I’ve spent a lot of my time as a penetration tester thinking about ways I can find better bugs, spend less time writing reports, and ultimatly be a better hacker to further my life long desire to better secure the web. I’m one of those people who will spend months —and sometimes years— mulling on something before I execute it.
Today I’m excited to share one of those things, GlitchSecure.
GlitchSecure was born out of my desire to expand my freelance pentesting practice and my “[GlitchWitch[(https://glitchwitch.io/)]” brand beyond just myself, build better automations around my workflows, and provide a better experience to my customer looking for security testing.
While it’s still early and the vision will likely grow as we do, I’m going all in on this dream. With this I leave behind the amazing team at Bishop Fox and jump into the hard world of bootstrapping a security startup.
The Platform
Initially as part of my goal I set out to replace my report writing and project management process. I’ve long kept a google doc template that I’d reuse for every pentest I’d perform, but I knew this wasn’t scalable.
As part of my research, I scoured the web for potential platforms that might fit my needs. Initially I catalogued and demoed 14 different open source and commerical “pentest management” tools such as Dradis, Plextrac, Reconmap, Hexway Hive, Cyver Core, and Reporter to name a few. Unfortunately none of these options fit the bill.
Having a background as a former web developer, I decided to embark on building something on my own. I knew that whatever I built to manage pentests would just be the start. At the end of the day, I’d need to incorporate features within the product that would make us stand out, such as pentest and remediation automation.
I spent a few weeks putting together an initial MVP before realising my skills had atrophied and I needed help…
The Team
Going into this I quickly realised I couldn’t do it all alone. To begin with, I reached out to two developers whose open source projects I had previously used and customised. The first developer never responded, but the second one ended up collaborating with me for three months to bring the MVP to life.
While the relationship was intended to be temporary, it reinforced the fact that I needed a team to make it work. With that I started pinging past, trusted contacts–some of whom are now a part of the GlitchSecure team.
Going forward I’ll continue to grow our talent pool with trusted hackers, developers, writers, and thinkers to help us really stand out in this space.
The Company
Going into this I knew I wanted GlitchSecure to be more then a boutique pentesting shop. My good friend Travis and I have spent a lot of time bashing “pentest puppy mills” who just slap a logo on a nessus report and call it a day.
GlitchSecure will be something else entirely. While the shape of the company will contiune to unfold over the coming months and years, at the end of the day I want us to build cool technology, push the enevelope for what security testing can be, and meld the gap between companies security needs and hackers resources.
Capitalism
Those that know me know that I’m fairly anti-capitalistic, so it’s ironic that I’m starting a company. With that in mind, I’ve made an internal pledge to the team to ensure full salary transparency, fair profit sharing, and genourous exit compensation if that were to ever happen. I will always put our team and customers first and think it’s only fair that the very people building up this company be equally rewarded for their labour.
What’s next?
As of the initial publication of this blog post, we’ve secured our first customer and fully incorporated. My friend and former coworker Travis will be joining to help with this in his capacity as an independent security consultant, and I’ll start working on fully fleshing out our product, services, offerings, sales process.
Keep an eye on this website and this blog over the coming months and years as things shift and grow.