How to provide cybersecurity solutions and services on a large scale
One-on-one with our COO Martin Tartarelli
“We are launching our Professional and Corporate subscription in a new version, with many improvements and new functionalities. In this version, we look forward to helping teams that need to centralize a large amount of data, automating and integrating several tools into their security pipeline. We improved the whole navigation and created an automation concept through agents and pipelines that allow users to perform tests continuously, reducing repetitive tasks.”
Hi Martin! We would love to hear about your personal and professional experience in the InfoSec world.
My name is Martin, and I’ve been Faraday’s COO for many years now. At Faraday, we work every day to develop global operations, looking forward to bringing cybersecurity solutions and services on a large scale.
I’ve been working in information security for more than 20 years. I have vast experience as a consultant, mainly involved in developing safe applications and networks.
During my career, I’ve worked for many multinational companies -located in Argentina and Europe- and for different industries such as Retail, Finance, Energy, Tech, and Services, among others.
Also, I was OWASP’s leader in Argentina for more than ten years, where I was invited to make presentations and training for different organizations such as IEEE, UTN, FIUBA, Eko Party, UdeMM, and more.
During these last years, Faraday has consolidated as a global company that provides cybersecurity solutions and services. That was something unthinkable for us at that moment. We were four people hacking systems from Argentina to the rest of the world, taking advantage of all the available talent that existed in the Latam InfoSec community.
In the last five years, our team went from 10 people to 60, located in different parts of the country (and the world), providing services to more than 200 well-renowned clients. We went from being a small consultancy company (Infobyte) to becoming Faraday, a technology company that provides cybersecurity solutions.
How did you start in cybersecurity, and what do you like the most about working in this field?
In 1983 the movie War Games was premiered. David Lightman, a computer-talented young man, managed to infiltrate informatic systems and alter his school qualifications, buy plane tickets and make phone calls at no cost. He even entered a game developed by the National Security Agency that simulated thermonuclear wars. As nobody talked much about computers back then, many people assumed all those possibilities were science fiction. However, for many others -including myself-a new huge universe was revealed, in which we wouldn’t see these devices the same way.
I’ve always been close to technology, trying to comprehend it and dominate it. Cybersecurity and hacking were something I was passionate about. During the 90s, cybersecurity was very focused on networks called perimeters. I started to specialize in these types of attacks, in which you try to bypass a Firewall, IPS, WAF or carry out attacks such as VLAN hopping, ARP spoofing, and others. Then the World Wide Web came along, and I started to learn much more about this in order to improve application security. And that is what I enjoy the most about working in InfoSec: constantly getting yourself out of your comfort zone, always learning, the challenge of improving technology from another place, scalability, innovation, etc. You’ll never get bored in InfoSec!
Through the years, it was proven that reality surpassed fiction, and infiltrations into educational systems, airlines, telecommunications, and all kinds of organizations became more and more frequent, evidencing the necessity of becoming part of every organization’s agenda at a worldwide level.
How has the Faraday brand evolved, and what services does it offer today?
Faraday was born as a security tool for collaboration between pentesters in the same project. It was a side-project within Infobyte in which we wanted to stop using spreadsheets to document our observations when auditing and reporting. We aimed to turn it into a tool that would help us collect all the information obtained in a pentest and generate reports easily. We really didn’t like to do reports, so we looked for a way to avoid that as much as possible.
After some years, this tool -that was internal- got a new interface and new functionalities, and we started to share it, to then become an open-source product with more than 2.000 users using our platform on a daily basis.
Nowadays, Faraday is a Vulnerability Management platform that allows to centralize, track and manage thousands of vulnerabilities from a single place, helping security teams to work in a much more efficient way.
What are the new features for this year and the most important changes?
We changed Faraday during this last year, from migrating our technological stack, moving everything to Python 3, re-factoring more than 30% of our code, and many other things. But the most challenging part was redesigning our interface and taking the platform to the Cloud with a SaaS model. It was a real challenge that only talented teams like ours can achieve. I’m very happy about how we work every day to make a product that provides value.
A few months ago, we launched Faraday Personal, a 100% cloud and free version! It includes a brand-new interface, a new technological stack, and functionalities that allow a greater user experience.
Also, we are launching our Professional and Corporate versions, with many improvements and new functionalities. In these versions, we look forward to helping teams that need to centralize a large amount of data, automating and integrating several tools into their security pipeline. We improved the whole navigation and created an automation concept through agents and pipelines that allow users to perform tests continuously, reducing repetitive tasks.
We are happy with these new versions. We believe they involve a huge change that will bring good results to our clients.
Why Cloud and why right now?
Cloud has been consolidated worldwide for a while now, and we wanted to be a part of that. The SaaS model is a must in almost every company; our clients have to deal with hybrid and scalable systems. Perimeter doesn’t exist anymore as in the 90s, and the pandemic accelerated the transition to the Cloud even more. Cloud is already in companies, and we should apply these changes quickly.
Tell us a little about the Professional and Corporate subscription in the new version: How was the development process, and how did you design these product? How does it improve users’ experience?
Our new version brings a lot of changes. It’s what we call a “Major Release” in the tech industry. We’ve been working on this version for over a year now with all of our team. It has been very challenging because we would add a new feature to the project every day. We started the v4 project with a technical debt; I mean improving our technological stack, updating some libraries, and disengaging some dependencies to provide agility to software construction. But as we went along with the migration, we realized that some things were not right, and we didn’t want to migrate them. We needed to change that, so we started modifying the scope and applying improvements to our features, some very relevant. We had many debates on how to do it during this process. It really was a huge challenge, and we’re so proud of the results. Everybody worked in a very professional way. Along the way, we decided to build a UX team to professionalize our product and aim for an even better version. This led us to change our interface completely, modify navigation and feature names, and join some functionalities and remove others. We had to rethink everything!
We always thought of our product as if we were users. We listen to our clients, we trust our experience, and work with the infoSec community. Talent diversity is what allows us to develop a product that provides value. That’s what we, as a team, look for every day.
In this new version, you can appreciate the work behind Manage, redesigning the whole filter scheme, tables, tags, groups, etc. We added a right-click to speed-up vulnerability triage and changed how reports are generated with new templates and previews.
Automation has been our focus in this version, too, since we improved what we had and created new functionalities that allow users to get rid of repetitive tasks. We are looking forward to solving a big part of security engineers’ work, so they can be focused on remediation and not on identification, classification and prioritization. We want to simplify this process by adding tools such as discovery, scan, triage, duplicate detection, prioritization, ticketing, and much more.
We look forward to providing an assistant and decision-making tool to cybersecurity teams in order for them to be more efficient.
Some final ideas about the tool and the company’s future
Security is complex, and we want to change that. We work hard to help companies escalate without losing control and improve their cybersecurity maturity levels.
Thank you Martin for sharing these ideas with us!
Are you interested in our products? Learn more🌟