PRESS RELEASE | July 24, 2024

IOActive Partners with Edgescan, Providing Synchronized and Continuous Vulnerability Scanning and Penetration Testing to Customers

Research security firm expands offerings to secure modern applications against today’s evolving adversaries

July 24, 2024 – SEATTLE, WA – IOActive, Inc., the worldwide leader in research-fueled security services, today announced a partnership with Edgescan to provide its clients with access to more advanced vulnerability scanning and penetration testing to achieve higher security standards required to counteract today’s sophisticated threats.

Organizations are facing increasingly diverse and agile adversaries, an ever-expanding surface area vulnerable to attacks and stricter regulatory and cyber-insurance requirements. Today’s applications, from the core technologies, to the development process, to business usage, look and operate considerably differently than ever before, requiring organizations to evolve their security practices. As a result, enterprises are turning to security testing methodologies that fuse continuous vulnerability scanning and cyclical penetration testing to build safer, more secure products.

“As our clients’ internet accessible attack surfaces increase, they’re seeking new ways to efficiently elevate and confirm their security posture investments. Both automated vulnerability scanning and consultant-led security assessment have, for decades, been cornerstones to modern security strategies yet typically operate independently,” said Gunter Ollmann, Chief Technology Officer, IOActive. “Through partnership with Edgescan, IOActive is able to further assist businesses in their security transformation journey to modern continuous vulnerability visibility and security compliance practices and consistently maintaining that level throughout the year.”

Edgescan offers an award-winning software as a service (SaaS) cybersecurity platform that allows companies to view and map assets across their entire global attack surface, providing actionable and verified vulnerability data free of false positives. The partnership enhances IOActive’s ability to continuously designate an application’s risk exposure by ensuring all layers and complexities of an application are thoroughly tested.

“Edgescan’s partnership with IOActive, a company of remarkable pedigree, brings me great satisfaction,” said Eoin Keary, CEO and Founder, Edgescan. “IOActive truly understands the challenges we aim to address, including scale, accuracy, and continuity for both large enterprises and SMBs. Their depth of skill and research-driven approach, combined with our comprehensive exposure management and continuous testing solution, promises significant impact for our clients. I am certain and excited about this collaboration.”

To learn more about the significance of today’s partnership and how it is revolutionizing how organizations approach digital defense, watch Edgescan and IOActive’s exclusive webinar here.

About IOActive

IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle, WA with global operations.

About Edgescan

Edgescan is a leader in the Continuous Threat and Exposure Management (CTEM) space delivering to Fortune 200 clients, SMB’s and enterprises globally. Edgescan delivers a unified platform which combines Web Application security/DAST, API Testing, Network/Cloud Assessment, Attack Surface Management and Penetration Testing as a Service combined with AI and human validation to ensure accuracy and scale. www.edgescan.com @edgescan Edgescan is based in Dublin Ireland with offices in the UK and USA.

###

PRESS RELEASE | May 21, 2024

IOActive Expands Global Operations with New East Coast Headquarters in Atlanta, Georgia

New Office will Support Growth and Innovation to Better Serve Clients Across the Globe

May 21, 2024 – SEATTLE, WA – IOActive, Inc., the worldwide leader in research-fueled security services, today announced the company’s expansion to Atlanta, Georgia, with new offices that will serve as its second headquarters (HQ2) for global operations. This extension will enable IOActive to better serve clients across the globe in various sectors, including corporate, commercial and government, and expand regional access.

By adding a new HQ2 in Atlanta, IOActive will be able to improve time zone availability, leading to increased accessibility for customers, partners and employees and enhanced service delivery. In addition, it presents the opportunity to expand service offerings and tailored solutions to meet the unique demands of today’s market. This expansion is designed to position IOActive for long-term success by providing a platform for growth and innovation, as well as enhanced customer value.

