Culture is defined as how we behave in what we do.
“How we behave” is intrinsically connected with our values, as individuals, as teams, and as organizations. Values are crucial because they will serve as a guide. They will define how one should act in a specific situation and will determine what others are expecting from us.
“What we do” depends on our mission and purpose.
In this article, I will go deeply through these topics, so that you get to know more about Ethiack.
It will be extensive and intensive, so buckle up!
What we do
Let’s start with the second because in order to understand how to behave in an action, one first needs to know what the action is.
The action is defined by the vision, why we exist, and by the mission, what we are doing to accomplish the vision.
At Ethiack we envision a more secure world where organizations benefit from the knowledge of ethical hackers and society lives without the fear of cybercrime. We exist to:
VISION: Secure technological progress and digital transformation (by making cybersecurity preventive and accessible to all)
We strongly believe this vision will only happen if organizations acknowledge the power of ethical hacking to proactively prevent cyberattacks and man and machine join forces to:
MISSION: Test businesses continuously, accurately, and proactively (through Autonomous Ethical Hacking).
Said like this, it seems very difficult to understand right? So let me simplify it for you in one sentence with two words for each statement.
We secure (vision) because we test (mission)
So simple right? And it actually defines how we believe security works.
“Test” is a strong word.
Sometimes it can be viewed negatively because it’s the only way to prove something does or does not work. Usually, people and organizations don’t like it when they are wrong. They are afraid of the consequences. In fact, our society has always seen “error” as something bad, to avoid and to punish.
But is that really true? In our opinion, it’s not. In fact, errors are the baseline of innovation and progress. And testing is the only way to find them.
So, we test and we get tested. That’s what we do. And we just love it!
We test our customers to find vulnerabilities in their systems so that they can improve and grow. And customers test our capabilities to do so. They build their defenses and they challenge us. The bigger the challenge the more we enjoy it!
We test our team and our employees every day. We push them to exceed our own expectations. And they test our leadership and patience. How we love to surprise them!
We test hackers in a continuous and rigorous vetting process. We test how they work and behave. And they test us to give them more and bigger challenges. They are always hungry.
We test our mentors, partners, and investors. We test their values, attitudes, and commitments. And they test our growth, product, management, and delivery. They are crazy demanding.
Maybe because we tested so much, testing became part of our values.
How we behave
No joking, our values are T.E.S.T.!
Transparency, Ethics, Synergy, Trust
Let’s see how these values work internally and externally.
So, if culture is defined as how we behave on what we do.
We TEST when we test. That’s Ethiack culture!
We are honest, critical, and relentless toward security.
Transparency begins in acknowledging that there is nor will ever be 100% security.
You will never hear from us words like “unbreakable”, “unhackable”, or “impenetrable”. Sorry, but that does not exist, period. I advise you to quickly run away when you hear these.
This means acknowledging that every technology, system, or defense is susceptible to being broken, hacked, or penetrated.
On the contrary, this does not mean that one should adopt a nihilistic approach of thinking “If I can’t be secure, why should I bother?”. It allows one to humbly conclude that being secured is an ongoing and neverending job and that testing is crucial.
So, if one already acknowledged that one is vulnerable, what is the best way to defend oneself? Exactly, testing. Testing allows one to quickly identify and mitigate those vulnerabilities. We are relentless in our testing.
At Ethiack, transparency also means being critical and candid, both internally and externally.
We encourage our team and hackers to speak up without fear, even if it hurts. If something is wrong, it’s better to know it fast and painfully than to hold a grudge. Grudges are small but they grow fast and become very powerful.
Finally, for us, transparency is also sharing, because sharing is caring.
We share feedback, numbers, and good and bad with our team and our stakeholders. This helps to make us committed and to grow and improve.
Sharing also helps us to build trust. We share and reward hackers for their findings and contributions they discover and we share with customers who or what is behind our testing.
At the heart of our work.
Ethiack is derived from the combination of "Ethics" and "Hack". We ethically hack technology.
Hack is another word for testing, with an even bigger negative connotation. It is so negative that hacking has been categorized by many as a crime throughout history.
Because of that, one must insert the word “ethical” before a hacker to describe someone who tests systems in ethical behavior, which, in my opinion, is ridiculous. (Why ridiculous? Do we say, for example, ethical cop or ethical doctor if they behave ethically? No, we say criminal cop or criminal doctor if they do not behave ethically)
Curiously, ethical hacking is now a job, and one very relevant in the digital era. Ethiack’s co-founder and hacker, André (0xacb), describes a hacker as someone who uncovers an impossible path, or in my simple words, someone who is crazy good at testing.
As we don’t yet have a world code of ethics for hackers, we have our own. We are rigorous in our policies and processes, and only a few talented hackers have the opportunity to work with us.
At Ethiack, ethics means that we are careful. We don’t joke around with cybersecurity.
