Cybersecurity Services for SaaS Company

The Client

I’m the VP of information security of a SaaS company that provides merger and acquisition life cycle support.

The Challenge

We needed a company that could help us improve our security posture by providing testing and monitoring services.

The Approach

FRSecure handled our organization’s security assessment in 2019, and we worked with them again in 2020 to test the improvements in our security controls. This year, FRSecure provided three distinct services for us. They started the project by conducting an external penetration test, where they tested the external perimeter of our public-facing assets. After that, they did an internal penetration test wherein they tested our internal security controls. The third service they provided was a risk assessment, which was essentially a miniature internal audit that was done to test the quality of the security program controls that protects our organization. They assessed our policies, procedures, and overall security controls.

What is the team composition?

We worked with three project managers, each of whom was assigned to the three separate engagements, a lead analyst, and an additional FRSecure employee who was our primary contact.

How did you come to work with FRSecure?

FRSecure was recommended to us by our previous chief security
officer.

How much have you invested with them?

We invest $60,000 per year in FRSecure.

The Outcome

We have seen an improvement in our security controls, which have moved up a classification from fair to good. That was definitely a positive step for our company.

How did FRSecure perform from a project management standpoint?

FRSecure performed very well in terms of project management — they were incredibly responsive to any requests or questions that we had. We primarily communicated with them via email or phone.

What did you find most impressive about them?

I’m really impressed with FRSecure’s focus on our needs and the removal of barriers. They are always willing to engage and empower us by providing constructive criticism and functional improvements that we could employ. They don’t just give us reports and tell us to do better next time — they actually provide us actionable feedback to help us improve ourselves and secure our organization. Another thing that I like about them is that they don’t upsell themselves. Typically, vendors just want to sell you as much as they can, but that has never been the case with FRSecure. When we were looking into recommendations for some services that FRSecure doesn’t offer, they actually helped us connect with another vendor who could provide those services for us. They are very transparent about what they can or can’t do, and they’re willing to really work with us to determine our needs and get those solved, no matter what.

Are there any areas they could improve?

We asked them to provide us with a mapping of the international standards that the risk assessment program they performed is built on, but they haven’t delivered that yet. Other than that, there isn’t really anything I think they could improve on.

Do you have any advice for potential customers?

Make sure to be as open and transparent as you can be so they can help you in the best way they can.