Sekurno

Please describe your company and your position there.

My position is CTO at OMO Systems. We are an IoT service provider focussed on all-in-one property automation by integrating partner solutions and devices into a broad IoT ecosystem. We deliver technology solutions for access control, security & comfort suitable for multi-family buildings, HORECA, and commercial properties. Our goal is to make smart places accessible to everyone who has a smartphone.

For what projects/services did your company hire Sekurno?

We hired the vendor to help us set up an information security management system in accordance with the ISO 27001 standard, follow the best practices in the realm of cybersecurity and eventually prepare ourselves to get certified.

How did you select this vendor and what were the deciding factors?

When we faced the necessity of a cybersecurity solution, we weighed several vendors against each other and Sekurno’s subscription offer played a decisive role as the format of a continuous support with affordable payload was exactly what fit us best.

Describe the project in detail and walk through the stages of the project.

The project set off with the overall organization profile assessment which led to the creation of the action plan to be implemented in order to fill the gaps which our company had at the time. The action plan included policies creation; asset management; systems and processes updates in order to prepare ourselves for the audit and achieving the compliance status.

How many resources from the vendor's team worked with you, and what were their positions?

There were 2 compliance officers and 1 project manager from the Sekurno team who worked with us during the whole project. The CEO of Sekurno also participated in status update meetings and progress reviews.

Can you share any outcomes from the project that demonstrate progress or success?

The biggest outcomes are:

• clear, reasonable action plan to follow and check the progress against;
• enhanced and more secure operational processes set up by the introduced policies and best practice procedures;
• raised awareness regarding security risks and methods of overcoming them;
• we have obtained a leverage in a communicative process with our potential investors and partners by securing our systems and setting up secured operational processes within the company;
• establishment of an Information Security Management System (ISMS) in the organization.

How effective was the workflow between your team and theirs?

The workflow was rather productive. We can highlight:

1. Their proactive approach allowed us to achieve perceptible results quickly;
2. straightforward communication and a firm control over the task accomplishment kept us alert and focused;
3. clear and understandable workflow allowed us to get familiar with the intricacies of the compliance process.

What did you find most impressive or unique about this company?

Proactivity and leading qualities of the team members; High responsibility and charge of the domain the team if answerable for; Flawlessness of the team integration;

Are there any areas for improvement or something they could have done differently?

No particular advice. The team is doing their job and accumulating experience from it - we felt the dedication and remained satisfied with the cooperation, so there is a high possibility that we’ll stay connected with the vendor for the future security projects as well.

Please describe your company and your position there.

I'm a Deputy Technical Director at MGID. We are pioneers in native advertising and offer a performance-driven platform for the real-time buying, selling, and management of native ads. MGID helps publishers monetize their audience with engaging yet non-intrusive ads, as well as grow and retain their readers. Furthermore, MGID drives performance and awareness for brands by connecting them to the right audience, at the right time, with the relevant ad content.

For what projects/services did your company hire Sekurno?

We hired the vendor to conduct Web Applications Penetration Testing to detect and mitigate possible vulnerabilities in our services, determine improvement actions and secure our clients’ data.

How did you select this vendor and what were the deciding factors?

When we faced the necessity of a cybersecurity solution, we addressed the vendor we had contacted and communicated with before. Sekurno was recommended to us as a trustworthy security partner

Describe the project in detail and walk through the stages of the project.

Our initial request was a subdomain vulnerability check aimed to detect weaknesses and blind spots with subsequent action plan implementation. The second project was a dashboard vulnerability check. Having the dashboard secured is crucial to client data protection as it is a significant client-faced element constantly receiving and processing user information

How many resources from the vendor's team worked with you, and what were their positions?

There were 2 security engineers and 1 project manager from the Sekurno team who worked with us during the whole project. The CEO of Sekurno also participated in status update meetings

Can you share any outcomes from the project that demonstrate progress or success?

The biggest outcomes are: - fixed critical vulnerabilities; - raised awareness regarding security risks and methods of overcoming them; - QA best practices update

How effective was the workflow between your team and theirs?

The workflow was trouble-free and straightforward. Friendly and supportive communication made it effortless for us to cooperate and achieve results. We are completely satisfied with the transparency of the reports provided and the responsiveness of the vendor’s team. We were getting timely and relevant feedback upon request throughout the project

What did you find most impressive or unique about this company?

Sekurno team detected and reported several critical vulnerabilities ahead of completing a general testing process which gave our internal team an opportunity to eliminate the risk as soon as possible

Are there any areas for improvement or something they could have done differently?

