Although penetration testing is BHIS’s flagship, their focus is on a more noble cause. The company is going all out to educate everyone in and outside the industry on information security through regular webcasts, open source projects, and development of assessment tools. For example, BHIS’s tools MailSniper, CredKing, and CredSniper—made available for free—allows organizations to assess the security vulnerabilities of their cloud and on-premise infrastructure. On top of that, BHIS has over 253 online training presentations with no restrictions to accessibility. “We want to give out as much security knowledge as possible not just for our customers but for the global community as a whole,” states Strand.
Interestingly, as an outcome of their strong outreach, often a client has accessed BHIS’s webcasts or training modules, many times for years, and has a clear understanding of the company’s value proposition before officially coming onboard for a penetration testing.
At the onset of every project, BHIS engages in a ‘pent test preparations call’ with clients to gather sound know-how of the challenge at hand and the outcomes desired. Following which, BHIS crafts a tailored solution with any necessary add-ons, rendering superior security practices. “It makes very little difference what technology you are using against an attacker, it’s how you implement and orchestrate that technology that matters even more and that’s what we bring to the table,” says Strand.
Our main goal is not to prove that we can hack into a company but to help the customer develop a series of on point solutions and technologies that will improve the overall security of the company. Testing should never be adversarial, but collaborative
Through it all, the company never loses sight of quality, which is their top priority. “We suck at capitalism,” says Strand on a humorous note. “In this sense, profit maximization is never our agenda and it’s all about client satisfaction. Testers at BHIS work at only one assessment at a time in order to offer undivided attention to a client’s needs.”
Nothing better describes BHIS’ value proposition other than the fact that a client readily agreed to testify for them at DerbyCon last year. Having worked with BHIS for years, this financial company in question has no appetite for risk as a single breach can put them out of business. With BHIS the client has implemented cutting-edge defenses and best-of-breed technology. Based on the situation, BHIS has also written custom malware and zero-day exploits to model how a nation state or an organized crime threat actor is likely to attack. Long story short, today the client has one of the best security defenses in the world.
Going forward, BHIS is placing their cards on threat hunting and has designed next-gen service line and tools. “So far we are helping organizations ensure there are no unknown adversaries lurking in their environment that traditional technology might have bypassed. Apart from this we keep our eyes open for the best talent that we can find and invite them to join us reinstating the ‘absolute quality’ that BHIS stands for,” ends Strand.