A QUICK INTRODUCTION ABOUT WHAT YOUR COMPANY DOES/YOUR VALUES/MISSION.
We at zigrin are a team of cybersecurity perfectionists and experts, who offer you specialized knowledge and years of experience in software and hardware security testing.
Our mission is to increase the cost of cybercrime.
Zigrin Security was launched in 2017, but the members of our team have been active in the security field for much longer. We offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices. We also conduct cybersecurity research to discover new attack techniques, better ways to detect security vulnerabilities, and new approaches to keep our customers secure.
TELL US ABOUT YOURSELF?
Dawid Czarnecki started his career by developing a wide variety of web applications. As a web developer, he learned the ins and outs of application development and the common mistakes developers make that affect their applications’ security. In the following years, he focused on developing secure applications, all while learning the techniques used by cybercriminals and the methodologies of breaking through various security systems – all of this led him to become a professional pentester. He decided to devote his career to finding software vulnerabilities and ways to fix them.
The expertise of Dawid Czarnecki is best shown by the fact that he had worked as an senior penetration tester at NATO Cyber Security Centre, where he was tasked with penetration testing of applications, systems and network infrastructure in NATO member states. His exceptional skills are confirmed by a number of renowned industry certifications, including the Offensive Security Certified Professional (OSCP, also known as the ethical hacking certification), GIAC Certified Incident Handler (GCIH, a certification of expertise and skills required for responding to hacking attacks, issued by Global Information Assurance Certification), and GIAC Certified Web Application Defender (GWEB, a certification of competence in securing web applications).
Dawid Czarnecki is a member of the GIAC Advisory Board. In 2019, he became the SANS NetWars champion – he placed 3rd in the SANS Core NetWars tournament at the Pen Test Hackfest Summit in Berlin. As an expert, he develops assignments and competency tests for cybersecurity professionals, while participating in Capture the Flag hacking tournaments. This unique set of skills allows him to approach cybersecurity from two perspectives – that of security developers and that of a potential hacker. Thanks to his expertise, Zigrin Security can offer its clients a proper assessment of actual threats to their IT systems and effective countermeasures.
IF YOU COULD GO BACK IN TIME A YEAR OR TWO, WHAT PIECE OF ADVICE WOULD YOU GIVE YOURSELF?
Focus on one thing at a time. Helping our customers improve the security of their organizations requires a tremendous amount of work on all fronts. Threat actors don’t have boundaries. They can attack an organization’s website, send a phishing email, break in through a guest WiFi, infiltrate the internal network, and more. Organizations need to protect all of their assets. But some assets are not as easy to protect as others. In addition, some assets are less valuable to the attacker than others. The better approach is to focus on the most critical assets and secure them properly, rather than covering a little bit of everything.
WHAT PROBLEM DOES YOUR BUSINESS SOLVE?
Zigrin Security solves the problem of verifying the security level of organization’s crucial assets and helping companies to focus on the most important security concerns. One of the approaches we use is to simmulate the adversaries and their malicious actions in a controlled environment without risk of harming the organization. This approach allows to conduct simiar attacks that attackers would perform, and to identify the most critical and likely to be exploited security vulnerabilities. All this happens before the attackers exploit those vulnerabilities.
WHAT IS THE INSPIRATION BEHIND YOUR BUSINESS?
Zigrin Security was inspired by the observing the limited amount of companies providing high quality cybersecurity assessments. There are many companies providing just basic scans, running automated tools that result in hundreds or thousands of false positives, or just conduct assesments without the understanding of the target. This leads to missing vulnerabilities in security assessments and leaves companies at risk. We implement several strategies that help us to understand the customer’s security landscape and offer the most relieble method to secure it.
Our main customers are technological companies offering SaaS products and military organizations having very sensitive high-risk environment.
WHAT IS YOUR MAGIC SAUCE?
We differentiate ourselves in several areas. Even before the customer purchases any of our services, we help them identify the best approaches to their situation and their security concerns. If we don’t think that our services are the best solution for the customer, we communicate that up front. Secondly, we have experience in working with organizations such as the NATO Cyber Security Centre or the Luxembourg Armed Forces, which are high-value targets for nation-state threat actors. These are the most sophisticated, most equiped, well-funded, and skilled adversaries among of all potential threats. These organizations must implement the most precise security controls in order to limit the potential for a successful attack. Working with these organizations enables us to meet the most demanding cybersecurity requirements.
We also conduct research that helps us to understand complex cybersecurity issues and improve our customers’ security even before the attackers have the tools to address them.
WHAT IS THE PLAN FOR THE NEXT 5 YEARS? WHAT DO YOU WANT TO ACHIEVE?
We plan to increase our research activities to help not only our customers, but also the community at large. The goal is to create solutions that continually help organizations build secure software with more accurate and successful approaches. Improving organizations’ Software Development Life Cycle (SDLC) by adding a very precise secure component is our priority. We also want to help our customers improve their security from more angles by implementing Attack Surface Management, Vulnerability Assessment, successful security training for technical and non-technical people, and more. We also want to give more to the community and help secure more open source software that is used by so many organizations around the world.
WHAT IS THE BIGGEST CHALLENGE YOU’VE FACED SO FAR?
It’s often a challenge to help organizations understand their situation from a security perspective. Cybersecurity is still a low-priority topic for many companies, and it’s often perceived as a problem.
We constantly educate organizations on various cybersecurity aspects and show how these could go along with business needs.
On the other hand, challenges are a normal factor of any high-quality research. It’s a balance between what is currently known by the community and what seems to be impossible. If we don’t run into issues it means we don’t challenge ourselves enough.
HOW DO PEOPLE GET INVOLVED/BUY INTO YOUR VISION?
I highly encourage everyone to go to our website www.zigrin.com and read the public results of some of our research. This can be beneficial to any organization that considers security an important subject.
We look forward to helping any organizations that care about the security and security of their users and products.
SaaS companies are more than welcome to engage with us and benefit from making sure that malicious users cannot abuse their products.
We are happy to help military organizations or other companies who need to protect against the most sophisticated threat actors.
Also if you work in a software house and you feel that the security of your end products could be improved don’t hesitate to reach out.
You can contact us via our website www.zigrin.com/contact or contact me directly on LinkedIn: https://www.linkedin.com/in/dawid-czarnecki/