Pablo Endres, Managing Director and Lead Security Consultant
Let’s face it: Security is a complex challenge. With billions of new digital devices getting connected every year, the smart, autonomous future is dawning upon us. Simultaneously, the window on building a secure ecosystem is closing. To most organisations hard-wired to seek growth opportunities with IoT initiatives, security arrives as an afterthought. While both consumer and industrial sectors today have an IoT albatross around their neck, very little thought is being given to how to respond when these devices are exposed to threats. Furthermore, in the consumer arena, the time-to-market and pricing add to the challenge as security is neither fast nor affordable. Evidently, securing IoT and achieving ironclad security is not a cakewalk.
Against this backdrop, SevenShift, a boutique security consulting firm with a wealth of experience in the worlds of cybersecurity and IoT, is heeding the call, priding itself in enabling companies to take full advantage of the IoT in their own environments with their expert consulting and training services. Laser-focused on IoT and IIoT security, SevenShift is changing the industry narrative with its training and pentesting services specifically designed for the IoT marketplaces, device manufacturers and mobile service providers. With Pablo Endres at the helm as the managing director and lead security consultant, SevenShift empowers organisations with engineering and consulting services that help them design, build and run secure solutions.
As someone passionate about teaching and helping others understand new topics and grasp new techniques, Pablo takes a hands-on approach to security, bringing in a perfect combination of both theory and practical applications. He leads his team of security experts at SevenShift to assist companies in understanding the fascinating IoT world, achieving their goals, and innovating their technologies.
SevenShift always tries to get into a project when it’s still on paper and the client is designing the solution, so that, by the time the product is ready, it’s already secure
SevenShift works closely with the clients, helping them to find the best solutions characterised by secure infrastructure, to prevent hacking or unauthorised intrusions in IoT devices.
It is widely acknowledged that taking security by design is at least 20 times more cost-effective than to deploy security on a finished product. To that end, Pablo explains, “SevenShift always tries to get into a project when it’s still on paper and the client is designing the solution, so that, by the time the product is ready, it’s already secure.” This approach enables the company to address the cost issue—one of the major hindrances in delivering secure IoT solutions. Besides, SevenShift is focused on abiding by an IoT security foundation checklist and advocates for a standard testing methodology. When it comes to web testing or mobile app testing, most organisations adopt the OWASP methodology. Having collaborated with the OWASP Group, SevenShift is striving to introduce a standard methodology in the pentesting procedure, which would enable people to perform testing across the board.
As the demand for skilled and trained security professional continues to grow, Sevenshift is filling the void with its portfolio of trainings which include: IoT Security Bootcamp, IoT Security Manager, and Assessing and Exploiting Control Systems & IIoT. Pablo has designed the consultancy model of SevenShift as a one-stop-training hub for professionals with both a technical and non-technical backgrounds. The training model for the non-technical group focuses on risk and threat management aspect, whereas SevenShift’s flagship IoT Security Bootcamp programme provides a three-day-long hands-on training. “Our training programs are one of the most rewarding parts of our offering.
We teach technical people to see the security side of things, show them the hacker mindset and how to hack their products,” says Pablo. “Our first IoT Security Bootcamp took place in 2018. It was the realisation of many months of work—from creating the curriculum, sourcing our kit to ensuring that all the exercises teach our students the most important lessons and provide steps to grow.”
By leveraging this two-fold approach, which includes training and pentesting services, SevenShift allows mobile service providers to get out of the trap of reaction-based security and adopt a proactive security approach to prevent major incidents before they occur. Many organisations did not define their security requirements until recently. Trained by SevenShift, they have started demanding proof from the IoT devices manufacturers regarding the security standards in their devices. Pablo believes that this is a positive sign for both the client organisations and SevenShift’s services.
This progress, coupled with unparalleled expertise is sure to hold SevenShift in good stead down the road. Next year, in collaboration with ControlThings LLC, the company is planning to bring in its IIoT training course to Europe. In the forthcoming years, SevenShift aims to launch an online version of its training programme, which is now exclusively provided on-site. Besides, as the number of project requests continues to increase, including the ones from the Asian marketplace, SevenShift is also looking forward to bringing more consultants and trainers onboard. To reduce the count for pentesting cycles, which now remains at four or five, the company will empower its clients with a PaaS offering. “Common mistakes are prevailing in the IoT landscape, and we want to create a platform that would enable the IoT device providers to run a quick test themselves and fix the problems before they approach us for testing,” concludes Pablo.
In fact, 2020 is expected to open up a larger market opportunity for SevenShift as it plans to evolve further across its areas of expertise, including network, embedded hardware and microelectronics, wireless, web, and mobile applications.