How Hacken Delivers High-Volume Audit Reports with Cyver Core

“Cyver Core is amazing, we told Luis that when we were onboarded, it’s really useful and a much-needed tool for pentesters and auditors. A company like Hacken, without a tool like Cyver, it’s just chaos.” _ Luciano Ciattaglia, Director of Services at Hacken

Hacken is a cybersecurity firm specializing in audits and cybersecurity for web3 and blockchain companies. As a specialist in a rapidly growing field, Hacken runs audits for 1,000+ clients, with 500+ audits per year. As of 2023, those audits are managed and delivered through the Cyver Core platform. Hacken has made a name for itself in blockchain security and continues to grow and now has a multinational presence.

Hacken started looking into a pentest management platform to solve organizational problems around data retention and management and eventually moved to Cyver Core to achieve exactly that.

We talked to Luciano Ciattaglia, Director of Services at Hacken, to discuss how Hacken uses Cyver Core to distribute and deliver audit reports across its client base.

Hacken:

  • Plan: Enterprise
  • Location: Ukraine, Portugal, Estonia
  • Rates Cyver Core: 9 out of 10
  • Started with Cyver Core: 2023
  • Looking for a Pentest Management Platform

    Hacken moved to a pentest management platform as part of an effort to improve organizational data management.

    “We had been using static writers like Google Docs and the problem with those is that you can’t get information from them.” Says Luciano, “So, we never knew how many findings we had, what their severity was, etc. We didn’t have any way to gather metrics.” 

    Hacken started looking into Cyver and multiple other competitors, eventually choosing Cyver for fit-to-purpose and because it offered more documentation and videos than other competitors considered.

    “For example, we considered other alternatives, but they were more designed for internal security teams. Cyver is more focused on the client side and has more features to offer for companies delivering third-party security. Of course, Cyver Core is also cheaper, but pricing didn’t matter because you expect a platform handling highly sensitive information to be expensive. For example, we also looked at and rejected a fully open-source tool that also didn’t quite meet our needs. “ 

    “Of course, fit to purpose wasn’t the only differentiator. We liked that if we request changes in Cyver, we can get them. We might have to pay for them, but there’s the option. Competitors we looked at didn’t even offer the option.” 

    Achieving Results with Cyver Core

    Hacken onboarded to Cyver in November, 2023 and has onboarded all its clients.

    “We started using Cyver as a central hub to deliver all our audits. That means we onboard the client to the portal and then upload audit progress as it happens. That allows us to achieve two things. The first is that we can gather metrics like how many findings, severity, etc., automatically and Cyver just does it for us. The second is that we can show audit progress to our clients, which, considering many of our audits take 2 months, they’ll see progress and findings during the audit and can start to act on findings more quickly”

    “Of course, clients also now have the option to remediate faster because they know about the vulnerabilities faster.”

    “That allows the client to have more control of their security during the audit. It also means they can see old audits and old data and compare findings and changes over time. However, for Hacken, it also means we can make data-driven decisions. We know how many audits we are running, who is doing them, vulnerabilities found, vulnerability criticality, etc.” 

    “We’ve also moved a lot of our specific conversations around remediating findings into Cyver, although we still use a custom Slack channel for general questions. Clients ask about remediation or other details on the findings page, which is much more organized that what we had before.”

    “We use a lot of the features; all our customers are on the client portal. We’ve worked with Cyver on custom development like the customized findings field. As a larger organization, things like team roles are also indispensable, because we can control who sees which parts of the portal.” 

     “We’ve also used Cyver to completely replace other tools. For example, we moved our project planning out of Jira and into Cyver. Our next goal is to do the same with quotes, so more and more of our operation is managed in one place.” 

    Saving 60% of Time to Report

    “Before we started using Cyver Core, we were using Google Docs and GitHub. We’d spend an average of 3-4 days per report. Now, with Cyver, we spend an average of 1 day but sometimes go up to 2.” 

    “That’s in part because we upload findings during the audit. The findings templates save us a lot of time there, because we don’t have to copy-paste data from our library, it’s just there. That saves us 60% of time on common issues. Then, all we have to do is import those into our report templates and everything is there. So, once the final report is done, all we have to do is check it and it’s done.” 

