SecSquad

BACKGROUND

Please describe your company and position.

I am the Cybersecurity Services Manager of Diverse

Describe what your company does in a single sentence.

Systems Integrator

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire SecSquad to accomplish?

• Internal Penetration Testing
• External Penetration Testing
• Web App Penetration Testing
• Mobile App Penetration Testing
• Source Code Review
• Secure Configuration Review

SOLUTION

How did you find SecSquad?

• Online Search
• Referral

Why did you select SecSquad over others?

• Pricing fit our budget
• Good value for cost
• Company values aligned

How many teammates from SecSquad were assigned to this project?

6-10 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

In an era where cyber threats are growing in complexity and organizations face mounting pressure to demonstrate security resilience and regulatory alignment, selecting a capable and trustworthy cybersecurity partner is critical. Our collaboration with SecSquad was initiated to strengthen our security posture across infrastructure, applications, cloud platforms, and development practices and they consistently delivered with precision, professionalism, and depth of expertise.

Scope of Work

The engagement encompassed a wide array of offensive security testing and secure architecture evaluation activities. SecSquad was tasked with performing the following:

Internal Penetration Testing – Simulation of real-world threat actors attempting lateral movement and privilege escalation within the internal network.
External Penetration Testing – Identification of vulnerabilities and security weaknesses in internet-facing systems and services.
Web Application Penetration Testing – Thorough testing of custom web applications for injection flaws, broken authentication, access control issues, and business logic vulnerabilities.
Mobile Application Penetration Testing – Security assessments of Android and iOS apps, including static analysis, reverse engineering, and dynamic runtime testing.
Vulnerability Management – Discovery and prioritization of infrastructure and application-level vulnerabilities, supported by a structured remediation roadmap.
Secure Code Review – Manual and automated inspection of application source code to identify insecure coding practices, logic errors, and data handling flaws.
Secure Configuration Review – Audit of system and platform-level configurations across operating systems, network devices, and databases for compliance with CIS Benchmarks and vendor standards.
Cloud Secure Configuration Review – Security analysis of our cloud infrastructure, focusing on IAM policies, encryption, storage access, and monitoring capabilities.
Architecture Review – End-to-end security evaluation of our enterprise architecture, including trust boundaries, data flows, and component-level interactions.

Key Deliverables

SecSquad provided high-quality, detailed documentation and consultative support throughout the engagement. Deliverables included:

• Comprehensive Security Assessment Reports for each testing area, including vulnerability descriptions, severity ratings, impact analysis, technical evidence, and remediation recommendations.
• Technical Appendices with reproduction steps, proof-of-concept artifacts, and screenshots to assist internal teams in verifying and addressing findings.
• Secure Code Review Reports highlighting annotated code snippets, insecure functions, and recommended improvements.
• System and Cloud Configuration Hardening Reports aligned with CIS, NIST, and cloud provider-specific best practices.
• Architecture Threat Modeling Diagrams illustrating risk points, mitigation strategies, and suggested enhancements to defense-in-depth mechanisms.
• Remediation Workshops and debrief sessions with technical and business stakeholders to ensure clarity of findings and alignment on next steps.

SecSquad’s combination of deep technical proficiency, clear communication, and structured delivery added significant value to our security program. Their work helped us identify blind spots, improve our controls, and meet both operational and compliance requirements.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The collaboration with SecSquad resulted in several tangible improvements across our client's security landscape. Key measurable outcomes include:

Reduction in Critical Vulnerabilities:
Following SecSquad’s penetration tests and vulnerability assessments, the number of critical and high-risk vulnerabilities across our infrastructure and applications dropped by a certain percentage within two remediation cycles.
Improved Remediation Turnaround:
With the support of SecSquad’s detailed reports and remediation workshops, our internal teams reduced average vulnerability remediation time to a certain number of days, accelerating our security incident response.
Secure Code Quality Enhancement:
The secure code review led to the refactoring many lines of application code, improving resilience against injection attacks, insecure object references, and data exposure issues. Post-review automated scans reported a zero critical issue rate in subsequent releases.
Cloud Posture Hardening:
The cloud secure configuration review identified misconfigurations, including excessive permissions and logging gaps. After remediation, our cloud environment reached a high percentage to alignment with CIS Benchmarks.
Architecture Risk Reduction:
SecSquad’s architecture review uncovered previously unidentified attack paths across integrated systems. After redesigning access flows and enforcing segmentation controls, threat modeling simulations showed a reduction in lateral movement risk.
Compliance Readiness Acceleration:
The deliverables provided by SecSquad directly contributed to the successful closure of security audit findings, positioning us more favorably for upcoming NCA ECC and regional regulatory assessments.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

SecSquad demonstrated a highly disciplined and responsive approach to project management throughout the engagement. From initial kickoff to final reporting, their team operated with clear structure, transparency, and accountability.

Timely Delivery:
All key deliverables — including penetration test reports, code review results, configuration assessment summaries, and architecture analysis — were delivered on or ahead of schedule. SecSquad adhered to the agreed project milestones, even accommodating adjustments without compromising quality or timelines.

Clear Communication:
Weekly project update calls, milestone check-ins, and a centralized tracking dashboard ensured full visibility over progress. We were consistently kept informed of task status, risks, and next steps.

Flexibility & Responsiveness:
Our environment required several changes in scope and testing windows, particularly around application release cycles and internal availability. SecSquad adapted quickly, reallocating resources and rescheduling activities without delay. Their team was available for ad hoc consultations and follow-up clarifications whenever needed.

Collaboration with Stakeholders:
SecSquad engaged effectively with both technical teams and business units. They tailored their communication style to suit each audience — providing high-level insights to management and deep technical guidance to engineers and developers.

Issue Tracking & Closure:
A centralized issue tracker was maintained for all findings and recommendations. SecSquad not only logged issues but also monitored their closure progress and offered remediation validation support upon request.

Overall, SecSquad’s project management maturity significantly contributed to the success of this engagement, minimizing disruptions and ensuring a smooth, coordinated delivery across all phases.

What was your primary form of communication with SecSquad?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What truly set SecSquad apart was the depth of their technical expertise combined with their pragmatic, business-aligned approach to cybersecurity. Unlike many vendors who deliver generic assessments, SecSquad tailored every activity from threat modeling to secure code analysis — to our unique environment, risk profile, and operational constraints.

Their ability to bridge the gap between technical findings and strategic risk was especially impressive. They didn’t just point out vulnerabilities; they explained the real-world impact, prioritized issues based on business context, and collaborated with our teams to design practical, scalable fixes. Their consultants showed strong mastery across disciplines from offensive security to cloud governance and brought a solutions-oriented mindset to every conversation.

Moreover, their commitment to knowledge transfer stood out. Rather than just delivering reports, they took time to upskill our teams through walkthroughs and guidance sessions, leaving us not only more secure, but more capable.

I highly recommend SecSquad for InfoSec services.

Are there any areas for improvement or something SecSquad could have done differently?

While the overall experience with SecSquad was highly positive, there are a few areas where future engagements could benefit from refinement. In some phases of the project, particularly during deep-dive technical reviews, we would have appreciated more proactive documentation of intermediate progress, especially for longer-running assessments such as architecture reviews and secure code analysis. While the final outputs were excellent, periodic technical snapshots could have helped us begin internal remediation efforts sooner.

These are minor observations in the context of a highly professional and well-managed engagement, and we are confident that SecSquad will continue evolving based on more clients feedbacks.