“As an Atlanta native, I personally look forward to investing in the state of Georgia as it offers significant business logistics and talent opportunities,” said Matt Rahman, Chief Operating Officer, IOActive. “This strategic opening marks a significant milestone for IOActive as the next stage of global scale and growth. By extending our operations to Atlanta we are able to further serve our teams, clients and partners, and we look forward to collaborating with local organizations to provide easier access to our unique and critical security services.”

Proving its commitment to meeting the needs of clients, IOActive now has an office presence on both coasts of the United States, the United Kingdom and the Middle East. In addition, IOActive has research labs across the globe, with state-of-the-art embedded device and silicon hacking labs in Seattle, Cheltenham and Madrid. The latest office opening provides:

Strengthened Presence in the United States, signifying the company’s commitment to growth and expansion and demonstrating confidence in its capabilities and prospects, in addition to increased accessibility for customers
Operational Enhancements to further improve logistics, access to talent pools and increased market reach
Enhanced Collaboration with local entities, including universities, special public and private sector clients, encouraging new research innovations

As an award-winning international security service provider, fueled by industry-leading research, this expansion comes on the heels of IOActive being named winner of the Trailblazing Cybersecurity Research and Trailblazing Cybersecurity Service Provider categories by the Cyber Defense Magazine’s Global InfoSec Awards program. In addition, the company was named Pentest Team of the Year, Cybersecurity Service Provider of the Year and Cybersecurity Team of the Year by the 2024 Cybersecurity Excellence Awards program.

Recent research from the company includes disclosing vulnerabilities impacting silicon level hardware, cryptocurrency ATMs, vehicles, drones, networking equipment and generative AI models. To learn more about IOActive, its research and the services it offers visit: https://ioactive.com/

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle, WA with global operations.

###

Media Contact:
press@IOActive.com

PRESS RELEASE | May 9, 2024

IOActive Secures Triple Win At 2024 Cybersecurity Excellence Awards

Security Services Provider distinguishes itself in multiple categories including Pentest Team of the Year, Cybersecurity Service Provider of the Year and Cybersecurity Team of the Year

May 9, 2024 – SEATTLE, WA – IOActive, Inc., the worldwide leader in research-fueled security services, announced its selection as a multiple award winner at the 2024 Cybersecurity Excellence Awards. The annual awards celebrate cybersecurity providers whose innovative products, solutions and services are raising the standard for excellence across all aspects of security and technology.

IOActive was honored for its ability to maximize security investments and enhance clients’ overall security posture and business resilience. Unlike many organizations that default to defensive strategies, IOActive goes beyond standard penetration testing, providing clients with red and purple team services that exceed typical assessments. The company prioritizes a comprehensive understanding of cyber adversaries through custom adversary emulation and ethical real-world attack simulations to develop robust, secure frameworks.

“We’re delighted to win multiple categories at the 2024 Cybersecurity Excellence Awards,” said Jennifer Steffens, CEO at IOActive. “These awards emphasize our nearly 30 years of leadership providing unique ‘attacker’s perspective’ methodologies that drive our research-fueled approach to security services trusted by Fortune 1000 companies worldwide.”

The Cybersecurity Excellence Awards honor companies that demonstrate excellence, innovation and leadership in information security. Winners are selected by an independent panel of judges who evaluate the nominees based on their products, services and contributions to the cybersecurity industry.

“We congratulate IOActive on being recognized as a winner in the Pentest Team of the Year, Cybersecurity Service Provider of the Year and Cybersecurity Team of the Year categories of the 2024 Cybersecurity Excellence Awards,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the 600,000-member Information Security Community on LinkedIn, which organizes the 9th annual Cybersecurity Excellence Awards. “IOActive’s expertise in physical and cyber penetration testing, social engineering, and continuous penetration testing services are leading organizations in building resilient networks capable of withstanding evolving cyber threats.”

For more information, please visit www.ioactive.com or join us on LinkedIn and X.

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle, WA with global operations.