    “The most important change is the amount of time we spend reporting issues, and using Cyver, we cut that by 60% or more” 

    Hacken is now using Cyver as a central hub for audit management inside Cyver, although it still uses an external tool to manage sales and clients – but with an API to automatically import that data.

    “We now have all of the internal transparency we missed. We can see who made changes over the audit, who checked something, how long a finding took, who sent it to the customer, etc., and that’s all crucial for a big team.”

    Read the Case Studies in detail

    Hacken is a multi-national cybersecurity company with 60+ engineers specializing in blockchain and web3 audits.

    • Projects on Cyver Core: 500+
    • Plan: Enterprise
    • Location: Ukraine, Portugal, Estonia
    • Rates Cyver Core: 9 out of 10
    • Started with Cyver Core: 2023

    Looking for a Pentest Management Platform

    Hacken moved to a pentest management platform as part of an effort to improve organizational data management.

    “We had been using static writers like Google Docs and the problem with those is that you can’t get information from them.” Says Luciano, “So, we never knew how many findings we had, what their severity was, etc. We didn’t have any way to gather metrics.” 

    Hacken started looking into Cyver and multiple other competitors, eventually choosing Cyver for fit-to-purpose and because it offered more documentation and videos than other competitors considered.

    “For example, we considered other alternatives, but they were more designed for internal security teams. Cyver is more focused on the client side and has more features to offer for companies delivering third-party security. Of course, Cyver Core is also cheaper, but pricing didn’t matter because you expect a platform handling highly sensitive information to be expensive. For example, we also looked at and rejected a fully open-source tool that also didn’t quite meet our needs. “ 

    “Of course, fit to purpose wasn’t the only differentiator. We liked that if we request changes in Cyver, we can get them. We might have to pay for them, but there’s the option. Competitors we looked at didn’t even offer the option.” 

    Achieving Results with Cyver Core

    Hacken onboarded to Cyver in November, 2023 and has onboarded all its clients.

    “We started using Cyver as a central hub to deliver all our audits. That means we onboard the client to the portal and then upload audit progress as it happens. That allows us to achieve two things. The first is that we can gather metrics like how many findings, severity, etc., automatically and Cyver just does it for us. The second is that we can show audit progress to our clients, which, considering many of our audits take 2 months, they’ll see progress and findings during the audit and can start to act on findings more quickly”

    “Of course, clients also now have the option to remediate faster because they know about the vulnerabilities faster.”

    “That allows the client to have more control of their security during the audit. It also means they can see old audits and old data and compare findings and changes over time. However, for Hacken, it also means we can make data-driven decisions. We know how many audits we are running, who is doing them, vulnerabilities found, vulnerability criticality, etc.” 

    “We’ve also moved a lot of our specific conversations around remediating findings into Cyver, although we still use a custom Slack channel for general questions. Clients ask about remediation or other details on the findings page, which is much more organized that what we had before.”

    “We use a lot of the features; all our customers are on the client portal. We’ve worked with Cyver on custom development like the customized findings field. As a larger organization, things like team roles are also indispensable, because we can control who sees which parts of the portal.” 

     “We’ve also used Cyver to completely replace other tools. For example, we moved our project planning out of Jira and into Cyver. Our next goal is to do the same with quotes, so more and more of our operation is managed in one place.” 

    Saving 60% of Time to Report

    “Before we started using Cyver Core, we were using Google Docs and GitHub. We’d spend an average of 3-4 days per report. Now, with Cyver, we spend an average of 1 day but sometimes go up to 2.” 

    “That’s in part because we upload findings during the audit. The findings templates save us a lot of time there, because we don’t have to copy-paste data from our library, it’s just there. That saves us 60% of time on common issues. Then, all we have to do is import those into our report templates and everything is there. So, once the final report is done, all we have to do is check it and it’s done.” 

    “The most important change is the amount of time we spend reporting issues, and using Cyver, we cut that by 60% or more” 

    Hacken is now using Cyver as a central hub for audit management inside Cyver, although it still uses an external tool to manage sales and clients – but with an API to automatically import that data.

