Among Ukrainian organizations, we get the most requests from IT companies, and in this post, I want to talk about some accumulated experience. Quite possibly, it will be useful to other organizations in this business, and maybe organizations from other sectors. So if you know a CIO/CTO from an IT-firm, show them this text. It was written for them.

We are happy to extend our reach to more Ukrainian IT companies, and this time it has been our pleasure to provide offensive security services to one of the industry leaders: SoftServe!

Kostiantyn Korsun has opened this year’s Nonamecon conference with the talk titled “State Cybersecurity vs. Cybersecurity of the State. #FRD Lessons.” During his speech, Kostiantyn shared his own impressions of the #FRD campaign and its results and also summarizes a survey of several dozen well-known cybersecurity practitioners of Ukraine on the causes, motives, and effects of the operation.

It was a really exciting experience to provide an application security assessment to a SaaS HR solution, that operates in Silicon Valley. Taking into account the highly sensitive nature of the involved personal data and the high-tech product engineering approach, we must admit that this was one of the most complicated challenges we faced since starting up Berezha Security. Big thanks to our customers for ambitious goals and great references!

Berezha Security is excited to announce that we have been recognized as a Contender in the Forrester Midsize Cybersecurity Consulting Services Wave!

«Стан професії 2019: дослідження спільноти кібербезпеки» є подією унікальною, а зібрані дані — достатньо правдиві та релевантні. Чому, питаєте? Тому що в опитуванні взяли участь 250 спеціалістів з кібербезпеки. За різними суб’єктивними оцінками, в Україні таких людей від 3–4 тис. до 7–8 тис., але це не точно. Тому що, знов ж таки, правдивої статистики з цього питання немає.

At the beginning of the new year, we decided to summarize how simple it was for the penetration testers to overcome the security systems in the passing year. And of course, this post would be incomplete without the recommendations on how to defend against such attack vectors.