Cybersecurity is like digital health. And being vulnerable is like being injured or sick. It’s not productive to focus on the cause or to finger-point, but, instead, one should quickly move to the solution. Security errors happen when building technology, it’s okay. Ethiack is here to help!
Moreover, we understand the importance and delicacy of what we test. We deal with very sensitive data and technology. Our findings could lead to a major data breach or technological disruption, with a huge impact on the business, or even on a socio-economic level.
Ethics also means privacy and respect. What we do at Ethiack, stays at Ethiack.
Privacy does not mean being silent and not sharing (remember sharing is caring!). On the contrary, it means to be respectful and intelligent. We believe that successful stories must be shared. They have a huge power to motivate others. It just means that we need to know what and how to share it.
Moreover, ethics is related to how we work internally. It means being responsible, available, helpful, and goal-oriented. We work with OKRs, so everyone knows what the company is trying to achieve in a specific quarter. Working ethically is going the extra mile to achieve that.
Finally, ethics means to be human-centric and very concerned with AI. We know that cybersecurity is not only about advanced technology but also how it interacts with the user. Usability and customer experience make technology stick, so the human will always be at the core. As AI evolves, we are taking advantage of its benefits, but we also are afraid of how dangerous it can become.
Security is collaborative.
Ethiack is committed to providing the most accurate and advanced security testing regarding vulnerability identification, but prevention is only possible through a collaborative effort. What hackers find, tech and security teams must mitigate as soon as possible.
As they say in football, the best defense is the attack. We will be your best strikers and score, however, we need you to defend the goal. Working as a team will make us unstoppable.
Ethiack is also crowdsourced, which means that we depend on and acknowledge the importance of our community to improve and be differentiated. Cybersecurity is a fast-paced and complex field, so it is critical that we are humble enough to ask for help and are open to listening.
We are building an autonomous product, not with the intent to replace humans but to aid them. We believe that machines and humans can work side-by-side and help each other. Machines are fast and continuous, but humans are creative and aware, so they can go deeper.
But there is more, collaborative security means that one’s findings can contribute to securing the other. Ethiack is building an anonymized collaboration between its users. This is possible because our product works in a symbiotic relationship between humans and machines. So if a hacker finds a vulnerability in a organization, the machine will learn and propagate the knowledge to other users, so that we all contribute to each other's security. How cool is that?
Internally, synergy means a lot! It means that we are a family.
We work and have fun together. We are there for the good and the bad times, and we celebrate everything: every victory, no matter how small it is, and every failure that allows us to improve. We often schedule time to party and do stuff outside of work. At least, once per quarter, we do a team building.
But, we also care for and respect each other. We know and understand that everyone is unique and has different contexts and backgrounds. That is what makes us strong. Here, we prioritize health and energy, as families do.
It’s what matters after all.
Trust is the cornerstone of cybersecurity. Everything relies on it.
Think this way: if the technology and service offered fail to prevent what it should prevent, the consequences for the customer can be catastrophic.
Trust is more important than the quality of technology or service offered, maybe that’s why the cybersecurity market is still so fragmented and there are so many security vendors (curious fact: the largest cybersecurity player, Microsoft, has less than 10% of the total market share and the second, Palo Alto, has just 3%).
Earning trust is not an easy task, and when trust is lost, the relationships will be lost forever. However, when earned and well maintained, the relationship can last forever.
When it comes to trust, this is a two-way relationship.
Customers trust us with their valuable assets. And we trust them to fix the vulnerabilities we identify, making their contribution to secure the world.
Hackers trust us in their skills. And we trust they will respect and be careful in their testing.
Employees trust us in their careers. And we trust they will give their best to achieve our vision.
Partners and investors trust us for their investments. And we trust they will always be there for us.
Trust also means acknowledging that it is impossible to know everything. In fact, it is knowing that there are more unknowns than knowns.
This means, for example, that customers shouldn’t expect to know everything about our testing, and sometimes we don’t know either. Ethical hackers are creative and, thus, unpredictable. We need to give them room to experiment and think outside the box. Artificial Hackers learn to test like hackers, they are always improving and their tests depend on the customers’ infrastructure. So, do not ask us what is happening at every moment, because criminals will not tell you either.
Internally, “I don’t know” is okay and empowered, because it allows us to work as a team and learn together. Knowledge and experience are overvalued compared to the willingness to learn. We value curiosity and questions.
It also means that everyone is accountable for doing their job proactively at their best and contributing to the common vision and goals of the organization. Everyone has specific metrics they need to accomplish, and we care about that. We do not care when or where they do it. They can work day or night, at home or at the beach, but they need to do it. Simple as that!
Finally, it means being patient and trusting the long term. We give now to receive later. We know that no matter the pain and the sacrifice of the short term, in the end, everything will be alright.
That’s all folks
Now, you know a bit more about what moves Ethiack and how we choose to move.