Sekurno

BACKGROUND

Please describe your company and position.

I am the CTO of Makini Inc

Describe what your company does in a single sentence.

Makini provides a unified API for industrial systems, enabling seamless data integration across CMMS, EAM, and WMS platforms. This API simplifies connectivity, allowing tech companies to access and manage data from diverse systems (like Oracle and SAP) through a single, consistent interface 

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Security posture improvement
• Compliance alignment (SOC 2, security standards)

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

• Pricing fit our budget
• Great culture fit
• Good value for cost
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

Our company engaged Sekurno for a second consecutive year to conduct a comprehensive white-box penetration test of our core products, the Makini API and our Developer Portal. Sekurno’s process began with an initial setup phase, where we collaborated on the project scope, provided access to source code, and outlined testing parameters. The scope included assessing our API gateway platform’s vulnerabilities and ensuring our compliance posture was secure.

Sekurno’s deliverables were thorough and impactful, with an in-depth penetration testing report that identified specific vulnerabilities, attack vectors, and detailed remediations. This report uncovered critical vulnerabilities in both this and the previous year’s engagements, highlighting security areas we would have otherwise missed. In addition, threat modeling tailored to our application’s architecture provided clear risk scenarios specific to our unique business logic. The checklist of performed tests offered transparency and insight into the methodology. This second engagement, like the first, also featured a follow-up testing phase, where Sekurno reviewed our remediation efforts, ensuring our security upgrades were effectively implemented. These detailed reports and iterative testing have proven critical in fortifying our product’s security and maintaining compliance with industry standards.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

Sekurno’s work delivered significant, measurable outcomes that enhanced both our security posture and compliance readiness. Their penetration testing report documented vulnerabilities with detailed attack vectors, enabling us to address potential risks preemptively. This documentation also met SOC 2 and security standards, critical for interactions with our customers who require such certifications.

A unique benefit of working with Sekurno was the ability to leave our internal development team fully engaged in core product work while Sekurno provided all necessary testing and compliance reporting. This hands-on support, coupled with Sekurno’s thorough findings and recommendations, gave us a clear understanding of our security state and future improvement pathways, aligning seamlessly with our internal risk management goals.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Sekurno’s project management was highly effective, characterized by proactive communication and consistent updates through Slack. The team maintained a tight schedule, delivering the first round of testing reports within two weeks, crucial for our project timeline. Communication was open and responsive, with dedicated team members, including a penetration testing project manager. The second-year collaboration reinforced Sekurno’s reliability, as they adapted to our evolving needs while keeping our timelines intact.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most was Sekurno’s depth of testing. Their approach went beyond standard practices, with a thorough investigation that identified critical, often overlooked issues specific to our use of third-party tools. Sekurno’s dedication to exhaustive testing gave us confidence in our platform’s security and highlighted their commitment to proactive risk management. Additionally, their project management and communication ensured a smooth process and timely delivery of all project milestones, setting a high standard of professionalism that exceeded our expectations.

Are there any areas for improvement or something Sekurno could have done differently?

To further streamline our workflow, incorporating an option to export findings in structured formats (e.g., JSON) would improve efficiency, allowing us to integrate issues directly into our internal task management systems. This would facilitate quicker remediation by reducing the need for manual data transfer from the reports.

BACKGROUND

Please describe your company and position.

I am the CTO of a food software company 

Describe what your company does in a single sentence.

Cloud-based software that helps food producers manage their business

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Evaluate the security posture of the application
• Increase the level of confidence in the application

SOLUTION

How did you find Sekurno?

Clutch Site

Why did you select Sekurno over others?