We would love to hold an offline meeting with the vendor team members to have closer contact and deeper business relationship. The vendor’s team did great, and we encourage them to keep growing and sharpen their skills.

Introduce your business and what you do there.

I’m the CEO of a startup in the aerospace industry.

What challenge were you trying to address with Sekurno?

We needed an information security specialist, but instead of hiring one, we hired Sekurno to be our virtual chief information security officer (CISO).

What was the scope of their involvement?

Sekurno has three specialists working on different parts of our information security. Our market selling points are based on intellectual property, so information security is one of our main areas of interest. Their team has covered different security points and helped us implement security processes within the company.

What is the team composition?

We work with three information security specialists and a project manager.

How did you come to work with Sekurno?

We got introduced to Sekurno a while ago when my company didn’t exist yet. At the time, I knew about them but didn’t use their services; they only helped me with advice.

By the time I created this new company, I had a lot of experience and knowledge about them. We still evaluated different companies, but Sekurno offered the clearer and most systematic approach.

How much have you invested with them?

We’ve spent around $10,000. However, we’re still in the early stages, so I estimate that we will invest approximately $50,000 in total.

What is the status of this engagement?

We started working together in April 2021, and our engagement is ongoing.

What evidence can you share that demonstrates the impact of the engagement? 

The results that we’re planning to get are the security certificates to comply with our security service, but we haven’t achieved that yet.

Sekurno has created a lot of processes to ensure our information security, and they’ve done a good job explaining the implementation of those processes. However, the processes will become clearer once we get the certifications. We will also measure how easy it is for us to implement those processes.

Usually, startups go through a chaotic setup process, but as we cared about our security, we couldn’t do it that way. Fortunately, Sekurno has got our processes more in line, helping us establish a more systematic business approach.

How did Sekurno perform from a project management standpoint?

Sekurno’s project management has been good since the beginning. When we started working together, we had our own ways of communicating, but after 2–3 weeks, they got to the same level as us. From there, it has been a pretty smooth process.

What did you find most impressive about them?

It’s impressive how Sekurno has made something as complicated as information security very easy for us.

Are there any areas they could improve?

It would be great if Sekurno had someone actively dedicated to implementing what they’ve done. They’ve mostly created information security policies and gave us recommendations on how to implement them. However, having a person working directly with our team on the implementation side would be definitely an improvement.

The fact that they’re our virtual CISO rests a little bit on our experience. They’re a great substitute for a CISO, but their involvement is not as complete as it would be with an in-house CISO.

Do you have any advice for potential customers?

Be really clear bout your specifications and be patient because the area they work in is very complicated. Don’t try to evaluate the results of their work in the first 1–2 months; they need some time to complete their job, and you need time to implement the tasks.

Please describe your company and your position there.

I’m a Chief Financial Officer at Yalantis. Our company provides software engineering and IT consulting services. Specialties: Custom Software Development, Development Team Augmentation, IT Consulting And Digital Advisory, Software Reengineering And Support.

For what projects/services did your company hire Sekurno?

We hired the vendor to conduct Vulnerability Assessment in order to detect and mitigate possible vulnerabilities in our services, determine improvement actions and secure our clients’ data.

How did you select this vendor and what were the deciding factors?

The increased occurrence rate of cybersecurity incidents in the market caught our attention and raised concerns over the in-house security situation. Having made the decision to mitigate the potential risks, we reached out to the vendor organization’s co-founder we had previously had positive professional experience with. Following negotiations and consulting meetings resulted in the vendor’s hire.

Describe the project in detail and walk through the stages of the project.

Initially the Sekurno specialists recommended a general audit through vulnerability assessment in order to identify possible vulnerabilities and server/applications misconfigurations based on scanning results. Having a preliminary analysis of our public resources in place allowed the vendor’s team to filter the scope of works by relevance and initiate the security scan of the most significant projects. As a result we received vulnerability reports with the detailed descriptions, business risks analysis and solution assistance.

The obtained results indicated the urge for a more thorough approach to security and the demand for a responsible person to manage cybersecurity within the organization. The Sekurno team proactively lended a hand to conduct the technical interviews of candidates for the newly formed position, made comprehensive reports on each one of allowing us to hire an employee in a short time frame.

The service package encompassed the automated vulnerability assessment and system scanning, identification of false positives, generation of reports and technical interviewing of the candidates.

How many resources from the vendor's team worked with you, and what were their positions?

The vulnerability assessment was run by 2 security engineers and 1 project manager. The technical interviews were led by 2 senior information security officers. We were also regularly in touch with Sekurno CEO who helped to coordinate and manage the cooperation processes.

Can you share any outcomes from the project that demonstrate progress or success?

