Services for Migration Software Company
"H-X Technologies has proper security practices."
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m an IT project manager for FluentPro. Our main office is located in Redmond, Washington, but we have a customer care team in Ukraine as well as a development team and other resources.
What challenge were you trying to address with H-X Technologies?
We have cloud-based applications and provide cloud services for project and portfolio management to customers working with Microsoft Project. One of our goals was to find a third-party enterprise that could do a penetration testing audit for us. Our cloud service provider is G Suite, and we identified H-X Technologies as an external provider for a security audit and penetration test for our service.
What was the scope of their involvement?
H-X Technologies conducted a security audit of our cloud infrastructure. This included an analysis of the kinds of security gaps we had on our cloud service and an external penetration testing of our application. Specifically, it was gray-box penetration testing. We provided them access to our cloud platform but without any login credentials or other details. We wanted to see how hackers from the outside world could enter our system.
I believe they tested the application for one month and provided us with a penetration test report with recommendations on what we should improve in our company and solutions. After some research and after following their recommendations, we mitigated the high-risk exposures and relaunched the website. They performed another brute-force and penetration test after we took those mitigation measures, and worked according to OWASP 10.
How did you come to work with H-X Technologies?
I assessed different providers in Ukraine and H-X Technologies had very good reviews from other companies. They also had a great price and quality according to those reviews. We had a call with them, and they satisfied our requirements for the basic security tests we needed.
How much have you invested with them?
We invested $4,000 on this project.
What is the status of this engagement?
The collaboration lasted for three months and ended six months ago, around April 2019. There was a pre-security assessment, the testing itself, and a retesting after following their recommendations.
What evidence can you share that demonstrates the impact of the engagement?
H-X Technologies was contracted for three months to look for various kinds of vulnerabilities, according to OWASP 10. In terms of success, they found vulnerabilities that were critical for our project. Every security company has its own approach for security testing, and we couldn’t know what kind of vulnerabilities H-X Technologies would find, so we didn’t track exact metrics.
How did H-X Technologies perform from a project management standpoint?
Project management was handled well. They sent us project status reports once a week and we always got effective communication from their side. They also sent us two kinds of reports that were agreed upon in the contract.
What did you find most impressive about them?
H-X Technologies has proper security practices. We checked a lot of things following the security assessment on our side as well and found the same vulnerabilities. Overall, H-X Technologies did an extensive assessment. They also provided an internal report for our company, along with a report we could show customers without confidential information around our vulnerabilities.
Are there any areas they could improve?
I haven’t dealt with other security companies, so I don’t have a something to H-X Technologies with. We had a really good experience.
Do you have any advice for future clients of theirs?
I’d definitely recommend them to others, and we plan to use some of their services in the future for an ISO 27001 certification and other security audits.
the project
Gray Box Testing for Cybersecurity Assessment Software Firm
"They step into negotiations easily and are confident with their knowledge."
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m a core product owner at a cybersecurity assessment software firm. We’ve been in the market for about 18 years. I’m responsible for all the analytics, networking, architectural solutions, and product security.
What challenge were you trying to address with H-X Technologies?
We had an internal and external obligation to perform the security assessment on our software and publish the public available report to outside. The vendor we used to work with for penetration testing didn’t match our criteria and we weren’t too happy with the results. I started to look for a replacement.
What was the scope of their involvement?
We outlined the scope quite sharply. I gave them the exact amount of applications and the web pages they needed to test. We gave them all the required users with the privileges that they asked for. It was gray box testing. They knew partial information about our system and tested three web applications, the platforms, some internal components, and the REST API.
We are giving them some time for the security assessment. Then we’ll take the report and findings and fix everything. We have outlined timeframes to do this. Then we will install the environment for them to retest. After the retest, our partnership may be considered closed. Then we will start another one.
In our particular case, we weren’t purchasing a single service. We were purchasing a cyclic relationship to use twice a year. They started with the security assessment. They fixed everything and retested it. Everything goes in a time frame of half a year. Immediately, they start an additional cycle. In our case, we needed someone who knew the job.
What is the team composition?
I have direct contact with their CEO. He was and always is available for me. The day we started the assessments, the project manager stepped into the picture.
How did you come to work with H-X Technologies?
