Case Study by Pasha Rayan - CTO and Co-Founder, Forage
Forage was founded to solve a global problem. We could see that there are many students from diverse backgrounds with incredible talent and a drive to work in particular industries or organisations. However, without exposure to the right people or on-the-ground experience, they are unlikely to fulfil their dreams.
So, we wanted to give these people the chance to land themselves great careers with amazing organisations – be they global corporates, government organisations or industry.
To do this, we have partnered with universities, government organisations and the private sector to provide individuals with a virtual work experience system that allows them to experience working in the industry or with the organisation of their choice. Our application gives them valuable experience, which helps them build a resume that will put them in a position of strength when they apply for the job they aspire to.
Working with students – holding student’s data about their career goals and aspirations is a massive responsibility. Before they share their information, they need to trust that we will store and manage it with absolute care.
Additionally, working with large organisations – both government and private – requires the highest level of data security. We need to be able to demonstrate that we uphold their standards for secure data storage before they even look at us.
As a company that partners with individuals and organisations throughout the world – in the United States, Europe, Africa, Asia and the Asia Pacific – our needs for data security are highly complex – we can’t afford to become a vector of data leakage.
When we set out to find a company to provide penetration testing, our key goal was to find a partner that was technically competent in the testing process, that had worked with and understands the flexibility required for start-up organisations, that had the capacity and discipline to dig deep when looking for vulnerabilities, and had a proven track record. We also wanted a partner that would undertake a security audit and be able to provide expert advice on other process tools as time went on.
The Selection Process
We were given referrals to multiple potential vendors, one of them being The Missing Link. My Chief Security Engineer chose The Missing Link over the others because he was impressed by their technical strength and their agile manner. They recognised that as a start-up working with medium to large enterprises, it was important to work fast while also meeting the highest regulatory and security requirements. We needed good solid, detailed work delivered to a standard upheld by the most advanced companies in the world.
Our relationship with The Missing Link has been positive – professional, timely and reliable. My Chief Security Engineer worked with them to identify the key processes involved in penetration testing and the security audit, and everything we discussed and agreed was promptly implemented. The team was helpful and friendly, and although the scoping process took longer than I had hoped, it was very detailed, which in the end was essential.
As expected, the penetration testing was robust, and it helped us identify risks that we were able to remediate with guidance quickly.
Penetration testing and a security audit were critical for our business going forward. We needed expert penetration testing, a detailed report and access to external advice on our security posture so that we can reassure the companies we work with that they can trust our processes.
For our investors, the process enabled us to provide reassurance that we uphold the highest standards and that we are continually working to identify and protect the business and our clients from potential risks.
The process was also helpful for our in-house development team – they were excited at the prospect of having an external provider put their work to the test, to validate the application they have developed and to provide guidance on opportunities for further improvements.
For me, the opportunity to have a third party do genuine penetration testing on our application means I can sleep better. Confidence in our security posture also means I can grow the business into the future, knowing that my team is doing the right thing – by the business, our students and our corporate partners.