Companies today face increasingly sophisticated online threats, and as such, need to defend against those threats well before they are encountered. In particular, SMBs are faced with daunting challenges related to developing and implementing security defenses. Evidently, the world is fast moving from Linus’s Law of “given enough eyeballs, all bugs are shallow” to “given enough money, all bugs are shallow.”
In a bid to change this narrative, Joseph Melika, along with his business partner, Clark Landry, founded CESPPA, a revolutionary human-powered security solution for modern business. Having served as the Head of Security Engineering at Verizon Digital Media Services, as well as in several other leadership positions in the security field, Melika saw firsthand a shift in focus amongst security professionals from basic compliance to actual effectiveness of security programs and initiatives. “The demand for security solutions used to be frequently driven by compliance requirements such as PCI, HIPAA, among others. However, as security threats have increased, costs of breaches have skyrocketed, and applications are constantly changing, the need for always-on, comprehensive security solutions has become a ‘need to have’ for companies of all sizes,” begins Melika, co-founder and CEO of CESPPA. “Also, organizations’ requirements for cybersecurity are multifaceted. A single individual performing a pen test cannot possibly have the broad security skillset required to evaluate all threats. Leveraging the diverse skillsets of a broad network of security researchers is absolutely necessary to effectively discover and remediate security vulnerabilities.”
With this in mind, Melika developed the concept of enabling continuous monitoring of companies’ applications utilizing a rotating network of security researchers with diverse specialties and skillsets. CESPPA is a crowdsourced application security platform—a unique and effective hybrid of bug bounty and penetration testing platforms. Today, the platform harnesses the collective knowledge of over 1,000 security experts to continuously discover and report security vulnerabilities for a wide range of applications. The company’s network of security experts continuously monitors and tests clients’ applications for old and new vulnerabilities alike.
CESPPA has been specifically designed for SMBs, who according to Verizon’s 2019 Data Breach Investigation Report accounted for 43 percent of all security breaches in 2018. Most SMBs lack both the capital and the knowledge to select and manage a vulnerability assessment program or application security platform. CESPPA provides world-class security services and actionable information to SMBs at a fixed and affordable cost.
CESPPA’s prowess was on full display when it engaged with Veritone, a leading provider of artificial intelligence technology and solutions. While seeking the rigorous and demanding security certification of FedRAMP, Veritone approached CESPPA for their initial security assessment. “We were initially engaged to perform one week’s worth of testing. After seeing the results, Gary Everekyan, Chief Information Security Officer at Veritone, asked us to continue for another week. We became a part of their team. We are now proud to be their trusted security partner, and are continuously monitoring their attack surface,” recalls Melika. CESPPA then operationalized the process of satisfying FedRAMP’s third-party assessment controls, helping Veritone receive their FedRAMP certification swiftly.
The uniqueness of CESPPA, as Melika details, lies not so much in the “how” as it does in the “why”. “Our competitors like to boast how many bugs their security researchers find, while we focus on providing understandable and actionable business intelligence. With CESPPA, clients can be confident that they understand their security shortcomings, and will know which vulnerabilities to prioritize and remediate first.”
Staying true to its mission of “securing the internet,” CESPPA is committed to addressing the needs of security researchers and clients alike by constantly improving, revamping, and adding new features to its offering. In an increasingly dangerous security environment for companies and organizations of any size, CESPPA is providing compelling new solutions to secure the internet.