Trickest, a Belgrade-based startup building a workflow automation and orchestration tool for bug bounty hunters, penetration testers, and enterprise security teams, has raised a €1.4M seed round, the company said in a press release.
The round is led by Credo Ventures, with participation from Earlybird Digital East Fund, with Daniel Dines and Marius Tirca, CEO and CTO of UiPath also participating as angel investors. According to the company, proceeds from the round will be used to accelerate hiring and support the company’s early access launch.
Simplifying offensive security testing
Trickest’ co-founders Nenad Zaric and Mihailo Tomic have vast experience in the industry. Zaric is a hacker and a security professional himself who used to hold top rankings for companies like Uber, Paypal, and Snapchat on bug bounty platform HackerOne.
He and Tomic are childhood friends from Užice in western Serbia and combined their security and data backgrounds to start Trickest in late 2019. The pair raised their first investment from ICT Hub Venture in early 2020 and have since been prepping their core product, a workflow editor designed specifically for offensive security professionals, for launch.
“About 2.5 years ago, I created a simple automation application as a solution to the time-consuming parts of my work as a security engineer and bug bounty hunter. As the complexity of use cases for the application started to grow, I reached out to Mihailo to get his help with structuring and utilizing the data that was being generated”, Trickest co-founder and CEO Nenad Zarić tells The Recursive.
“The two of us then quickly realized the opportunity to build a product and business around it, and we started onboarding our first few hires. Our vision was and still is to radically simplify offensive security testing not only for the bug bounty community, but also for enterprise SecOps teams.”
The company’s cloud-based workflow editor makes it easy to build and automate tests in a drag-and-drop way, and while the platform supports starting from scratch, Trickest makes the best crowdsourced knowledge available to everyone thanks to a library of 100+ open-source tools.
Additionally, more advanced users can also drop in their custom scripts for maximum flexibility and control. The company also takes care of infrastructure management – workflows can be run in the cloud with one click and are designed to support features like auto-scaling and cost controls out of the box.
Setting the standards in Southeast Europe and much wider
With the latest fundraise, the company is now looking to recruit heavily in its Belgrade HQ and accelerate through its beta launch. The platform is being selectively rolled out to early access signups from the ethical hacking and bug bounty communities, and early enterprise clients are already being onboarded.
“We think it’s important to highlight that offensive security is surging everywhere, not just in SEE. On the bug bounty side, the growth of platforms like HackerOne & BugCrowd has been pretty impressive to watch. Companies have recognized how valuable crowdsourced security knowledge can be, and these platforms allow them to connect with hackers from across the globe”, Zaric explains.
“We do have great security talent here in Serbia and across the region, but the industry isn’t really limited by geography in any meaningful way. The same is true for enterprise use cases. While companies in the region are perhaps less familiar than their US counterparts with running bug bounty programs or having large in-house SecOps teams, the need to protect their applications with a product like Trickest is the same”, he adds.
The company is now also set to become one of the most exciting startups in Serbia and all of Southeastern Europe. Investors Credo Ventures and Earlybird Digital East Fund have previously led the seed round of then-Bucharest based UiPath in 2015, long before the company’s $30 billion IPO in April of this year. With current UiPath CEO Daniel Dines and CTO Marius Tirca joining the round as angels, the stage is set for another breakout success, the company said.
“Nenad and Mihailo have a special vision for reshaping the offensive security world,” Jan Habermann, General Partner at Credo Ventures, said.
“We’ve seen workflow automation on the response side help make organizations quicker and smarter in handling security incidents. Trickest solves the more proactive piece of the puzzle, bringing simplicity and automation to ethical hackers and infosec teams whose work is increasingly complex. We couldn’t be happier to back the company at this stage and are excited to help them build something great”, he adds.
Bringing innovation and facilitating change in the industry
The offensive security industry still relies heavily on scanners, dashboards, and blackbox testing methods that make it difficult to understand what happens under the hood. In addition to offering limited flexibility, this means companies are often at the mercy of advanced security professionals who can interpret their results.
While the company’s goal is not to replace external pentesters that are hired to find critical flaws in applications or bug bounty hunters that submit bugs on platforms like HackerOne or Bugcrowd, instead Trickest aims to serve both these groups and enterprise teams.
According to the company, the former will benefit from a big step forward in productivity versus their current tooling stacks that will ultimately translate into more tests completed and bounties collected. The latter will be able to in-house part of the security capabilities that are today reserved only for the most advanced enterprise teams. In practice, Trickest will also make security testing for use cases like compliance significantly easier, faster, and more transparent than it is today.
“As for trends, we think enterprise interest in employing freelance bug bounty hunters and researchers will continue to grow, especially as the increasing adoption of cloud services makes security an even tougher problem. This should help drive the growth of the offensive side of the industry. We also think platforms like HackTheBox that help make offensive security a more approachable topic for beginners will play a part in this”, Zaric tells The Recursive.
According to Zaric, it is also important to point back to the general notion of the “shift left” in security that has been around for decades now. “Security is no longer an afterthought pushed to dedicated security teams that test things after they’re built. Instead, security testing happens early and in a more continuous way, and part of the responsibility for implementing security tests is shifting toward developers. We think tools like Trickest can be great facilitators of this, making it easier for developers without much security knowledge to get started with building and automating security tests that are easy to understand and share.”