First of all, one of my advantages over larger firms like or smaller, well-established firms like Cure53 is my flexibility and personalized service. As a smaller entity I can offer quicker turnaround times and more direct communication with clients. So I can ensure that every aspect of the client’s security posture is thoroughly assessed personally by me. Additionally, while I'm currently a one-man band, I have a network of trusted and certified freelance professionals who can be brought in for either larger or urgent projects if needed. This allows me to scale without compromising on the quality and speed of the engagement. Not even mentioning that based on my experience, when you hire a penetration testing service from a big company you don't really know who's performing the pentest and sometimes it's being done by not really qualified people. (I know about some companies that outsource certain projects and they're not doing a good job at all, this means reporting non-sense findings, or not being able to properly address the impact/risk of them).This being mentioned, I own well known cybersecurity certifications (for web apps and infra), I'm constantly developing my skills and I also have been awarded by different bug bounty programs. And planning to be a speaker soon!
Regarding the specialty, I'm not planning to focus on industrial control systems, but apart form that specific case, the approach of a pentest is the same for every web application, I mean, the pentest methodology is the same if you are testing a fintech, a bank, an insurance company, an ecommerce, or any other web app. You can show yourself as an expert in ecommerce, but in the background there's no difference at all, since the procedures and methodologies are the same.
As you may have realized, I'm gonna be focusing on web application penetration testing which is my specialty, at least at the beginning. But I have experience in either webapp, infra and mobile.
Thanks!
No comments yet.