###

Media Contact:

Press@IOActive.com

PRESS RELEASE |

IOActive Recognized for Trailblazing Cybersecurity Practices at 2024 Global InfoSec Awards

May 9, 2024 – SEATTLE, WA – IOActive, Inc ., the worldwide leader in research-fueled security services, was named as a winner of the Trailblazing Cybersecurity Research and Trailblazing Cybersecurity Provider categories by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine.

“This selection from Cyber Defense Magazine as one of the industry’s most influential cybersecurity research firms is a testament to the hard work and expertise of our team,” said Jennifer Sunshine Steffens, CEO at IOActive. “We believe in approaching cybersecurity from an attackers’ perspective, and this philosophy underpins everything we do – from our groundbreaking research across industries to our comprehensive security services tailored to meet the evolving needs of our clients. As we continue to innovate and push the boundaries of cybersecurity, we remain steadfast in our mission to make the world a safer place for all.”

This award highlights ongoing momentum for the company as Steffens was recently recognized as one of The Top 50 Women Leaders of Washington for 2024, in addition to IOActive winning three award categories at the 2024 Cybersecurity Excellence Awards .

IOActive is proud to be recognized as part of a coveted group of industry leaders. The full list of this year’s award recipients can be found here: http://www.cyberdefenseawards.com/

About IOActive

About Cyber Defense Magazine

Cyber Defense Magazine is the premier source of cyber security news and information for InfoSec professions in business and government. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products, and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

###

Media Contact:
press@IOActive.com

PRESS RELEASE | October 17, 2023

IOActive Becomes a Founding Provider for New Framework from Open Compute Project Foundation to Improve Data Center and Cloud Security Posture

Newly launched Security Appraisal Framework and Enablement program elevates security standards for data center providers and device manufacturers

October 17, 2023, SEATTLE, WA – IOActive, Inc., the worldwide leader in research-fueled security services, today announced its support of and participation in the newly launched Open Compute Project Foundation (OCP) Security Appraisal Framework and Enablement (S.A.F.E.) program. This framework is designed to improve the trustworthiness of devices across all data center IT infrastructure and reduce overhead cost and redundancy of device security audits.

A community-led security program, OCP S.A.F.E. was created to bring a consistency of methodology and elevated security standards to both data center providers and device manufacturers. With S.A.F.E., device manufacturers and purchasers will receive independent verification of security integrity of current and future devices, to build trust with a cost-effective approach.

S.A.F.E. is made up of a standardized device specific audit checklist, developed and open sourced by the OCP community, along with criteria for selecting third party device security review auditors, who if qualified, become designated OCP Security Review Providers (SRP). As an OCP recognized SRP, IOActive is one of the founding vendors qualified to conduct device security reviews based on the S.A.F.E. checklist.

IOActive has been involved with guiding and developing the S.A.F.E. framework from the start, and as the world’s top independent security consultancy and leader in hardware hacking, the company’s experience, and selection as an OCP SRP, enables device manufacturers to quickly and efficiently meet current and future standards – now required by the OCP community.

A consistent and mature appraisal framework will ensure that device security improves across the industry. New and specialized vendors that struggle to fund and elevate the security of their devices to meet the demands of the world’s largest cloud providers will now have one clear security standard to strive for and have clarity over which agencies to engage in validating or improving the security of their product.

“Supply chain threats are the number one threat to enterprise and cloud security,” said Gunter Ollman, CTO at IOActive. “Securing the next generation of cloud technologies against these threats, along with any other current and future attack vectors, is historically costly and fragmented. The development of S.A.F.E.., with the support of IOActive and other Security Review Providers, will make a significant impact, up-lifting product and device security across the industry.”

To learn more about S.A.F.E. and how the framework will advance the security posture of device hardware and firmware components across the supply chain, visit opencompute.org.

