Our videos have over 5 million views on Youtube! Visit our channel now »
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users, which may also affect the product's ranking on the website.

SySS Founder Sebastian Schreiber Interviews for vpnMentor

Founded by managing director Sebastian Schreiber, SySS GmbH has become a successful and rapidly growing IT security company, serving as a professional security partner for businesses of all sizes. In this interview, Schreiber stresses the importance of penetration testing and shares insights from his work.

I founded SySS in 1998, so at the moment we are 20 years old. We specialize in penetration testing, meaning, we simulate cyber-attacks against our clients' IT systems, active directories, windows clients, IP ranges and web applications. We also provide pen-testing for cars, industrial systems, IoT devices, and even coffee machines.

We use our own hacker tools to test systems, and then we write reports, which our clients can use to fix their problems and get a secure IT system.

At the moment we've got 107 employees in Germany and Austria, but we do checks all over the world, and particularly for clients in the US and China. We also do talks on big IT security conferences. This year we are going to give a talk about hacking biometrics at the "positive hack days" event in Moscow, which is taking place on the 15th and 16th of May, 2018.

What are the most important factors an organization must look at when compiling a cyber security strategy?

It's not easy at all to get cyber security running, as it is the most complex challenge of IT professionals today. You have to handle bad software, bad protocols that are being used, bad coding habits and errors that go years back. There are also big challenges such as digitizing old processes and constantly optimizing your performance. In our view it's most important to check where the vulnerabilities are, because it makes you able to focus on the important points, and identify the weak spots so you can fix them.

We work with IT security officers, who order our simulated cyber-attacks to test their systems. In some cases, it would not be the IT team who calls us but rather, an e-commerce who want to make their payment systems bulletproof, or other professionals within organizations that need this service to improve their defenses.

Cloud-based applications have introduced many new threats to both organizations and individuals. What are your views?

Cloud-Based means that you give information to others, but the question is who owns the system and who pays for its maintenance. We do our pro checks against on-premise and cloud systems alike. There's absolutely no difference if the data is hosted on your own server or on Amazon's. The vulnerabilities can live in the cloud or on-premise. The security issue with the cloud is that you give permission to 3rd parties, however, its more than likely that Amazon's engineers will do a better job maintaining and protecting their cloud environment than you would on your own private server.

In terms of typical web application problems like cross-site scripting, OS command injections and other hacking techniques, there's no difference if you're hosted on-premise or in the cloud.

We don’t approach the human problems but we like to do live hacking presentations to show people the real risks. Live hacking is a measure we use to awaken the employees to become more aware of the risks of malpractices, but our service is not to handle the human approach. In my view there's no use in saying to employees: "don’t click on word attachments", or likewise; most employees will do it anyway because they need to do their job. Hardening the employees wouldn’t solve the problem.

We do pen testing workshops and specialized workshops about web application hacking and IoT hacking. We offer trainings, but that's only a small part of our business. We do that mainly because we want to share our knowledge with our customers.

What new trends can we expect to see in the cyber world in the near future?

I think cyber is becoming more and more important but that's not new. I have been running the company for 20 years now and I expect market growth to continue at the same rate as it has been in the last 20 years, so no strategic change on that front. IT systems may have become better today than they were previously, but nevertheless, the demand for cyber security solutions continues to grow. As for the long term future, only time will tell.

 

 

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
Voted by Users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.