Today we would like to share with you an interview with Roman Romanov, CEO of PentestIT - great company, which provides their services to the largest firms in the world, is launching new lab soon, and doesn’t seem to slow down. How he succeeded with his start-up, when there is a lot of companies seeing potential in pentesting and cybersecurity themes? Find out below!
[PenTest Magazine]: Can you tell our readers a little about your company? What do you do?
[Roman Romanov]: My name is Roman Romanov (on the left side of the photo), i’m CEO of PENTESTIT. Our company provides a wide range of information security services, such as the development of penetration testing laboratories, security analysis of systems and applications; investigation and prevention of cybercrime etc. The company's office is located in Moscow.
Demonstrating a high level of expertise, our specialists make the search for vulnerabilities in the most secure online resources, make presentations at international forums, develop unique penetration test laboratories, in which experts from around the world take part.
Actively developing international relations, we provide our services to the largest companies from Russia, USA, UK, Czech Republic, Ukraine, Moldova, Azerbaijan, Kazakhstan, Canada. Now, PENTESTIT is a big team of professionals ready to solve the most complex tasks in information security.
[PT: How do you see the cyber security climate in Russia? What direction is it taking?
[RR]: In Russia, as well as throughout the world, information security has become one of the most popular themes: computers, home appliances, cars, etc. - everything can be subject to hacker attacks.
[PT]: What about education? Is IT popular among young people in Russia?
[RR]: Of course, IT and IS are very popular in Russia, as well as all over the world. Today, "Information Security" is a trend.
[PT]: Is there is any story behind your company? Or a philosophy?
[RR]: Our company specializes in providing services in the field of practical information security services: security analysis and penetration testing, professional cybersecurity training, investigation of cybercrime and so on.
Along with the commercial services, we try to pay special attention to promotion of information security. For this purpose, we support our resource - defcon.ru and develop free penetration testing lab “Test lab”, built on the basis of actual companies networks for legal check and consolidation of hacking skills.
[PT]: Can you tell us more about defcon.ru? How does it work? Can people join?
[RR]: DefсonRU (defcon.ru) is a special platform where participants are publishing interesting articles, notes, research on practical information security themes: techniques and penetration testing tools, best practices for information security, etc. All articles and notes are originals, that’s why defcon.ru is very popular: every day the site have about 1,000 unique visitors.
All the article authors are experts in the field of information security and have a mail on the @defcon.ru domain. Anyone can join the community, but the main condition is the published content should be original and helpful, and not copied from another site.
[PT]: Do you think the level of awareness between companies and their employees is low, in general? Do people think about cyber threats? What about IT Industry?
[RR]: Currently, a lot of information is available on the Internet, but there is a big problem - it is necessary to collect this information first. This requires a systematic approach, which is not for beginners (and not only beginners). You need constant practice, and given the rapid emergence of new methods and tools for penetration testing and information security - it is very difficult to maintain a high level of qualification. It takes a lot of time, and most of the specialists do not have time. I think that's the problem.
[PT]: Can you see a solution?
[RR]: We just need to start.
[PT]: Tell our Readers, how does your Laboratory look like and how does it work?
[RR]: Penetration testing laboratory "Test lab" emulates IT infrastructure of real companies and creates an environment for legal pentesting practice. Laboratories are always unique and contain the most recent and known vulnerabilities.
While developing "Test lab" labs we try to cover almost all IT areas: network security, security of OSs, and security of applications. Participants are offered to exploit the variety of vulnerabilities in network components and cryptographic mechanisms, in configurations and code, and also using a human factor.
"Test lab" presents itself as a computer network of virtual companies containing widespread misconfigurations and vulnerabilities. Users, playing a pentester role, are trying to exploit them, and in case of success gain access to particular lab nodes which contain a token. The winner is the one who collects all tokens. Penetration testing in labs are based on a "gray box" methodology: participants have network infrastructure information in form of schematics and a text description. Participants can use different methods of penetrating - exploiting network services, web, social engineering, buffer overflow and etc.
[PT]: Who is the main target/recipient of your platform and why?
[RR]: We are developing a laboratory for IT- and IS- professionals who want to practice, evaluate and strengthen their penetration testing skills. Firstly, the ability to search for an exploitation of vulnerabilities allows participants to properly approach the issues of information security, and secondly - to practice ethical hacking skills legally, without violating the law.
[PT]: If I understood well, your company is a start-up. Is it a challenge to build a company like that in the cybersecurity field?
[RR]: Yes, we are the new company, and our laboratories are the tool of the public relations. We have not shouted loud slogans and demonstrated our abilities in the practice, such a developing our labs.
[PT]: What are your plans now? How do you plan to grow your company?
[RR]: At the moment, we have ambitious plans, we will continue to develop our laboratory, which has involved more than 4,000 participants from around the world. We like to develop the free laboratory, and we do not think about the business.
[PT]: What challenges do you see your company facing in the nearest future?
[RR]: We are proud to announce the launch of new lab - "Test lab v8", which will open on November 13, 2015. The lab will be a bank with all the inherent infrastructure.
[PT]: There have been many cyber attacks recently, many scandals around them. What do you think about it? Why do they happen? Which attack would you say is going to be gaining popularity now?
[RR]: It should be divided into 2 types of attacks: professional and not professional. Speaking of professional attacks, they were and still remain popular. But malicious attacks by beginners are really gaining popularity. This is due to the greater availability of information and tools capable to carry out such attacks, as well as the availability of resources to attack (dedicated servers, online channels with high bandwidth, etc.).
[PT]: Do you have any thoughts or experiences you would like to share with our audience? Any good advice?
[RR]: Difficult question. I wish all of professional growth in the field of information security, but at the same time, remember not to violate the law and do not harm the others. I invite everyone to try their hacking skills in the current pentest laboratory “Test lab” - https://lab.pentestit.ru/pentestlabs/current.