Serge Borso, CEO
While having the chance to work in every level of the information security industry as a Security Specialist and later on in engineering, architecture, penetration testing and leadership roles; Serge Borso, the CEO of SpyderSec acknowledges that for many organizations security is oftentimes an afterthought or looked at from strictly a cost center perspective. “Companies are in the business of generating revenue and determining what to invest in from a security perspective is challenging. This is partially due to the difficulty in defining what security is and how to factor it into traditional ROI calculations,” begins Borso. SpyderSec was essentially created to make that calculation easier by helping organizations quantify risk, have candid conversations about risk tolerance and tailor solutions to help them define and achieve their security goals.
Borso also points out the fact that, “Today’s vulnerability management customers still struggle with the fundamentals: Choosing an in-house security team or a MSSP, integrating enterprise security services across business units, implementing solutions to 100 percent and measuring the success of their security program.” SpyderSec fits outside of the in-house and MSSP concepts as a consultant organization concentrated on partnering with clients to provide expertise and collectively arrive at the best solution. SpyderSec started down its path in early 2015 and has steadily incorporated more comprehensive service offerings to best meet the needs of its clientele.
A current trend in the area of vulnerability management seems to be solution providers touting a single product to tackle all facets of a vulnerability management program. But SpyderSec takes a different approach and learns about the intricacies of a client’s operations, products and culture so that it can understand the threats to the organization and recommend appropriate countermeasures.
Our roots are in offensive security and our core focus is on delivering remarkable results
“We don't try to be everything to everybody, our roots are in offensive security and our core focus is on delivering remarkable results. This dovetails well with PCI DSS testing, phishing solutions and open source intelligence gathering, which are additional services that we offer,” states Borso.
With the advent of the new PCI DSS standards, there are specific criteria that need to be taken into account for ensuring confidentiality, integrity and availability of the Cardholder Data Environment. SpyderSec's PCI Solutions test in accordance with the latest standards and help organizations learn about security shortcomings before attackers do. “We do this by bundling a distinct internal and external network penetration test, separate web application penetration testing and ancillary services into one solution aimed at discovering and exploiting vulnerabilities as well as identifying deficiencies in the encompassing security program,” delineates Borso.
Another growing trend in the area of vulnerability management is extensive API access built into vulnerability management products. The firm’s latest service offering— EspialTM, an open source intelligence gathering platform, is built with extensive API access and has the ability to ingest real-time information from their purchased platforms, correlate results and provide actionable information. Organizations can leverage this real-time information to shore up their defenses, inventory and security posture.
SpyderSec has been profitable since day one; “We work hard, we innovate and everyone involved with the organization is genuinely happy and I think that's a spectacular way to measure success,” extols Borso. Reminding the words of Colin Powell: Success is the result of perfection, hard work, learning from failure, loyalty, and persistence, Borso concludes, “We endeavor, we learn from our mistakes and because of our passion, persistence and determination, we will continue to succeed in the long term.”