About the Open Compute Project Foundation

At the core of the open compute project (OCP) is its community of hyperscale data center operators, joined by telecom and colocation providers and enterprise IT users, working with vendors to develop open innovations that when embedded in products are deployed from the cloud to the edge. The OCP Foundation is responsible for fostering and serving the OCP community to meet the market and shape the future, taking hyperscale led innovations to everyone. Meeting the market is accomplished through open designs and best practices, and with data center facility and IT equipment embedding OCP community developed innovations for efficiency, at-scale operations, and sustainability. Shaping the future includes investing in strategic initiatives that prepare the IT ecosystem for major changes, such as Al & ML, optics, advanced cooling techniques, and composable silicon. Learn more at opencompute.org.

PRESS RELEASE | October 12, 2023

IOActive Names Gunter Ollmann as Chief Technology Officer

Experienced cybersecurity executive joins IOActive as they deliver next generation innovative security research and services

October 12, 2023, SEATTLE, WA– IOActive, Inc., the worldwide leader in research-fueled security services, today announced that Gunter Ollmann joined the organization as Chief Technology Officer (CTO). In this role, Ollmann will focus on incubating and launching IOActive’s next generation of strategic security services and technology, expanding the innovative and industry-defining research and services that the company has been trailblazing for the past 25 years.

Ollmann comes on board at an exciting time as IOActive builds upon ongoing year-over-year growth and continues its expansion in ensuring their services best prepare organizations to stay ahead of the ever-evolving threatscape, increasing security and business resiliency against even the most formidable attackers. As CTO, he will play a key role in incubating new research-driven services and enhancing existing ones. Ollmann’s early focus will be on IOActive’s recent expansion of Silicon Security Services, honing in on silicon-level attack techniques that complement the advanced expertise IOActive developed in identifying potential embedded device attacks, leveraging techniques such as reverse engineering, fault injection, and side-channel analysis.

“Gunter’s broad knowledge of technology and security provides us with key perspectives as we build new ways to secure our clients’ organizations, products, and infrastructures. Technological innovations across AI, machine learning (ML), silicon, cloud, etc., are all playing an increasingly important role in an organization’s ecosystem and we are excited to continue ensuring our teams are building the most sophisticated tools, techniques, and knowledge to help our clients stay as secure and resilient as possible,” said Jennifer Sunshine Steffens, CEO of IOActive. “We are thrilled to have him on board as we continue our plans to elevate and commercialize our research and innovation.”

Ollmann has spent his career building and leading global consulting and product solutions spanning the cybersecurity domain and being an expert security advisor to Global 1000 companies. Prior to IOActive, Ollmann served as Chief Security Officer for Microsoft’s Cloud & AI Security division and led AI-based product and strategy for the leading vendors in the XDR (Vectra AI) and autonomous SOC/SIEM (Devo) spaces, incubating and driving multiple commercial products and services while protecting the world’s largest cloud applications and infrastructure. He has been at the forefront of applying ML and AI to cybersecurity for over a decade, holds multiple cyberthreat detection and mitigation patents, and has guided the innovation and patent process of hundreds of core technologies.

“Today, in-house security teams are defending an ever-expanding attack surface against an increasingly sophisticated and well-funded adversary, whilst having to compete globally for proven security expertise from an expensive and shrinking talent pool,” said Ollmann. “As Chief Technology Officer, I’m excited about helping lead the next stage of IOActive’s growth and innovation- delivering new cutting-edge security services and AI-assisted solutions whilst helping our clients and partners defend against today’s and tomorrow’s threats.”

About IOActive

PRESS RELEASE | August 2, 2022

IOActive Expands Transportation Cybersecurity Business with Addition of Cybersecurity Expert Kevin Harnett

IOActive Engages Kevin Harnett as a Transportation Cybersecurity Account Specialist

Seattle, Wash., August 2, 2022 – IOActive, Inc., the worldwide leader in research-fueled security services, today announced that Kevin Harnett has joined the organization as a Transportation Cybersecurity Account Specialist. Harnett will be focused on expanding IOActive’s existing transportation security practice to help expand it across a wide variety of vertical markets such as: passenger/electric vehicles, commercial/freight trucks, EV charger infrastructure/networks, autonomous vehicle sensors, aviation/avionics, rail, maritime, along with smart cities, agriculture, industrial control systems, etc.