• High ratings
• Great onboarding process

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

We hired Sekurno Cybersecurity to perform an extensive penetration test, with the goal of ensuring that our system was free of critical vulnerabilities. Sekurno’s team conducted a thorough assessment of our application and its environment and provided a comprehensive report detailing the findings. In addition to the report, we received a detailed checklist of all tests performed, which added transparency to the process and gave us confidence that every aspect of our system had been evaluated. They also performed a threat modeling session, where they walked us through potential threats and recommended specific mitigation strategies. The team also provided us with tailored recommendations for long-term security improvements. Overall, Sekurno’s deliverables gave us greater confidence in our security measures.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The most significant measurable outcome was the identification and resolution of weak points. Sekurno’s prompt action in addressing them improved our system’s security. Additionally, the comprehensive penetration test and security review gave us a higher level of confidence in the security of our infrastructure. Although the nature of security means you can never guarantee 100% safety, the results of this engagement allowed us to rest easier knowing that our base systems passed the test. The increased sense of security and confidence in our operations, paired with the clear, actionable recommendations from Sekurno, were major indicators of success for us.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Initially, there was a bit of confusion regarding the level of involvement our team would have in the project, as we expected more collaboration in the early stages. However, after raising this concern, Sekurno’s team quickly adapted. They initiated weekly updates and were consistently responsive to all of our inquiries. Whenever we had questions or required clarification, they addressed them promptly and thoroughly. The communication was transparent, and the project progressed smoothly once expectations were aligned. In terms of deadlines, Sekurno delivered all key milestones on time, including the final penetration test report, the threat modeling session, and the actionable recommendations. Their flexibility and attentiveness to our needs helped to ensure that the project was completed successfully, without any significant delays or issues.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

One of the most impressive aspects of Sekurno was their deep dive into our product. Unlike other vendors we considered, who gathered basic info and general metrics from us, Sekurno took a hands-on approach. They engaged with us directly, asking thoughtful, in-depth questions about our specific business needs, infrastructure, and security concerns. This demonstrated a hight level of care and attention from the very beginning. They made sure to understand our unique requirements, which made the entire process feel more tailored and customized. Their technical expertise and the depth of their initial discussions gave us a strong sense of confidence, and their commitment to delivering results was evident throughout the project.

Are there any areas for improvement or something Sekurno could have done differently?

While the overall experience was positive, one area that could be improved is setting clearer expectations around the level of client involvement in the early stages of the project. Initially, we expected more direct collaboration on certain business case scenarios and thought we would be more involved during the assessment phase. However, once we raised this concern, Sekurno quickly adapted by providing regular updates and ensuring we were informed at each step. Clarifying the level of expected involvement from the outset could help future clients avoid any initial confusion. Nevertheless, the way Sekurno handled our feedback and adjusted their communication style was impressive, showing a willingness to be flexible and responsive to client preferences.

BACKGROUND

Please describe your company and position.

I am the Chief Technology Architect of KOBIL GmbH

Describe what your company does in a single sentence.

Our company specializes in secure digital identity and multi-sided platform technologies, offering solutions like app shielding, user authentication, and transaction signatures to protect data and enable secure digital interactions.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Annual independent product review
• Find new vulnerabilities
• Provide comprehensive report for clients

SOLUTION

How did you find Sekurno?

Online Search

Why did you select Sekurno over others?

Other

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

The project involved an independent security review of our mobile application, API, and infrastructure. During the initial sales phase, we were cautious, as Sekurno’s strong emphasis on their capabilities is something we typically approach with skepticism. However, their unique approach and professionalism stood out, leading us to proceed with the collaboration. 

Sekurno quickly proved their expertise, delivering a thorough penetration test that uncovered critical vulnerabilities, helping us enhance our product’s security. The key deliverables included:

• A comprehensive report that categorized findings by severity
• A threat modeling document
• A detailed checklist of all the tests performed

The report’s structure made it accessible to both technical and non-technical stakeholders, featuring a high-level management summary and in-depth explanations of each finding. This provided us with valuable insights and a clear path for future security improvements.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project resulted in the discovery of vulnerabilities that had not been previously identified by our internal reviews. This allowed us to implement critical fixes and strengthen our product’s security. The final report will be shared with our customers as evidence of our continuous commitment to improving security.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

• Sekurno’s project management was effective, ensuring clear communication throughout the engagement. 
• They were flexible with timelines when we needed extra time to implement certain fixes due to the complexities in our system’s components. 
• They were attentive and ensured consistent follow-ups to make sure nothing was overlooked, which was key in helping us manage our internal processes and keep the project on track.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

The thoroughness of Sekurno’s security testing really stood out. They took an in-depth approach and identified vulnerabilities that were previously missed by both our internal assessments and other auditors. This was particularly impressive given that we were already confident in our security measures, having implemented extensive security protocols and maintaining extremely high standards as a company in the security industry. 