I did a Google search and picked out four different candidates, engaging in negotiations with each of them one-by-one. They did demos and sessions and we chose H-X Technologies. They matched our criteria for the clarity of the report, their availability, and the structure of their project management. I did some research and asked for some recommendation context from them. They gave me two information security managers from the other companies they performed similar services for. I talked to each one and it was okay. I gave them my requirements to be fulfilled and they agreed on it.
How much have you invested with them?
They are much cheaper than their competitors.
What is the status of this engagement?
We started working together in August 2019 and the work is ongoing.
What evidence can you share that demonstrates the impact of the engagement?
The impact on our organization is huge. I’ve chosen them because I found them to be a perfect combination of their professionalism, price, and simple negotiations.
How did H-X Technologies perform from a project management standpoint?
The project manager was supposed to put all the things together and connect between us, the customer, and their professional team. Everything is clear. They don’t miss any details. The project manager asked what platform was most preferable for me and I chose WhatsApp. She created a group and put all the testers, security guys, and the CEO in it. All the communication was through this channel. I didn’t ever need to ask for anything. Everything was smooth and transparent. She sent me the intermediate reports week by week. Every week, she sends me a draft so we could prepare for our part of the job from our end. We also use Zoom and email.
What did you find most impressive about them?
All of their professionals have a high degree from university. They’re not just taking three-month courses. All of them have huge experience in this industry. They step into negotiations easily and are confident with their knowledge. All these small things are actually bringing in customers.
Are there any areas they could improve?
I can’t think of anything. I feel comfortable with everything I got from them.
Do you have any advice for potential customers?
They’re extremely professional. The potential customer must outline exactly what their expectations and needs are.
the project
ISO Certification Consulting for Collaboration App
"They’re efficient and show a sense of urgency."
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m the operations director at a software company. Our main product is a project planning and collaboration application.
What challenges were you trying to address with H-X Technologies?
We wanted to become ISO certified.
What was the scope of their involvement?
Initially, they provided application testing and network testing services. They’re currently acting as a consultant by helping us plan and implement the requirements for being ISO certified.
What is the team composition?
I work with two people, including the CEO.
How did you come to work with H-X Technologies?
I researched a lot of different companies and scheduled some interviews. We also reached out to our network to see if we knew anyone that had worked with the companies we were considering. H-X Technologies came highly recommended.
How much have you invested in them?
We spent about €6,000–€8,00 (approximately $7,222–$9,630 USD).
What is the status of this engagement?
We started working together in August 2020. The initial testing project was done by the end of September 2020. However, we currently have them on retainer.
What evidence can you share that demonstrates the impact of the engagement?
We’re happy with the work that they’ve provided. We turned over H-X Technologies’ reports to some of our customers, and they were impressed. Feedback has been positive. Our customers feel confident that our product is secure.
How did H-X Technologies perform from a project management standpoint?
They do very well. They move quickly and deliver on time. We also have them work within our project management platform to keep things streamlined and organized.
What did you find most impressive about them?
They’re efficient and show a sense of urgency. Even under tight deadlines, they don’t compromise the quality of their work.
Are there any areas they could improve?
They could set up electronic signature capabilities for important documents.
Do you have any advice for potential customers?
Have phone calls or Zoom calls with them. It’s better than email.
the project
Cybersecurity for Cloud IT Solutions Company
"They know what they're doing."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I’m managing director of Germany IT / product company AMERIA AG in Ukraine.
For what projects/services did your company hire H-X Technologies?
We develop a product Connected Experience and we had to get to another level of security and get automotive related ISO certificate called TISAX. Then we also orders back and grey box Pentest and still working on monthly fee to have permanent security officer from UA side.
What were your goals for this project?
We had to get a new level of official automotive certification TISAX
How did you select this vendor?
The company did security training for us in the past. We decided to go with them. But we made analysis of couple of other companies also from Germany.
Describe the project in detail.
We’ve got a full time person for TISAX preparation and constant consulting from the company. We planned many activities by flying to Germany to HQ many times and got on to the level to make an exam.
What was the team composition?
We had one full time employee from the company, me - accountable and then doing the exam, German security officer and couple of background people helped from both sides.
Can you share any outcomes from the project that demonstrate progress or success?
We are TISAX certified, also made pentests, improved security of our software
How effective was the workflow between your team and theirs?
All was fine, liked response time and permanent cooperation
What did you find most impressive about this company?
They know what they're doing; they are great consultants.
Are there any areas for improvement?