Harnett brings a wealth of cybersecurity and information technology knowledge and experience to IOActive and is renown across the cybersecurity industry for his dedication and commitment to improving the cybersecurity postures of the transportation sector. Kevin worked at the Department of Transportation’s (DOT) Volpe Center in Cambridge, MA for decades in designing and developing IT systems, managing cybersecurity certifications of FAA Air Traffic Control systems, and as a Program Manger supporting leading-edge embedded cybersecurity projects regarding “e-Enabled Aircraft” and “Vehicle Cybersecurity” – focused on automobile telematics and Electronic Logging Devices. Kevin has supported numerous standards committees in aviation and vehicle cybersecurity, such as: the Society of Automotive Engineers (SAE), Radio Technical Commission for Aeronautics (RTCA), International Civil Aviation Organization (ICAO) and European Organization for Civil Aviation Equipment (EUROCAE).

Jennifer Sunshine Steffens, IOActive CEO, notes of the hiring: “Kevin joins IOActive at a critical time as the Transportation Sector is encountering an explosion of targeted cybersecurity threats daily. We welcome his respected reputation in the industry for always “making a difference” with his customers, and are excited to have him continue the expansion of our growing Transportation Cybersecurity business.“

As the need to design and implement cybersecurity and security controls into products and systems gains momentum, the transportation cybersecurity market has become of primary importance to security service providers. Today’s passenger cars and commercial/fleet vehicles are mobile internet-of-things devices on wheels, and IOActive has been on the early cusp of supporting the transportation cybersecurity market providing consulting services in support of original equipment manufacturers (OEMs), suppliers and vendors.

Since 2013, IOActive has distinguished itself in the transportation security sector with original research on local and remote CAN bus attacks, high-level assessments of vehicle network architecture security and analysis of commonalities in vehicle cybersecurity vulnerabilities, and numerous findings impacting the aviation and maritime industries. This original research has been applied in IOActive assessments to help Global 1000 clients navigate their most critical transportation security issues.

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve client’s overall security posture and business resiliency. Founded in 1998, IOActive is headquartered in Seattle with global operations.

PRESS RELEASE | May 21, 2020

IOActive Expands Secure Development Lifecycle Services with Continuous Penetration Testing

New Service Model Designed to Enable Enterprise DevSecOps to Build a Robust Secure Development Lifecycle

Seattle, WA – May 21, 2020 – IOActive, Inc., the worldwide leader in research-fueled security services, announced today the introduction of their new Continuous Penetration Testing (CPT) services. This new style of testing is designed to address the challenge of integrating security testing into an agile development model. As many organizations have moved to Continuous Integration and Continuous Deployment (CI/CD) processes the independent validation and verifications processes have not aligned with that enhanced agility until now.

“As enterprises have embraced agile development over waterfall, they have struggled to integrate security testing throughout the process. Time and time again it has been proven that weaving security throughout the development cycle produces stronger products and costs less in the end. To be effective, penetration testing models have to evolve to better align with how enterprises approach development, deployment, and operations,” said John Sheehy, SVP of Research and Strategy at IOActive. “We’ve worked closely with our enterprise customers to refine this model to deliver the ongoing support they need to build highly secure products in an agile model.”

Understanding that ongoing testing is critical in secure product development – just as agile focuses on small sprints and changes – CPT focuses on those associated code, network, infrastructure, application, and configuration changes early, before or shortly after they go to production. The flexibility of these services is designed to provide ongoing, cost-effective testing of components as they are developed—resulting in more robust and secure products. These new services are an extension of IOActive’s suite of Secure Development Lifecyle services that include full-stack penetration testing and threat modeling, design and architecture reviews, as well as program development and management. The CPT offering is best utilized on certain parts of the technology stack such as externally-accessible web applications, mobile applications, web services, network, and IT infrastructure.