Sekurno exceeded our expectations, providing detailed explanations and crucial actionable recommendations.

Are there any areas for improvement or something Sekurno could have done differently?

One area for improvement would be to offer alternative, more secure methods for document sharing, as we prefer to avoid public platforms for exchanging sensitive information. Providing clients with options for secure collaboration tools would enhance the overall process.

BACKGROUND

Please describe your company and position.

 I am the Deputy Executive Manager of an education company 

Describe what your company does in a single sentence.

Ours is a network of European universities aiming to accelerate the modernisation of the European Higher Education Area by enabling in-depth cooperation among member Universities.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Assess code readiness for releasing in public
• Ensure platform security

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

This cooperation aimed to assess whether our tool's code base was ready to be released in an open-source format. This was essential because the tool currently is used by several thousand higher education institutions, and the publication of the code base should not make the platform vulnerable. 

The platform is an important project for higher education in Europe and is part of the European Commission's endeavor to increase mobility around Europe. Sekurno conducted a comprehensive security review of the tool, including a detailed audit of the architecture, backend, frontend, and functionalities. 

The deliverables included detailed documentation of identified security risks and recommendations for fixes, a threat model document, and a checklist with all tests performed. 

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The measurable outcomes included identifying specific vulnerabilities in the platform and providing detailed documentation and recommendations. The project significantly increased our confidence in open-sourcing our code base. Critical and medium-critical vulnerabilities were identified and addressed, surpassing our expectations. 

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management was well-handled, with clear scoping, planning, and timing. Sekurno's team provided detailed explanations of what to expect at each stage. During the execution phase, the audit was carried out smoothly, and the deliverables were provided on time. We really appreciate the regular follow-ups and responsive communication throughout the process. 

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

The most impressive aspect we found about Sekurno was their ability to identify security issues across a vast range of technologies. Despite the diverse tech stack, including React, Node.js, Golang, and PHP Symfony, Sekurno was thorough in their analysis. Their intercultural team quickly understood the niche environment of higher education and student mobility, which facilitated effective collaboration. 

Are there any areas for improvement or something Sekurno could have done differently?

No significant areas for improvement were noted. We were satisfied with the overall process and outcomes. A minor issue regarding the document extraction functionality in PandaDocs was mentioned, which has since been resolved by Sekurno.

BACKGROUND

Introduce your business and what you do there.

MGID is a global advertising platform helping brands reach unique local audiences at scale. It uses privacy-first, AI-based technology to serve high-quality, relevant ads in brand-safe environments. The company offers a variety of ad formats, including native, display and video to deliver a positive user experience. This enables advertisers to drive performance and awareness, and publishers to retain and monetize their audiences.

Every month, MGID reaches 900 million unique readers, with 200 billion ad impressions, across 25 thousand trusted publishers. For more information, please visit www.mgid.com

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Sekurno?

We faced multiple challenges. First, as we began targeting customers from regulated sectors such as banking and automotive, as well as enterprise-level clients, we were met with strict security and privacy requirements. Second, our approach to security wasn’t structured enough; our processes weren't documented, making it difficult to address client inquiries about our security measures.

Additionally, the introduction of GDPR presented considerable challenges due to our limited expertise in privacy and data protection. 

SOLUTION

What was the scope of their involvement?

Our collaboration with Sekurno commenced with the penetration testing of two applications, a step initiated in response to increasing security inquiries from our clients. As our engagement progressed, we recognized the necessity of a more holistic approach to security. This led us to focus on constructing an Information Security Management System (ISMS) and attaining ISO27001 certification, a process that was executed efficiently and swiftly due to the collaborative efforts of both teams.