    “We now have all of the internal transparency we missed. We can see who made changes over the audit, who checked something, how long a finding took, who sent it to the customer, etc., and that’s all crucial for a big team.”

    [/et_pb_text][/et_pb_column][/et_pb_row]

    Read the Case Studies in detail

    [/et_pb_section]

    Hacken is a multi-national cybersecurity company with 60+ engineers specializing in blockchain and web3 audits.

    • Projects on Cyver Core: 500+
    • Plan: Enterprise
    • Location: Ukraine, Portugal, Estonia
    • Rates Cyver Core: 9 out of 10
    • Started with Cyver Core: 2023

    Looking for a Pentest Management Platform

    Hacken moved to a pentest management platform as part of an effort to improve organizational data management.

    “We had been using static writers like Google Docs and the problem with those is that you can’t get information from them.” Says Luciano, “So, we never knew how many findings we had, what their severity was, etc. We didn’t have any way to gather metrics.” 

    Hacken started looking into Cyver and multiple other competitors, eventually choosing Cyver for fit-to-purpose and because it offered more documentation and videos than other competitors considered.

    “For example, we considered other alternatives, but they were more designed for internal security teams. Cyver is more focused on the client side and has more features to offer for companies delivering third-party security. Of course, Cyver Core is also cheaper, but pricing didn’t matter because you expect a platform handling highly sensitive information to be expensive. For example, we also looked at and rejected a fully open-source tool that also didn’t quite meet our needs. “ 

    “Of course, fit to purpose wasn’t the only differentiator. We liked that if we request changes in Cyver, we can get them. We might have to pay for them, but there’s the option. Competitors we looked at didn’t even offer the option.” 

    Achieving Results with Cyver Core

    Hacken onboarded to Cyver in November, 2023 and has onboarded all its clients.

    “We started using Cyver as a central hub to deliver all our audits. That means we onboard the client to the portal and then upload audit progress as it happens. That allows us to achieve two things. The first is that we can gather metrics like how many findings, severity, etc., automatically and Cyver just does it for us. The second is that we can show audit progress to our clients, which, considering many of our audits take 2 months, they’ll see progress and findings during the audit and can start to act on findings more quickly”

    “Of course, clients also now have the option to remediate faster because they know about the vulnerabilities faster.”

    “That allows the client to have more control of their security during the audit. It also means they can see old audits and old data and compare findings and changes over time. However, for Hacken, it also means we can make data-driven decisions. We know how many audits we are running, who is doing them, vulnerabilities found, vulnerability criticality, etc.” 

    “We’ve also moved a lot of our specific conversations around remediating findings into Cyver, although we still use a custom Slack channel for general questions. Clients ask about remediation or other details on the findings page, which is much more organized that what we had before.”

    “We use a lot of the features; all our customers are on the client portal. We’ve worked with Cyver on custom development like the customized findings field. As a larger organization, things like team roles are also indispensable, because we can control who sees which parts of the portal.” 

     “We’ve also used Cyver to completely replace other tools. For example, we moved our project planning out of Jira and into Cyver. Our next goal is to do the same with quotes, so more and more of our operation is managed in one place.” 

    Saving 60% of Time to Report

    “Before we started using Cyver Core, we were using Google Docs and GitHub. We’d spend an average of 3-4 days per report. Now, with Cyver, we spend an average of 1 day but sometimes go up to 2.” 

    “That’s in part because we upload findings during the audit. The findings templates save us a lot of time there, because we don’t have to copy-paste data from our library, it’s just there. That saves us 60% of time on common issues. Then, all we have to do is import those into our report templates and everything is there. So, once the final report is done, all we have to do is check it and it’s done.” 

    “The most important change is the amount of time we spend reporting issues, and using Cyver, we cut that by 60% or more” 

    Hacken is now using Cyver as a central hub for audit management inside Cyver, although it still uses an external tool to manage sales and clients – but with an API to automatically import that data.

    “We now have all of the internal transparency we missed. We can see who made changes over the audit, who checked something, how long a finding took, who sent it to the customer, etc., and that’s all crucial for a big team.”

    [/et_pb_text][/et_pb_column][/et_pb_row]

    Read the Case Studies in detail

    [/et_pb_section]