Continuous testing, continuous security
A talk with our Red Team lead, Gabriel Franco
Hi Gabriel! We’d like to know more about your background and journey at Faraday Security. How did you enter the cybersecurity world, and what do you enjoy the most about it?
-I sometimes define myself as a failed soccer player. When I was 17 and wanted soccer to be my future, I injured myself. Back then, Claudio Caracciolo was working at a consultancy agency. And on a visit to the hospital, he brought me a book: Programming in Visual Basic.
I was about to finish high school, specializing in Computer Science, so I had plenty of interest in the world of technology
I started at Root-Secure as a Junior Dev, where I took my first steps into cybersecurity and immediately realized that this was it, this was what I wanted in my life. My tasks included external pentesting, automating tools, and working for several local companies. After that, I landed at Claro as an application specialist, and finally at Faraday Security, where I’ve been leading the Consultancy team for the last 5 years.
- What is it like to be in charge of a security team? What services do you provide? How is your team composed?
We have a very diverse team with strengths in different areas of cybersecurity. We usually work with international companies, which allows us to gain expertise in technologies not easily found in Latin America.
Nowadays, we specialize in Red Teaming tasks (from external analysis to social engineering attacks). Our forte is the application security field, both mobile and web. Our senior team searches for projects oriented to source-code analysis, which is our specialty.
We understand Argentina is a seedbed for future security specialists, so we’ve focused for a while on finding new talents and helping them grow, not only in their technical skills but also at a professional level.
- Which are the new projects the team is facing right now?
For a year now, we’ve been working towards innovating traditional pentests in order to drive it to the dynamic requirements of today’s security ecosystem.
And for that, we merged the potential of our Consultancy team with our product’s skills to automate certain stages of a consultancy project and offer companies a service of continuous security. We think of Continuous Security services as a requirement that perhaps many companies don’t know about yet but should adopt it more sooner than later.
- Why would companies seek this service?
I see cybersecurity as a constant race, in which attackers and defenders are always trying to innovate and adapt to new situations. When systems change, attackers find new ways to break them. We see attackers becoming much more agile, intrusive and relentless while we build better and stronger defenses. Our goal is to be one step ahead.
Nowadays, the rise of cloud services and the digital transformation have made system development much more agile. Updates are frequent, and attack surfaces are much more dynamic.
Even though continuous monitoring is necessary, it’s usually time intensive. By integrating our expertise to Faraday’s platform, we were able to accelerate this process and to provide fast and efficient service of Continuous Security. We address security from the opponent’s perspective. Testing continuously looks pretty much like the activities we see from attackers.
Even for large companies, with in-house security teams, Faraday’s continuous scanning is a necessary complement to their work, as it helps them with the “heavy lifting” of continuous monitoring, allowing them to focus on other necessary tasks.
In-company security teams tend to focus on Blue Team activities, and tend to search for our help and expertise as a complement to that.
- What kind of companies look for continuous security?
It’s useful both for companies with a security team and companies with no team at all because we provide support for monitoring and detection, and also accompany the process even though the resolution and mitigation of the risks we discovered. It always helps in the detection of vulnerabilities and always adds to the team.
This adds to the versatility of Faraday Platform, which includes several integrations, as well as a diversity of tools and automations designed to be adaptable to customers’ needs.
Thank you so much Gabriel for your time! ☺️