Furthermore, to ensure comprehensive security coverage, we extended our efforts beyond the initial scope. This included conducting vulnerability assessments of both our internal and external infrastructures. Additionally, we expanded the penetration testing to cover more than 10 applications, a critical step towards achieving full compliance with ISO27001 standards.

The third and equally significant phase of our engagement involved building processes to comply with GDPR regulations. This phase was not limited to our IT department but also involved our legal team.

Overall, the solution provided by Sekurno was multifaceted, addressing our immediate security needs while also laying a foundation for ongoing compliance and security management.

What is the team dynamic?

The team dynamic was highly collaborative and professional. Sekurno brought together a team of high-level specialists who were responsive and open to communication on any issue. On average, about 10 people were involved, ensuring a diverse range of expertise and perspectives. This dynamic facilitated a thorough and effective approach to addressing our security needs.

How did you come to work with Sekurno?

When we faced the necessity of a cybersecurity solution, we reached out to our network, and Sekurno was recommended to us as a trustworthy security partner.

How much have you invested with them?

I can share that our investment with Sekurno has been significant in terms of both time and resources. It's important to note that their C-Level was involved and was always there to listen to our feedback. The major work being carried out in collaboration with Sekurno’s Team and our Legal and IT teams. This approach ensured that we had the right expertise involved at every stage, optimizing our investment and maximizing the impact of their services.

What is the status of this engagement?

The engagement with Sekurno began in May 2020 and is still ongoing. We continue to work closely with them to ensure our security and privacy measures are up-to-date and effective.

RESULTS & FEEDBACK

How did your relationship with Sekurno evolve?

Our relationship with Sekurno evolved from a client-vendor dynamic to a more collaborative partnership. As we faced various challenges, Sekurno's team was always there to provide expert advice and solutions. Their responsiveness and ability to adapt to our changing needs played a significant role in this evolution.

How did Sekurno address the challenges that arose?

Sekurno addressed our challenges by providing comprehensive solutions tailored to our specific needs. They were proactive in identifying potential issues and quick to respond whenever challenges arose. Their structured approach to security and privacy, especially in compliance with GDPR and ISO27001, was instrumental in overcoming these challenges.

Describe the impact this engagement has had on your business.

The impact of this engagement on our business has been profound. With Sekurno's help, we were able to implement a structured approach to security, which not only enhanced our internal processes but also significantly improved our market position. Notably, we signed agreements with world-known brands, something that wouldn't have been possible without the security measures and certifications we achieved through this collaboration.

How was project management handled?

Project management was handled professionally and efficiently. Deadlines were consistently met, and if there were any delays, they were usually on our end. The Sekurno team was organized and maintained clear communication throughout the project, ensuring that all parties were aligned and informed

Is there anything that the vendor did well or that you would consider a strength?

One of Sekurno's key strengths is their team of high-level specialists. Their expertise was evident in every aspect of the engagement. Additionally, their responsiveness and open communication were crucial in building a strong and effective working relationship.

In what specific areas can they improve?

It's hard to say as we only see part of their iceberg. But as of now, we are satisfied and find the team excellent.

What advice do you have for clients with similar needs to yours?

For clients with similar needs, my advice is not to neglect security and privacy. Allocate a sufficient budget for these areas, as they are crucial for business development and cannot be compromised. Also, understand that security and privacy compliance is a continuous process. It's not something that can be achieved once and then forgotten. The landscape is constantly evolving, and staying up-to-date is essential for maintaining security and compliance.

UPDATED REVIEW

BACKGROUND

Please describe your company and position.

I am the Director of Snippet Digital

Describe what your company does in a single sentence.

