“Cyver Core really helps. I would say that quite a few companies have some sort of portal to deliver the testing. If you’re up against 2-3 competitors and you’re the one without a portal, the customer is choosing someone with a portal. People go with us because we have a portal. The marketing guys share about it, they log into the demo accounts and show results, it’s a big part of marketing.”
CyberSecurityFirmE is a cybersecurity services company delivering everything from pentesting to expertise-as-a-service. The company onboarded with Cyver Core in 2024, where it delivers pentesting to over 100 clients. CyberSecurityFirmE also stands out with consultancy, CISOs, certification-readiness, and cybersecurity training, making it more than a pentest company. Plus, with managed SOC and monitoring services, CyberSecurityFirmE can offer compliance-ready security to organizations.
That client-centric focus is also why CyberSecurityFirmE moved to Cyver Core.
“We were already using Serpico and then Pwndoc to automate reports,” says the Head of Pen Testing at CyberSecurityFirmE, “We needed something a bit more client interactive, and we wanted the vender to take on the risk so we didn’t have to maintain the software with self-hosting”
Today, CyberSecurityFirmE delivers cybersecurity solutions to hundreds of organizations across the UK, complete with training, expertise and leadership, and much more. Over 100 of those clients are on the Cyver portal, including new clients who’ve signed on for access to options to book pentesting in the system.
Who are CyberSecurityFirmE:
CyberSecurityFirmE delivers cybersecurity services complete with pentesting, monitoring, training, SOC and other compliance readiness, and expertise-as-a-service. Since launching in 2020, it’s collected a client-base including banks and enterprises.
- Projects on Cyver Core: 100+
- Plan: Enterprise
- Location: UK
- Started on Cyver Core: 2024
- Rates Cyver Core: 9 out of 10
Looking for an Interactive Pentest Management Portal
CyberSecurityFirmE was already using PwnDoc, which it had moved to from Serpico. It already had report automation, including some ability to deliver reports to the client in a portal. However, after PwnDoc, CyberSecurityFirmE was specifically looking for a portal that wasn’t self-hosted.
“We had a portal, I had to manually build reports when I started pentesting years ago, I’m never doing that again. So I found a platform that could generate reports, but you couldn’t add customers.” said the Head of Pentesting at CybersecurityFirmE, “Then we found another and you could, it was PwnDoc. It was self-hosted, so we had to manage and maintain it ourselves. So automated pentest reporting was not new to us, it was the extra bits like scheduling, adding customer access, and moving the burden of risk and maintenance to the platform that was important for us.”
Custom Support and Development Make a Difference
“We were looking for a pentest portal with a booking solution,” says the Head of Pentesting at CybersecurityFirmE, “we had lost a bid to a company that had a client-facing portal with pentest schedules, and the client could buy dats of pentesting upfront– we wanted that. Cyver Core recently released that, and that feature was driven by CyberSecurityFirmE”
“It was one of the reasons we chose Cyver Core over Dradis and PlexTrac, because of the flexibility you showed during the sales process. There are quite a few things like tokens we’ve added or requested changes to be done. That was the main distinguishing factor between Cyver Core and our other options, you were happy to engage, have conversations and build in solutions for us. It wasn’t much in money, between the highest price and the lowest price was probably 6 grand, and Cyver was in the middle – the final factor was the willingness to be flexible and make changes for us.”
“I think a lot of the core functionality across pentest platforms is going to be the same. You deliver findings, deliver reports in a portal, the interactions are the same. Pentesters have the same needs everywhere. The differentiator for Cyver is the interaction with internal people, being able to go “this isn’t working quite right, can we have this token”, etc. When we spoke to competitors, if there was something we didn’t like, even something tiny, they said they would put it in as a suggestion, and within 3-5 months they’d put it in, and you’d see your changes in 9+ months. With Cyver, I log in through support, message Elena, and if it’s a quick thing, it’s normally done in a few days. If it’s urgent, it’s usually fixed very quickly. If it’s a token, it’s 5-7 days. Even a bigger thing, like the booking system, I think that took you 6-8 months. With Dradis, even a small change was 3+ months. The defining differentiator was that I can phone someone up and get things fixed. “
Using Cyver Core’s Pentest Management Portal
CyberSecurityFirmE has been using Cyver Core for over a year. Today, it has over 100 clients onboarded onto the platform. CyberSecurityFirmE currently spends just a few minutes adding a new client to the portal, adds the planning in from there, and then about 10 minutes to do the setup based on scope data from the client.
“Customers have a portal to use, they mark finding a remediated or in need of a retest, the planning piece is coming together nicely, I can do scheduling now,” says the Head of Pentesting at CybersecurityFirmE, “You’ve solved my problems of giving me a portal with you taking on the risk of management. I don’t have to self-host or self-manage, and that’s all good.”
“The planning tool has also improved a lot since we joined,” he adds, “It’s starting to get to where we can use it for integrated planning and having that all in one place, that’s a drastic improvement over when we joined and it wasn’t there yet.”
“We use most of the features, we even told Luis that if he wants to add features onto our tenant, we’re happy to beta test them and let him know if they are useful or not”
“Currently, we save about half a day of time on reporting over reporting with no tool. Cyver Core probably saves us about an hour over using PwnDoc. However, we set our database up better when we moved to Cyver Core, we really took the opportunity to rewrite all the findings and make sure our database was solid. Of course, it’s also faster to add results. In PwnDoc the import function means you have to add evidences manually, which takes a bit more time. Import routines in Cyver Core are better. We also save a little bit of time because the platform automatically shares the report to the client.”
CyberSecurityFirmE also uses notifications to send alerts to clients and pentesters, so they don’t have to manually send emails about critical findings.
Delivering a Pentest Portal as a Market Differentiator
CyberSecurityFirmE delivers pentest-as-a-service as well as one-touch pentesting including scanning. It’s using its pentest portal in marketing, to make sales, and has already signed new customers using the booking service, so clients can schedule pentests upfront through the Cyver portal.
“Cyver Core really helps. I would say that quite a few companies have some sort of portal to deliver the testing. If you’re up against 2-3 competitors and you’re the one without a portal, the customer is choosing someone with a portal. People go with CyberSecurityFirmE because we have a portal. The marketing guys share about it, they log into the demo accounts and show results, it’s a big part of marketing. Cyver Core is a great platform. Feedback from customers is good, the pentesters like it.”
“We already have customers that want a vendor that allows booking slots for pentesting. We’re using the new scheduling feature at Cyver Core for that – because our conversations with Luis were where that feature came from. We already have two customers that have bought blocks of days, so that system is ready to be utilized.”
“I’d rate Cyver Core a 9 out of 10, I don’t give 10’s”