The biggest outcomes from the cooperation:

• critical vulnerabilities report containing recommendations to follow in order to mitigate the company business risks
• a successfully recruited cybersecurity specialist approved by the vendor;

How effective was the workflow between your team and theirs?

The workflow was built on a timely, coordinated communication which resulted in satisfactory outcomes and positive general impression. The Sekurno team does their best to support clients and sustain effortless collaboration. We obtained beneficial results and reckon all the time and resources invested to be rather consequential.

What did you find most impressive or unique about this company?

The Sekurno team has a well-coordinated team and extensive expertise in the field. They were not only a reliable vendor but a consultant and trustworthy advisor in matters of security.

Are there any areas for improvement or something they could have done differently?

Cannot state anything in particular, just keep raising the bar and help people.

Please describe your company and your position there.

RAKwireless is a pioneer in providing innovated and diverse LPWAN connectivity solutions for IoT edge devices, for both enterprises, SMB and individuals. IoT solutions should not be complex. We strive for simplicity and effectiveness in all products we develop.

For what projects/services did your company hire Sekurno?

We have Fleet Management System for our gateways, which handels sensitive date. We wanted to do a full security audit (to make sure we meet the highest standards) and we wanted Sekurno to review our infrastructure and mechanisms between cloud and device.

How did you select this vendor and what were the deciding factors?

Our partner referred us to Sekurno, and after interviewing a number of potential candidates, Sekurno came out as best. Professional approach, clear outlines, and a good offer. No hidden fee's whatsoever.

Describe the project in detail and walk through the stages of the project.

The scope of Sekurno included penetration testing of our web-application and API's. They were tasked with checking the front-end, backend, source code, vulnerabilities and security bugs -consolidated in a detailed report with proof of concept for each issue. Besides that Sekurno also worked together with our development team on implementing all the fixes and testing all the implementations, to make sure the application and API's were safe.

How many resources from the vendor's team worked with you, and what were their positions?

Sekurno - Senior Penetration Tester & Lead - Senior Penetration Tester Partner / RAK - PM - QA - DevOps - FE - BA - AWS Experts

Can you share any outcomes from the project that demonstrate progress or success?

• Report with business summary, security issues identified, technical details, and recommendations on fixing.
• The Checklist with the results of tests performed.
• Guidance on implementation of fixes
• Additional testing to make sure all issues are fixed

How effective was the workflow between your team and theirs?

After discussing the workflow between the teams, all went very smooth. Sekurno kept us (stakeholders) updated during the investigation and also discussed some things preliminary with our development partner.

What did you find most impressive or unique about this company?

The people at Sekurno clearly know what they are doing and don't shy away from a challenge. Although this review is focussed on 1 project only, we are currently running multiple projects with them in parallel. Sekurno every time finds a way to meet our business needs, even though while in some cases they don't have the expertise in house yet. They have a trusted network of partners. Which is great for us as client.

Are there any areas for improvement or something they could have done differently?

We are very satisfied and at this moment, we have no additional recommendations on what could be done differently or better.

Please describe your company and your position there.

I'm a Senior Software Engineer at appflame - a mobile app development company headquartered in Kyiv, Ukraine. Our company has over 180 employees, and our products are in top charts of tier-1 markets.

For what projects/services did your company hire Sekurno?

We have a couple of mobile applications containing large quantities of user data, so we decided to make a full security audit of the apps to make sure that they meet the highest security standards.

Additionally, in view of good results of the applications’ audit, we also made a security audit of the company infrastructure.

What were your goals for this project?

Since our apps are in the dating and social discovery category, we care a lot about our users’ privacy and security. Not only because this is required by the stores and legislation, but also because we believe that this is essential for any application on the market.

We’re now changing our development process by adding a trust and security team into the loop, so the expertise of an external provider were very valuable for our development in this area.

How did you select Sekurno?

We held interviews with a few companies on the market. Sekurno provided us with the best, well-rounded offer, which covered all our needs and didn’t include unnecessary add-ons.

Besides, their representatives showed high professionalism in communication and provided great examples of their previous work, which made it an extremely easy choice for us.

Describe the project in detail.

The scope of Sekurno Team included penetration testing of iOS and Android applications, and API. Their task was to check interface, source code, vulnerabilities, discover security bugs, and provide detailed analysis of security issues with proof of concept. The team also provided detailed recommendations on each discovered bug.

What was the team composition?

The team included security experts from Sekurno, as well as DevOPS and Software Developers from our side.

Can you share any outcomes from the project that demonstrate progress or success?

