Offensive Security Is the New Defense

Featuring Seemant Sam Sehgal’s comments with Cybersecurity Ventures: BreachLock Founder & CEO On Penetration Testing: “Offense Is the New Defense”: BreachLock Founder & CEO On Penetration Testing: “Offense Is The New Defense”

What I found out over a period of 20 years of a successful corporate career is that there was one thing that I was glued to and that was solving problems. If there was no problem to solve, I was looking for one.

And then when I looked at the world of ethical hacking, it really intrigued me. I became a hacker myself because there was a ‘good versus evil’ fight, and here we are after 20 years of my cybersecurity experience. We have a dream called BreachLock that’s helping the world be a safer place.

The 3 Elements of Penetration Testing as a Service

BreachLock is a pentesting as a service platform — better known as PtaaS — which covers your full stack, so your complete attack surface, from a penetration testing perspective. And we do that with combining three main elements of pen testing:

1. Automation;
2. Artificial Intelligence; and, of course,
3. The Creativity of Human Hackers

Traditional Pentesting Doesn’t Scale

Before I started BreachLock, I was heading the cybersecurity assessment wing at one of the largest European Banks, and during that process I had access to a lot of big Force Boutique firms and talented hackers in general.

I was paying all of them to get the job of pentesting done, and that gave me a lot of experience on the buyer side of the table but also what it told me what were the problems with the pentesting industry.

At that time, number one we were making the process of pentesting overly complex.

Now think about it: when a real hack is done in a real cybersecurity incident, the hacker is not on-premise. They are either in a different country, and in most cases, on a different continent. So why do you want to bring the hackers on-site and make your life complex?

The second thing that I realized was that these hackers that I got onsite were doing fairly repetitive tasks that are better done by a machine, and that would let them focus on more complex problems, so we can really upgrade the security posture.

The third thing that I realized was that remediation looked as a complete different silo in the process of penetration testing. Now again, think about it — why are you doing a pentest? Obviously to solve the findings. So why make remediation a different silo, and it’s not integrated into your pentesting process?

Pentesting Services for Third Party Compliance

So I started BreachLock in 2019. For the first year, it was a million dollar run. For any startup, it’s just a dream come true, but we were still a very small team. And just when we started to accelerate, we were hit by Covid, and how would I now expand the team? Because I can’t travel to different countries I can’t meet people talk to them eye to eye. But we still had to get on with the job, so we kept on hiring and we actually grew our business 100% year on year, and we also grew our team with 40-50 BreachLockers based in three different countries.

Then, as we progressed into ‘21 and ‘22, we had certifications, such as Crest, ISO 27001, and SOC 2, which pushed our maturity as an organization to a different level and got in some big Enterprise clients for us.

BreachLock – Leader in the PtaaS Emerging Category

Also, we were featured in Gartner Hype Cycle 2021  – for two years in a row – as one of the leading vendors in the pentesting as a service space. That was a testimony for us as a four-year-old company which is working on an innovative concept to change the industry forever.

However, the biggest milestone for us is obviously 700+ clients that are now using the BreachLock platform and are benefiting from the speed of execution with the ease of doing business. More importantly, BreachLock is helping them improve their security posture and fight cybercrime one test at a time. So we’re already excited about the future here at BreachLock. We want to be a dominant force in the offensive security market because there’s been a ton of investments that have gone into defense. Offense is the new defense, and that’s the space BreachLock wants to dominate in the next five years