This review was updated by a software security architect at the client's company on April 27, 2020. The original star ratings were: Overall - 4.5, Quality - 4, Schedule - 4, Cost - 5, NPS - 5. New content is below:
Introduce your business and what you do there.
I’m the software security architect at a financial services company that deals with benefits such as HSA. One of my roles is a penetration test coordinator.
OPPORTUNITY / CHALLENGE
What challenge were you trying to address with Silent Break Security?
At regular intervals, we have security assessments in the form of penetration tests. Although they are routine procedures, we want to make sure that they are high quality and we get value out of them. Silent Break Security is one of the companies we’ve worked with before, so we reached out to them this time as well.
What was the scope of their involvement?
They provided the penetration test. This time around, the scope was a mobile security assessment for a mobile app, as well as a web application security assessment. Recently, they performed a retest.
Last year, they found some vulnerabilities and we fixed them. Silent Break Security then came back and performed the exact same test again. The team updated the report for us to show that the vulnerabilities no longer existed.
What is the team composition?
We worked with a project manager, an individual tester, and an operations teammate. We also work with Brady (Founder) from time to time.
How did you come to work with Silent Break Security?
We found out about them through a former employee of ours who got in touch with several vendors, including Silent Break Security. We then had a good first experience with them, which is why we hired them again.
How much have you invested with them?
For this project, we spent about $30,000–$40,000.
What is the status of this engagement?
This project lasted from October 2019–April 2020.
RESULTS & FEEDBACK
What evidence can you share that demonstrates the impact of the engagement?
Their work allows us to show our partners that even when there are vulnerabilities, we fix them. Additionally, risk reduction is a great benefit. For every vulnerability that Silent Break Security finds and we fix, that’s one malicious attack that’s been prevented.
It’s hard to prove the value of something that didn’t happen, but that’s the nature of the work. The vulnerabilities don’t come back to haunt us. For example, if an attack does happen, it takes lots of hours to rectify and requires lots of damage control.
How did Silent Break Security perform from a project management standpoint?
When I work with them, everything goes smoothly. The team is willing to working with us and our timelines. Sometimes when I’m not able to get tasks done quickly enough, Silent Break Security is usually very good at accommodating that.
The technology they use is also great. The portal we use to share information is very secure. They upload the reports there and send me an email. Then, I can go into the portal and download the reports. I can also upload information securely onto the portal.
What did you find most impressive about them?
I’m really grateful that they were willing to do the retest, even though I forgot to make sure that that was included in the contract. Silent Break Security was very much interested in our success, helping us to achieve our goals.
The quality of their work and, consequently, their reports is very good. Sometimes vendors run basic assessments that don’t provide as much value. This team’s work was of the highest quality. They found novel and interesting issues and explained them well in the reports.
Are there any areas they could improve?
No, I have no suggestions, Everything has been smooth with them. I’ve worked with other companies where we’re not on the same page, but that’s not the case with Silent Break Security. They’re always willing to work with us where we’re at.
Do you have any advice for potential customers?
Generally speaking, the more information you can give them and the more background you can provide them, the better. That’s especially important when they’re testing a custom solution.
It’s not possible for them to have a comprehensive understanding of custom software, so it’s important to provide them with as much information as possible so that they can provide you great value.