Can’t say so at the moment
the project
Audit & Penetration Testing for Construction Company
"We are completely satisfied with the work of H-X Technologies. Their colleagues fulfilled all our expectations."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
Our company is one of the biggest build company in Kazakhstan.
For what projects/services did your company hire H-X Technologies?
Information security was introduced not so long ago In our company, so it became necessary to conduct an external audit for vulnerabilities and weaknesses
What were your goals for this project?
We wanted to see our weaknesses in business processes, infrastructure and web applications being developed
How did you select this vendor?
We were looking for a company that would suit us according to the principle: price-quality. Compared the methods and tools of the audit, requested samples of reports at the exit. As a result, two companies remained and the choice was made by H-X Technologies.
Describe the project in detail.
A project plan was developed, and online meetings were organized every week throughout the project. To conduct an audit of ISO27001, auditors came to our office for 2 days, other work was done remotely
What was the team composition?
Roles and responsibilities in each area were identified. I contacted a senior auditor who came to our office in person. The project leader was contacted only via Skype
Can you share any outcomes from the project that demonstrate progress or success?
As a result, we received detailed reports in two areas of the project. Vulnerability report, process maturity assessment, general assessment of the information security status of our company. Recommendations for improving processes and enhancing protection against potential threats
How effective was the workflow between your team and theirs?
From the very beginning, the stages of the project were determined, all the work was done on time. Throughout the joint work, no conflicts arose.
What did you find most impressive about this company?
Colleagues showed a good and confident level of professionalism. All work was carried out clearly: from the start of negotiations to the presentation of the final report
Are there any areas for improvement?
We are completely satisfied with the work of H-X Technologies. Their colleagues fulfilled all our expectations.
the project
Cybersecurity for Digital Transformation Platform
"They are customer-centric and well experienced in cybersecurity."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am in charge of software engineering for MEF.DEV digital transformation platform
For what projects/services did your company hire H-X Technologies?
To meet the latest cybersecurity standards and requirements, we at NATEC decided to invite a team of professionals to run a grey-box cybersecurity penetration test on our systems.
How did you select this vendor and what were the deciding factors?
We looked for cybersecurity professionals in the Telecom domain and the H-X team was the best fit since it has the OSCP and CISSP certified professionals
Describe the project in detail and walk through the stages of the project.
The H-X team used best practices, including Open-Source Security Testing Methodology Manual, Open Web Application Security Project, NIST, and ISACA to identify weaknesses, risks, and possible threats.
How many resources from the vendor's team worked with you, and what were their positions?
several OSCP and CISSP certified professionals
Can you share any outcomes from the project that demonstrate progress or success?
As a result, several vulnerabilities were diagnosed, mitigated, and eliminated. The repeated pentest confirmed that the MEF.DEV platform had gained a sufficient level of security for public use
How effective was the workflow between your team and theirs?
They guided us E2E through the whole OWASP audit and consulted us on each step
What did you find most impressive or unique about this company?
They are customer-centric and well experienced in cybersecurity.
Are there any areas for improvement or something they could have done differently?
To automate the audit result delivery process
the project
Penetration Testing for Cybersecurity Company
"We value H-X Technologies as a partner and looking forward to working together for years."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
COO at a cybersecurity company
For what projects/services did your company hire H-X Technologies?
Penetration testing
How did you select this vendor and what were the deciding factors?
Recommendation from network
Describe the project in detail and walk through the stages of the project.
Whitebox pentest
How many resources from the vendor's team worked with you, and what were their positions?
3 persons - Founder, CISO, Technical Project Manager
Can you share any outcomes from the project that demonstrate progress or success?
Completed successful penetration testing based on the deadline set
How effective was the workflow between your team and theirs?
Absolutely effective
What did you find most impressive or unique about this company?
We`ve been working with H-X Tech Team for the last 2 years. During this time, we`ve worked together on several penetration tests and cybersecurity engineering. What we like the most in working with H-X Team: clear communication, operating based on fixed deadlines, high quality of cybersecurity services. We value H-X Technologies as a partner and looking forward to working together for years.
Are there any areas for improvement or something they could have done differently?
Absolutely satisfied with current performance
The client is happy with H-X Technologies' work and detailed reports, which enable them to have secure systems and minimize security risks. The team openly communicates through Signal and takes the time to explain everything. Their outstanding customer service and fair pricing also stand out.