Snippet Digital is a state of the art software company specializing in building bespoke tools for digital marketers and the SEO industry

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Ensure platform security
• Compliance with rigorous Enterprise security requirements
• Achieve internal security assurance

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• Pricing fit our budget
• Referred to me
• Other

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

• Introductory Meetings and Sales Process: The project began with detailed initial meetings where Sekurno thoroughly explained their approach to security. Their expertise and understanding of our needs built immediate trust, leading us to commit to a 2-year contract without hesitation.
• Project Execution: Throughout the execution phase, we were constantly informed about the project's progress. Sekurno's team was diligent in communicating all critical findings promptly, ensuring we could take swift action when necessary.
• Reporting Phase: The culmination of the project was marked by Sekurno delivering a comprehensive, password-protected report. This not only detailed the vulnerabilities found but also underscored Sekurno's serious commitment to maintaining our security. The report provided us with clear guidance on prioritizing and addressing the identified issues.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

A key outcome was the identification of various security vulnerabilities within our system. The detailed report from Sekurno highlighted these issues, ranked by their criticality, providing a clear pathway for our team to act upon and fix the urgent vulnerabilities first. This identification was a significant step towards enhancing our platform's security.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management was exemplary. Sekurno provided a dedicated account manager, and we were included in a Slack channel for real-time updates. All deliverables were provided on time or ahead of schedule, and Sekurno was proactive in ensuring that we were kept informed and engaged throughout the process.

What was your primary form of communication with Sekurno?

Virtual Meeting

What did you find most impressive or unique about this company?

The most impressive aspect of working with Sekurno was their genuine care and proactive approach. The constant follow-ups and the quality of service were beyond our expectations. It was evident that Sekurno's team was invested in our success and security, which is quite rare in service-based companies.

Are there any areas for improvement or something Sekurno could have done differently?

From a service and management perspective, there are no apparent areas for improvement. The technical aspects were handled well, and the overall service delivery was excellent. Our team had no complaints, and the process was smooth and effective from start to finish.

BACKGROUND

Please describe your company and position.

I am the Head of Development of 24Slides

Describe what your company does in a single sentence.

We specialize in redesigning presentations, transforming content or draft presentations into standout visual materials for impactful presentations

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Meeting Compliance Requirement
• Provide Evidence for Customers of our commitment to security
• Internal Security Assurance

SOLUTION

How did you find Sekurno?

• Online Search
• Clutch Site

Why did you select Sekurno over others?

• High ratings
• Pricing fit our budget
• Great culture fit
• Company values aligned

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

• Sales Process: The project began with an initial conversation about our need for penetration testing. Sekurno was one of five vendors we considered. Their presentation stood out due to its directness and the thorough explanation of the need for white box testing, which was different from what other vendors offered.
• Negotiation Phase: We had a smooth negotiation process with Sekurno, focusing on aligning our budget and security needs. The agreement reached was mutually beneficial.
• Project Execution: The project involved an extensive penetration test. Communication was effective and mainly through Slack, which kept us well-informed about the project’s progress.
• Key Deliverables: We received a comprehensive vulnerability report followed by a retest to ensure all the identified issues were resolved. The deliverables also included an attestation letter confirming the successful remediation of the vulnerabilities.
• Final Phase: The project concluded with the presentation of a detailed report and the provision of the attestation letter. The report was particularly noted for its clarity and easy readability, combining both technical details and high-level information effectively.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The project led to the identification and rectification of various vulnerabilities in our system. The fact that some vulnerabilities came as a surprise was a testament to the depth of the penetration test. This process not only enhanced our system’s security but also provided a clearer understanding of our security posture. It was a revelation to see how certain overlooked aspects of our system could be potential risks, and addressing these has significantly fortified our defenses.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Sekurno’s project management was commendable. The project was not only completed within the stipulated timeline but was also managed with a high degree of professionalism. The team’s responsiveness was particularly noteworthy. They were quick to adapt to our requirements, and their proactive communication ensured that we were always in the loop. This adaptability was crucial, especially when the project required slight shifts in focus or approach.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

Sekurno distinguishes itself in the cybersecurity domain not only through its technical prowess but also through its client-centric philosophy. Unlike many others who may view projects as transactional engagements, Sekurno aims to foster a partnership with its clients. This approach was crystal clear in their dedication to understanding our business context and the unique security challenges we face.

Furthermore, what truly sets Sekurno apart is their commitment to an in-depth analysis. Their approach was focused on delving as deeply as possible to uncover vulnerabilities, a stark contrast to competitors who might take a more surface-level approach. This depth of analysis, combined with their commitment to forming enduring client relationships, truly makes Sekurno stand out in the field.

