Savvy customers understand that security is a process. They increasingly demand validation that their products and data are secure, and need a way to assure their customers that they are serious about their security posture. Compliance is not enough. Companies must prove that their products are not only compliant but are also constantly tested against new threats. Conventional compliance frameworks leave gaps that are easy for bad actors to exploit.
CESPPA leverages the skills of over 1,700 freelance security researchers who are incentivized to constantly search for vulnerabilities in businesses’ web and mobile applications. CESPPA revamped the traditional crowdsourced model by providing clients with what they needs the most: expertise to find security vulnerabilities without the overhead of managing such program, all at a predictable cost. CESPPA’s program managers work hand-in-hand with its vetted security researchers to identify, verify and validate security vulnerabilities to prioritize what needs to be addressed. Program managers rewrite those findings to provide quality reports that are valuable to customers’ dev and executive teams alike. CESPPA platform provides a way for clients to generate compliance reports based on those findings which can ultimately be delivered to their own customers and auditors to demonstrate their security posture. CESPPA manages the entire process, eliminating the need to hire expensive in-house security personnel or to hire one-time penetration testing consultants.
A Security Platform That Provides World-Class Security Intelligence
In June 2018 Joseph Melika and Clark Landry founded CESPPA. It was launched with a mission to secure the internet, and a vision to create a platform that provides world-class security intelligence designed specifically for rapidly-growing technology companies. The company validated its vision quickly when it engaged with Veritone, a leading provider of artificial intelligence technology and solutions. While going through the rigorous and demanding security certification process for FedRAMP, Veritone approached CESPPA for their initial security assessment. CESPPA then operationalized the process of satisfying FedRAMP’s third-party assessment controls, helping Veritone receive their FedRAMP certification in a rapid manner. Since then, many new customers have partnered with CESPPA, and have discovered how the platform can benefit the team to not only secure the assets but also win new business.
The name CESPPA comes from the shortened reversed abbreviation for APPLICATION SECURITY or APPSEC. It aims to disrupt and improve crowd-sourced application security to provide a turnkey solution platform, which creates an immediate return on investment for its customers.
The Trailblazer Overcoming The Security-Related Challenges
Previously, Joseph Melika served as the Head of Security Engineering at Verizon Digital Media Services, as well as in several other leadership positions in the security field. He noticed a shift in focus amongst security professionals from basic compliance to the actual effectiveness of security programs and initiatives. Joseph understood that organizations’ requirements for cybersecurity are multifaceted. A single individual performing a pen test cannot possibly have the broad security skillset required to evaluate all threats. Leveraging the diverse skillsets of a broad network of security researchers is absolutely necessary to effectively discover and remediate security vulnerabilities. Witnessing such gaps in the industry, Joseph along with Clark Landry started CESPPA as a platform that provides a diverse solution.
As a former top client of other crowdsourced solutions, Joseph quickly realized that the two biggest barrier to entry for customers are:
- Operational Overhead: while crowdsourced solutions prove invaluable to harness the knowledge of several hundred researchers overnight, it requires in-house expertise to understand their reports and deal with every researcher individually. Since researchers are highly technical, and many are not native speakers, the reports tend to require rewriting in order for them to be actionable by developers, or to be shared with executives or customers.
- Unpredictable Cost: the cost of running a program typically requires a sum of money to be set aside to reward researchers from (bounty). It is practically impossible to predict how much to set aside every year, making it difficult to budget for.
CESPPA addresses those two challenges by fully managing the engagement on behalf of its clients, and providing the solution at a fixed cost.
Protecting Data And Helping Win New Customers
The rising competition has made it vital to have a unique approach if one has to thrive. Keeping this in mind, CESPPA offers its clients a unique approach, which differs from others in the market. Joseph explains, “CESPPA is the crowdsourced security solution that not only keeps your products and data safe but also helps you win new business and new customers.”
Customers need security. There is no doubt about that. But what they need the most is the ability to demonstrate to their existing and prospective customers that they take security very seriously.
CESPPA has a special Turnkey Solution in which the security researchers typically begin reporting findings within 24 hours of program launch. All findings are captured in the platform which can then be compiled in different report formats to be shared external. CESPPA takes pride in being the only solution to provide these key differentiators:
- Keeping Your Environment Safe: With the evolution of the online threat landscape, CESPPA continually adapts to maximize the security of your products and data.
- Actionable Reports: The easy to understand reports enable its customers to win new business and achieve compliance goals.
- Fixed Cost: Easy to understand reports enable the customers to win new business and achieve compliance goals.
- Return on Investment: Whether for compliance or security assurance, working with CESPPA ensures that client’s products and customers are protected, enabling one to expand their business.