This announcement complements IOActive’s recent Pen-testing Protection Program designed to help global small businesses continue necessary penetration testing to support cybersecurity risk management—as they deal with the financial impacts imposed by the stay-at-home orders imposed to keep their communities safe. The new CPT offering is designed to support larger organizations by providing flexible penetration testing services aligned with the CI/CD model favored by DevOps teams, while providing for the cybersecurity risk management needed by the SecDevOps team. When properly employed, CPT allows organizations to engage in effective expense management as well as enhancing the cadence and agility of external penetration testing.

“Many organizations are currently facing the existential threat of a prolonged pandemic-compromised economy. Unfortunately, this is a reminder that often it’s the unexpected threats that can be the most impactful, and as organizations face the daunting task of keeping business going, we want to add new services and flexible programs to help our customers stay viable and secure. CI/CD/CPT provides organizations with an integrated agile approach consisting of agile development along with an agile, independent assessment of cybersecurity risk” Sheehy said.

As part of IOActive’s mission to make the world a safer and more secure place, new infrastructure and tools were developed and deployed to ensure the entire suite of services can be delivered remotely to allow customers to keep their teams healthier at home as long as deemed necessary.

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve client’s overall security posture and business resiliency. Founded in 1998, IOActive is headquartered in Seattle with global operations. For more information, visit ioactive.com.

PRESS RELEASE | September 23, 2019

IOActive Wins Trio of SC Media Reboot Leadership Awards

Jennifer Steffens, Dani Martinez, and Alejandro Hernandez Recognized for their Invaluable Contributions in the Security Industry

Seattle, WA – September 23, 2019 – IOActive, Inc., the worldwide leader in research-fueled security services, announced today that SC Media has recognized three of its team members in the third-annual SC Media Reboot Leadership Awards. A total of 50 honorees were revealed as part of a special editorial section published on www.scmagazine.com today.

IOActive’s team earned the following distinctions:
CEO Jennifer Sunshine Steffens was named a “Thought Leader” for her strong involvement in the security community, continuously supporting women and diversity programs, and managing the world’s top threat researchers who have made groundbreaking vulnerability discoveries in vehicles, airplanes, robots, Segways, ATM machines, and more.

Senior Security Consultant Alejandro Hernández was recognized in the category of “Threat Seeker” for his research that uncovered major threats to web and mobile stock trading applications. His research began in 2017 and extended into 2018 when he presented new findings at Black Hat. The goal of Alejandro’s research was to serve as a wake-up call for the financial industry, which needs to implement stronger security controls and follow industry best practices when developing mobile, desktop, and web applications for stock trading.

Security Consultant Dani Martínez was named a “Rising Star” for his 2018 research where he identified two major vulnerabilities in mobile applications used by airlines to manage cabin controls and in-flight entertainment systems. He discovered that an attacker could use these vulnerabilities to affect passenger and crew devices as well as other connected devices.

“There were no shortage of quality nominations this year as we reviewed the various candidates for our coveted Reboot Awards,” said Teri Robinson, executive editor, SC Media. “However, after a thorough evaluation process, it was clear that multiple IOActive nominees truly distinguished themselves through their valuable contributions and industry influence.”

The Reboot Leadership Awards are an adjunct to SC Media’s annual Reboot coverage that takes place each December when SC Media recognizes the best and brightest cybersecurity luminaries and organizations. The Reboot Leadership Awards are offered similar accolades and the winners are honored with a special section on SC Media’s website and in their December Reboot edition.

“Our team is honored to receive these three prestigious awards from SC Media,” said Steffens. “For the past two decades, we have carried out our mission to make the world a safer and more secure place from cyber threats. It’s great to see our team being recognized for providing ground-breaking security research and services that have a real-world impact.”

The contenders who were nominated for the eleven different categories faced a thorough judging process conducted by SC Media’s editorial team. This included a review of their professional backgrounds, references and work undertaken to benefit the wider industry, as well as any other research deemed necessary. Winners were chosen based on their outstanding service, qualifications and advancements in the cybersecurity industry.