We can’t share the details, but we’ve received an extensive report with all the insights on the changes we need to implement to make our product more secure, as well as recommendations in the compliance area.

As an additional bonus, we also received a checklist and recommendations for further secure development.

How effective was the workflow between your team and theirs?

The workflow was really smooth, we’ve had a couple of intro meetings to make sure that we’re all on the same page.

During the project, we had weekly checkpoints, as well as emergency calls if something critical was found.

Overall, it was a great pleasure to work with Sekurno team as we were always aware of the project status and notified about the changes in advance.

What did you find most impressive about this company?

Sekurno is a great company with very friendly and pleasant employees. We really liked the way they adapted to our working style and made sure that we’re updated at every stage of the project.

Perhaps, the most impressive thing was their critical thinking on all matters – we only received facts and verified issues, no irrelevant information.

Please describe your company and your position there.

One of the most important aspects in the Information Security strategy of Digitally Inspired is to ensure that we can evidence compliance with the GDPR legislation.

For what projects/services did your company hire Sekurno?

For GDPR Compliance Assessment.

What were your goals for this project?

As a software development company we need to ensure that privacy by default and privacy by design principles are followed by our specialists and business processes, that is why we requested subject matter experts from Sekurno company to evaluate our business processes based on GDPR requirements.

1. Identify GDPR compliance status by the third party.
2. Define security and privacy controls, which can improve DI ISMS.

How did you select Sekurno?

The company was referred to us.

Describe the project in detail.

Sekurno performed GDPR Compliance audit for DI internal processes.After the project, we received a detailed report that reflected the results of the GDPR compliance assessment. This included recommendations on how to improve our security and privacy controls.

What was the team composition?

Sekurno has assigned their Security Lead and Legal Counsel for this project.

Can you share any outcomes from the project that demonstrate progress or success?

We received a detailed report which defines strengths and areas for improvement of DI ISMS in regards to GDPR compliance. The Sekurno team was able to qualitatively analyze the current privacy compliance state and identify controls, which can help Digitally Inspired to improve Information Security Management System. An individual approach experienced privacy professionals and focuses on the details are really impressive. We are happy that we chose Sekurno!

How effective was the workflow between your team and theirs?

The Sekurno team quickly responded to any of our issues or questions, so we were able to resolve problems when they appeared.

What did you find most impressive about this company?

They are a team of professionals who provides quality services.

Are there any areas for improvement?

None.

Please describe your company and your position there.

I am Co-Founder and CTO of legaltech startup Legal Nodes( https://legalnodes.org ) - a legal service marketplace which enables clients to easily find legal solutions for their legal needs, and for legal providers to automate client search and intake.

My responsibilities include: development of project's technical solutions(both by myself or by managing the team of developers), devops, digital security and other technical needs of our project.

For what projects/services did your company hire Sekurno?

Our project works with legal and personal data, so security of our platform and our users' data is of primary importance to us. We hired Sekurno to receive cybersecurity audit of our platform and to receive report on existing security issues that can become security risks.

What were your goals for this project?

1. Identify the main risks to cybersecurity of our platform
2. Receive reports and recommendations on found issues
3. Plan measures to eliminate found risks

How did you select this vendor?

Sekurno were recommended to us by our colleague. During initial meeting with Sekurno's representatives and discussing conditions of our collaboration, we were pleasantly surprised by their professionalism, client-oriented approach and responsiveness. This is why we have decided that this company is best suitable for needs of our project.

Describe the project in detail.

After selecting Sekurno as our cybersecurity audit provider, we had several organizational calls and meetings, the purpose of which was to receive better understanding of our system and to define scope of audit. Also we have discussed how to prepare our systems for audit in order to receive accurate results and not to cause stress for our live-product.

After preparing our platform for audit, we signed all required legal agreements with Sekurno. Following that, the Sekurno team has begun audit process, during which they were sending us regular updates on progress and results.

At the end we have received detailed report on all found cybersecurity issues, steps to reproduce them and recommendations on their elimination.

What was the team composition?

Sekurno has assigned their Security Lead and a team of security engineers to our project.

Can you share any outcomes from the project that demonstrate progress or success?

As a result of security audit, we have received a report on security issues found on our platform, steps to reproduce them and recommendations on their elimination. Thanks to this report we were able to make significant progress in digital protection of our platform.

How effective was the workflow between your team and theirs?

The Sekurno team proved to be highly professional and responsive, communication was regular, comfortable and on-point.

What did you find most impressive about this company?

Very comfortable communication, customer-oriented attitude, and sensitive approach towards customer safety are the traits that we liked the most about Sekurno.

Are there any areas for improvement?

None to think of