Experienced Testers on Short Notice
The Cobalt team started with a straightforward challenge – improving the timeliness of security testing without sacrificing quality. To do this, the team connects customers with its global community of testers based on skillset, experience, and availability. The results are engagements kicking off in as little as 24 hours with well-vetted testers. Cobalt’s approach has been incredibly well-received. “We have hundreds of pen testers in our community and the numbers of yearly tests we conduct are doubling year over year,” said Caroline Wong, Chief Strategy Officer at Cobalt.
Cobalt has numerous applicants seeking to join the community and must sift through these requests to identify experienced candidates. According to Wong, “Cobalt receives a huge number of inbound pen tester applications each month, and I’d estimate we only accept about 3 to 4% of the inbound applicant number. It’s a rigorous trust-building process.”
Cobalt needed a way to scale its recruitment process quickly with a real-world automated assessment that it could trust.
huge number of
inbound pen tester
applications each month,
and I’d estimate
we only accept
about 3 to 4%
of the inbound
It’s a rigorous
Security Innovation designed CMD+CTRL Cyber Ranges to help organizations better assess and grow security competency. To maintain its “high bar” for quality, Cobalt requires real-world environments to quickly assess the testing capabilities and communication skills of applicants. These assessments must keep pace in three key areas:
- Volume – as applications continue to grow, more processing effort is required
- Screening – early-stage processing of applicants is critical and becomes increasingly challenging
- Quality – accurately determining the practical skills of screened applicants is critical
In particular, the number of applicants drove the need for assessments to be performed on-demand, spanning multiple global regions, and specific skill sets.
In order to adopt the right assessment offering, Cobalt evaluated a variety of technologies from traditional multiple-choice quizzes to newer educational offerings like “Find the Fix” products. After much investigation the choice was clear – CMD+CTRL Cyber Ranges provided the right technology, delivery model, and technical capabilities to address Cobalt’s needs. The on-demand availability, progressively difficult ranges, varied technology stacks, real-time reporting capabilities, and the industry’s most accurate approach to assessing skills provided a perfect fit for Cobalt. Ultimately the Cobalt team required a turnkey, automated solution that could clearly identify skilled applicants and only Security Innovation was able to provide it.
Rapid Growth and Real Results
In the first year, the number of applicant tests performed doubled and is on track to double again in 2020. The use of CMD+CTRL Cyber Ranges resulted in several immediately notable benefits:
Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing penetration testing. With a globally distributed team and offices in San Francisco, Boston, and Berlin, Cobalt is transforming pentesting by providing streamlined processes, developer integrations, and on-demand pen-testers who have undergone rigorous vetting. With Cobalt, customers can build their pentest program in as little as five minutes and start a pentest in 24 hours.
The Cobalt vision for the future is clear to CEO Jacob Hansen: “The pentesting industry doesn’t need another cool tool, it needs people and process innovation. That is why we created a way to engage the best cybersecurity talent, via our pentest management platform, allowing customers to move from static pentest to platform-driven pentest programs. Cobalt ultimately drives better security and improves return on investment for each customer.”
About Security Innovation
Security Innovation is a pioneer in software security and a trusted advisor to its clients. Since 2002, organizations have relied on our assessment and training solutions to make the use of software safer wherever it runs – whether in Web or Mobile applications, IoT devices, or the cloud. Recognized as a 4X Gartner Magic Quadrant Leader for Security Training, the company offers the industry’s largest eLearning library focused on securing software and its ecosystem. Security Innovation is privately held and headquartered in Wilmington, MA USA.