“Although the cybersecurity workforce gap continues to present a challenge for organizations across the globe, it is reassuring to know that the world is still producing top-notch information security talent, as represented by our 2019 Reboot winners,” said Robinson.

The award also comes on the heels of SC Media’s 30th Anniversary Awards announcement in March of this year when IOActive was selected as one of the “Most Important Companies of the Last 30 Years.” SC Media also recognized IOActive’s CTO, Cesar Cerrudo, and Principal Security Consultant, Ruben Santamarta, as “The Most Important Security Researchers of the Last 30 Years.”

For profiles of all this year’s SC Media Reboot Leadership Awards honorees, visit www.scmagazine.com.

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve client’s overall security posture and business resiliency. Founded in 1998, IOActive is headquartered in Seattle with global operations. For more information, visit ioactive.com.

PRESS RELEASE | June 4, 2019

IOActive and Bugcrowd Combine Forces to Extend Security Service Offerings

Strategic partnership provides Global 1000 customers with more options to reduce risk and identify security gaps

Infosecurity Europe – Olympia, London, June 4, 2019 – IOActive, Inc., the worldwide leader in research-fueled security services, today announced that it is joining forces with Bugcrowd, the #1 crowdsourced security company, to provide full-stack continuous testing options across all industries and key verticals, including healthcare, retail, financial services, transportation, technology and government.

IOActive operates in over 30 countries and brings world-class services to businesses globally through its advisory services, full stack security assessments, secure development lifecycle, security program development, red and purple team services. Bugcrowd combines the largest, experienced triage team with the most trusted hackers around the world to support enterprise organizations in managing their bug bounty, vulnerability disclosure, and Next Gen Pen Test programs.

This partnership aligns with both companies’ commitment to bring robust security solutions to each other’s growing customer base, including crowdsourced bug bounty and vulnerability disclosure programs, full-stack assessments and continuous testing. The partnership provides IOActive customers access to Bugcrowd’s crowdsourced security solutions and platform, providing even more program opportunities for Bugcrowd security researchers. In addition, Bugcrowd customers can rely on IOActive’s world-class researchers and expertise to deliver specific capabilities.

“We’re excited to collaborate with Bugcrowd to address the ever complex and evolving security challenges facing our Global 1000 clients,” said Matt Rahman, chief operating officer at IOActive. “This partnership is another example of our commitment to extend our core capabilities with key partners, and tackle business risks while helping clients maximize their security investments through the creativity of the combined methodology approaches.”

Bugcrowd and Enterprise Strategy Group (ESG) recently released the Security Leadership Study – Trends in Application Security, that surveyed 200 CISOs and cybersecurity decision makers about the current state of application security, underscoring the importance of next-generation crowdsourced approaches and DevSecOps to quickly find and fix vulnerabilities. The survey found that 60% of security leaders see room to add continuous security penetration testing programs to their traditional point-in-time penetration testing efforts, calling next generation penetration testing complementary for companies to find and fix vulnerabilities faster.

“IOActive has always had an incredible reputation for its industry-leading vulnerability discoveries,” said David Baker, chief security officer and vice president of operations at Bugcrowd. “By working together and having IOActive security experts leveraging Bugcrowd’s platform, we can help secure the world’s most important companies to discover critical threats and vulnerabilities sooner, which is essential in today’s complex threat landscape.”

IOActive and Bugcrowd will attend Infosecurity Europe from June 4-6 in Olympia, London, with David Baker participating in a CISO panel discussion on Wednesday, June 5 at 2 p.m. BST. More details can be found here: https://www.bugcrowd.com/events/join-us-at-infosecurity-europe-2019/.

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve client’s overall security posture and business resiliency. Founded in 1998, IOActive is headquartered in Seattle with global operations. For more information, visit ioactive.com.

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, and Next Gen Pen Test programs. Bugcrowd’s award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

###

Samantha Chau
PR for Bugcrowd
US: +1 626 826 4657
samantha.chau@bugcrowd.com