Are there any areas for improvement or something Sekurno could have done differently?

Although we were highly satisfied with Sekurno's service, we believe there's always scope for enhancement. An area that could be improved is the development of an interactive dashboard for clients. This tool could provide a more dynamic and engaging way to interact with the project's progress, findings, and subsequent actions.

It would serve as a centralized platform for clients to access detailed project information and gain deeper insights, further strengthening the partnership approach Sekurno advocates.

BACKGROUND

Please describe your company and position.

I am an executive at Deltafunc

Describe what your company does in a single sentence.

DeltaFunc is a holding that transforms the way people perceive technology through EdTech, MarTech and FinTech projects and solutions.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Sekurno to accomplish?

• Enhancing Security
• Optimizing Transaction Efficiency
• Understand security risks better

SOLUTION

How did you find Sekurno?

• Online Search
• Referral

Why did you select Sekurno over others?

• High ratings
• Pricing fits our budget
• Great culture fit
• Referred to me

How many teammates from Sekurno were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

The project undertaken by Sekurno was a meticulous penetration testing of our smart contract. Initially, their team engaged in a detailed information gathering phase, ensuring they had a comprehensive understanding of our project's scope and objectives. This was followed by a strategic planning phase, where they conducted thorough threat modeling to identify potential vulnerabilities and risks associated with our smart contract. 
The execution phase was marked by rigorous testing procedures aimed at uncovering security vulnerabilities and exploring avenues for transaction efficiency enhancement. Key deliverables from this phase included identification of security loopholes and optimization opportunities. The culmination of the project was marked by the delivery of an extensive report, which included a detailed business risks summary and a technical breakdown of the findings. 
Additionally, Sekurno organized a comprehensive Q&A session, providing us with deeper insights and guidance on how to address the identified issues. They also provided us with detailed threat modeling documentation, equipping us with knowledge about potential risks.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

The measurable outcomes from the project were significant and indicative of its success. Firstly, we achieved a notable optimization of our smart contract in terms of transaction costs. This optimization led to increased efficiency and reduced operational expenses. Secondly, the identification and subsequent fixing of several security issues enhanced the overall security posture of our smart contract. 
This not only fortified our system against potential threats but also increased the trust and confidence of our stakeholders in our platform. The project's success was further underscored by the enhanced understanding and awareness of potential risks, thanks to the comprehensive threat modeling provided by Sekurno. These outcomes collectively demonstrate tangible progress in both the security and efficiency of our smart contract.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

The project management by Sekurno was exemplary. Not only did they deliver on time, but they also maintained consistent communication throughout the project, keeping us informed of progress and any challenges encountered. Their responsiveness to our needs was remarkable; they were flexible and adapted their approach as the project evolved. 
The team demonstrated a high level of organization and efficiency, ensuring that all phases of the project were executed seamlessly. Their ability to anticipate our needs and proactively address them was particularly noteworthy. The project was managed with a high degree of professionalism, and their commitment to meeting deadlines without compromising on quality was impressive.

What was your primary form of communication with Sekurno?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

What stood out most about Sekurno was their unique blend of security and development expertise. Their team possessed a deep understanding of both the technical and security aspects of smart contracts, enabling them to conduct an exceptionally thorough analysis. This dual expertise allowed them to not only identify vulnerabilities but also suggest practical and efficient solutions. 
Additionally, their business process was impressively focused on uncovering a wide range of issues, going beyond mere compliance to ensure a comprehensive security posture. Their approach to delving deep into the system and exploring every possible angle was remarkable. This level of dedication and thoroughness in their work was both impressive and unique, setting Sekurno apart as a leader in their field.

Are there any areas for improvement or something Sekurno could have done differently?

At this point, we honestly have nothing to suggest for improvement. Everything was executed perfectly, from the initial planning to the final delivery. The Sekurno team's professionalism, expertise, and attention to detail were evident throughout the project. We are thoroughly satisfied with the service provided and the outcomes achieved.

