Posted on 2023-03-21 by Matt Strahan in Volkis News
Earlier this year Alexei and I were staring at the screen, looking at a report that was less than flattering for the company. The reading of the report was simple: we were doing less billable work than we expected.
Unpacking the what and why of this problem drove us to change our processes and hire our first dedicated project coordinator.
Posted on 2023-02-23 by Matt Strahan in Volkis News
When we started Volkis, Alexei and I had a big ranty discussion on how reports should be done. The next day I hacked together a PoC. We looked at it and went “damn, we already like this better than what’s already out there!”
Fast forward three years and Volkis is now more than just Alexei and I. That PoC ended up as Report Ranger and we’re still using it internally. Each time I ask “is Report Ranger still working for us” the answer seems to be “yes”. I follow that up with “are you sure?”, worried that they might just be trying to be nice and not hurt the feelings of the Managing Director and they still say “actually yes, I really like it!”
Part of the advantage of using our own internal tool for reporting has been the flexibility. Much of the functionality that Report Ranger has now was put in for a specific use case. We need a report that has charts, so let’s just put charts into Report Ranger. Wouldn’t it be good to have it read a spreadsheet and automatically generate our compliance report? Report Ranger can now do just that. Recently we had a report that needed two sections with separate groups of vulnerabilities and so now that change has been put together. All these breaking changes were fine - we just posted a message on our company Slack channel to give everyone a heads up and that was that.
There’s a big issue that has now cropped up though. Report Ranger is an open source project is now being used outside of Volkis. Ah well, there goes our fun. We have to start doing stuff properly!
Posted on 2022-06-22 by Alexei Doudkine in Volkis News
Well, it finally happened! We received the first submission to our Vulnerability Disclosure Program with actual possible impact. And, although it didn’t actually affect us or our clients in any way, it could have. So we awarded it a P3! But how could this happen? We’re security experts ourselves, so shouldn’t we have picked up on it? Well, as we always tell our clients, “security is hard” and no one is perfect.
In the interest of transparency (one of our core values), let’s dig deeper to see how this tale unfolded so that others may learn.
Posted on 2022-04-13 by Matt Strahan in Volkis News
When building a cyber security company there’s a question we have to keep front of mind at all times. What value do we bring as a company? It’s one thing to just say “yes of course we provide value as a company” but for me I’ve tried to make an actual list. I’ve put up the results of this up in a new handbook page.
This exercise is more than just a bit of a boost for our egos. Rather, it’s a genuine component of the consulting model - of the business model that Volkis fits into. Whenever we have an engagement, there are three parties that come into play. They are the client, the consultancy, and the consultants themselves. The value of the consultants’ time is obvious: they perform the work. They find the security vulnerabilities in the systems that are being tested or find the ways the system might not be up to spec.
Why would the client not just contract someone out directly or employ their own pentester? If we don’t provide actual value then what’s the point? Thinking about this question directly has helped me solidify in my mind what we need to do well as a company and helped build our business model.
Posted on 2022-02-04 by Matt Strahan in Volkis News
A few weeks ago we had an internal strategy session with everyone at Volkis. In this session we only discussed four questions:
While usually when companies do this they would keep it close, especially the “what can we improve” section. Transparency, though, ended up being something that everyone liked and wanted us to keep doing. In this spirit, everything we talked about in that session has been uploaded to our handbook as The State of Volkis.
Posted on 2021-02-09 by Matt Strahan in Volkis News
Today marks the 1 year anniversary of our official launch!
We’re thrilled with what we’ve been able to achieve over the past year. It’s extremely humbling to receive so much support from friends, family and colleagues; we couldn’t have done it without you. Thank you! 🍻
Posted on 2021-01-05 by Alexei Doudkine in Volkis News
Last year was definitely… something. I’m glad its over and although we’re not out of the woods yet, I am hopeful that 2021 will bring a much needed peace for us all. That being said, Volkis is now in its 2nd year of operation! Our first year was an amazing ride and such a humbling learning experience; equal parts excitement and terror!
In this post I wanted to look back on some of the achievements from last year that I’m proud of and give a few teasers about what is to come.
Posted on 2020-04-07 by Volkis in Volkis News
A couple of weeks ago we put up the Volkis Handbook. It is aimed at our customers, friends, employees, infosec colleagues and really anyone interested in the inner workings of Volkis.
More than this, it aims to form the core of Volkis and a key part of our philosophy as an organisation. We would like to be transparent, open, and honest. By showing what we do and the way we work, we hope that everyone will get to know us better and perhaps just learn a thing or two that they could do better as well.
Posted on 2020-03-24 by Volkis in Volkis News
Since the start we’ve had a remote-first philosophy and even with these troubled times we’re up and running providing penetration testing, security consulting, and strategy work. There are obviously a few things we can’t do for now such as internal penetration testing, physical intrusion, and onsite debriefs, but most of our services including external and web app penetration testing, red team, security strategy, and compliance are still running.
Given internal penetration testing is out we do have gaps in our schedule now, so if you have urgent penetration testing work please let us know.
In this post we thought we might give some updates on what we’ve been up to and some of our future plans.
Posted on 2020-02-06 by Volkis in Volkis News
$ chmod +x volkis
$ ./volkis -D
[+] Initialising Volkis...
. .
/| |\
/ | | \
|\ | | /|
| \| |/ |
| \ / |
\ \ / /
\ | /
\ | /
'
V O L K I S
[+] Launched Volkis!
[+] Randomly generating corporate launch message...
We are proud to be formally launching our dedicated information security consulting company, Volkis. Our new security consultancy will provide penetration testing, security assessment, red team, GRC, and training services at its core.
At Volkis we want to do better, finding more, helping our clients get better outcomes with a modular ecosystem of services. We will be providing services beyond what a penetration test normally includes, such as playing an active role in remediation, helping you with your compliance, testing your detection and response capability, and providing detailed security reviews for your business-critical services. From this you’ll be able to get a more fruitful result out of the original test and expand your field of vision.