BACKGROUND

Introduce your business and what you do there.

As a pioneering force in the ever-evolving global IoT industry, RAKwireless designs and produces inventive, comprehensive IoT solutions. Our robust product portfolio includes over 50 actively produced items, spanning from IoT modules and LoRaWAN Gateways to ready-to-deploy Node devices. These offerings cater to a wide spectrum of customers, encompassing both IoT developers and deployers.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address?

Over the past few years, our growth trajectory has been steep, with numerous B2B and B2C product launches, several of which have seen extraordinary popularity. As our market presence and customer base expanded, the necessity to enhance our product security became increasingly apparent. This became crucial not only to safeguard our customers and their data but also to uphold our reputation. 

Consequently, we set an objective to align our company and products with ISO 27001 standards and GDPR regulations. Thus, we found ourselves in pursuit of a comprehensive, sophisticated cybersecurity program and sought out a proficient and trustworthy service provider.

SOLUTION

What was the scope of their involvement and team dynamic?

Our partnership with Sekurno originated from the penetration testing of our critical software product, a comprehensive remote IoT fleet management system. With its role in handling sensitive data, we needed assurance of its security. 

We aimed to undertake a thorough security audit, scrutinizing our infrastructure and the interaction between cloud and device, to meet the most stringent standards. Accordingly, Sekurno initiated a white box penetration test of our web application and APIs, scrutinizing the front-end, back-end, and source code.
The security concerns identified by Sekurno's pen testers were meticulously documented in a report, which included a proof of concept for each issue. Additionally, they collaborated with our development team in implementing fixes and testing them, ensuring the security of our application and APIs.
Given the fruitful collaboration between Sekurno's experts and our software developers, as well as the insightful penetration test results, we extended our partnership to include the Software Security Development Lifecycle (SSDLC). This step aimed at incorporating top-notch security practices into our software development process. The Sekurno team conducted a gap analysis of our existing code based on penetration test results, followed by a review of our SDLC to uncover specifics of our internal development process. Based on these findings, they assembled a security team to collaborate with our developers throughout all stages of the software development process, including risk analysis during the design phase, establishing security requirements parallel to functional ones, and aligning security testing with development.
In our pursuit of ISO 27001 compliance, we expanded our collaboration with Sekurno to establish an Information Security Management System (ISMS) that aligns with the standard and prepares us for certification. They conducted a comprehensive assessment of our company, developed an action plan to bridge gaps, and guided us through ISO27001 implementation, certification, and subsequent ISMS maintenance tasks.
Sekurno also assisted us in achieving another critical compliance milestone, the GDPR. Given our strategic focus on the EU market, we needed to ensure that our software development abided by the principles of privacy by default and privacy by design. Sekurno carried out a GDPR compliance audit for several RAKwireless software products, delivering an Internal Audit Report, GDPR-required documentation, Records of Processing Activities (ROPA), Legitimate Interests Assessments/Data Protection Impact Assessments (LIAs/DPIAs), Standard Contractual Clauses (SCC), EU representative assignments, Data Protection Officer (DPO) assignments, and a final report detailing the results of the GDPR compliance assessment.

What's the status of this engagement?

Having achieved ISO 27001 certification and advanced our GDPR compliance to a level suitable for global operation, particularly within the EU, we have now redirected our partnership with Sekurno towards vulnerability management, DPO, and EU representative outsourcing for GDPR-related activities.

RESULTS & FEEDBACK

How did your relationship with your partner evolve?

Our relationship with Sekurno has evolved gradually, increasing both in the complexity and volume of tasks assigned. We've progressed from conducting a penetration test on a single web application to testing multiple products, eventually incorporating Sekurno into our core software development processes. Their involvement in the Software Security Development Lifecycle (SSDLC) has effectively preempted numerous significant security issues during development, which has proven to be immensely valuable. They later took charge of compliance projects that held, and continue to hold, strategic importance for us.
In terms of outcomes, beyond enhancing our internal and external processes from a security perspective and achieving ISO 27001 and GDPR compliance, one of the most crucial results is our preparedness for security-focused discussions with our customers. Such conversations have been increasingly frequent, and we're now well-equipped to provide detailed and convincing responses to our customers' inquiries.
Our collaboration with Sekurno has consistently been seamless. They've delivered on time, and any extensions in timelines were only due to our decision to expand the scope of tasks. Their project management has been exceptional, exceeding our expectations.
What sets Sekurno apart is their ability to compete with larger firms despite their relatively smaller size. Their compact structure facilitates more manageable project management and offers competitive pricing. They've repeatedly demonstrated their capabilities and competence.
One particularly commendable aspect of our collaboration with Sekurno is their integrity. They never attempt to push services we don't need, focusing instead on what's currently essential and beneficial for us as a client.

In what ways can they improve?

While there's hardly anything to critique, one recommendation would be the implementation of a customer portal. This platform could facilitate sharing of findings and deliverables with customers, and also support additional workflows. I believe such an initiative could bring substantial benefits to both parties.

What advice do you have for clients with similar needs to yours?

For companies contemplating cybersecurity programs, my recommendation would be not to delay until the situation becomes critical. Select individuals and teams with the required expertise and place your trust in them to manage your cybersecurity responsibilities.

UPDATED REVIEW

This review was published on July 14, 2021.

VP, RAKwireless

Manufacturing

51-200 Employees

Shenzhen, China

$10,000 to $49,999

Dec 2020 - Feb 2021

Project summary

Sekurno provided full security audits for an IoT solutions company. The client wanted the vendor to focus on their cloud infrastructures and their vulnerabilities to bugs and cybersecurity threats.

Feedback summary

Sekurno led a transparent, trustworthy service that exhibited confidence in their extensive technical skills. They guided the company through the implementation of their suggestions and even provided additional testing. The client also praised their smooth workflow.

BACKGROUND

Please describe your company and your position there.

RAKwireless is a pioneer in providing innovated and diverse LPWAN connectivity solutions for IoT edge devices, for both enterprises, SMB and individuals. IoT solutions should not be complex. We strive for simplicity and effectiveness in all products we develop.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Sekurno?

We have Fleet Management System for our gateways, which handels sensitive date. We wanted to do a full security audit (to make sure we meet the highest standards) and we wanted Sekurno to review our infrastructure and mechanisms between cloud and device.

SOLUTION

How did you select this vendor and what were the deciding factors?

Our partner referred us to Sekurno, and after interviewing a number of potential candidates, Sekurno came out as best. Professional approach, clear outlines, and a good offer. No hidden fee's whatsoever.

Describe the project in detail and walk through the stages of the project.

The scope of Sekurno included penetration testing of our web-application and API's. They were tasked with checking the front-end, backend, source code, vulnerabilities and security bugs -consolidated in a detailed report with proof of concept for each issue. Besides that Sekurno also worked together with our development team on implementing all the fixes and testing all the implementations, to make sure the application and API's were safe.

How many resources from the vendor's team worked with you, and what were their positions?

Sekurno - Senior Penetration Tester & Lead - Senior Penetration Tester Partner / RAK - PM - QA - DevOps - FE - BA - AWS Experts

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

• Report with business summary, security issues identified, technical details, and recommendations on fixing.
• The Checklist with the results of tests performed.
• Guidance on implementation of fixes
• Additional testing to make sure all issues are fixed

How effective was the workflow between your team and theirs?

After discussing the workflow between the teams, all went very smooth. Sekurno kept us (stakeholders) updated during the investigation and also discussed some things preliminary with our development partner.

What did you find most impressive or unique about this company?

The people at Sekurno clearly know what they are doing and don't shy away from a challenge. Although this review is focussed on 1 project only, we are currently running multiple projects with them in parallel. Sekurno every time finds a way to meet our business needs, even though while in some cases they don't have the expertise in house yet. They have a trusted network of partners. Which is great for us as client.

Are there any areas for improvement or something they could have done differently?

We are very satisfied and at this moment, we have no additional recommendations on what could be done differently or better.

Overall rating: 5

Quality: 5

Cost: 5

Schedule: 5

Willing to refer: 5