Cybersecurity professionals, like pen testers or bug bounty hunters, often face a major challenge in spending a lot of time finding tools to tackle advanced cyber threats. This slows down the process of evaluating and addressing these threats, hindering their ability to respond quickly to new risks.
How do you solve such a hurdle? Enter Serbian startup Trickest, and their platform for workflow automation and orchestration tool for bug bounty hunters, penetration testers, and enterprise security teams.
Founded in 2020, the company’s platform aspires to democratize access to advanced cybersecurity tools for a broader audience, including academia, security researchers, educators, and bug bounty hunters.
In 2021, Trickest raised a €1.4M seed round backed by investors such as Credo Ventures and Earlybird Digital East fund, together with angel investors including UiPath’s Daniel Dines and Marius Tirca. An additional round earlier this year saw Credo and Earlybird investing again, with Underline Ventures and angel investor Vlad Ionescu joining in, bringing the total funding of the company to $3M.
Both of its founders, Nenad Zaric and Mihailo Tomic come with years of experience in the industry, with Zaric himself a hacker and a security professional who used to hold top rankings for companies like Uber, Paypal, and Snapchat on bug bounty platform HackerOne. The company’s headquarters and main team are in Belgrade, where they have been developing their platform for the past years.
Focusing on upcoming cybersecurity trends such as AI-driven security mechanisms and automation, the Serbian company is now looking to revamp the cybersecurity landscape by introducing new approaches.
“The traditional methodology of offensive security engineering is more than 30 years old, consisting of menial tool installation & updates, infrastructure setups, and, as most of the community calls it – messy automation scripts. With everything happening in the “Terminal CLI (command line interface)”, this approach looks the same as a few decades ago,” Trickest’ co-founder and CEO Nenad Zaric explains.
This is what the latest Community Edition of Trickest’s platform aims to change, by allowing individuals to concentrate more on productive and creative aspects of security without the burden of managing complex security solutions and infrastructure.
“The cybersecurity field faces a significant challenge with millions of unfilled jobs. To address this, we’re seeing a trend where professionals are increasingly doing the work of two or more people. This approach is putting immense pressure on individuals in the cybersecurity space. As a solution, it’s crucial to develop effective tools to help manage these challenges, continue evolving, and ensure global security,” Zaric points out.
For cybersecurity professionals such as Skopje-based cybersecurity engineer Milan Popov, such solutions and tools can indeed make life easier for those working in the industry.
“Cyber security engineers would become more aware of exposure to potential risk points, there would be more efficient threat intelligence and it can be used in internal SOC (Security Operations Center) teams. Bug bounty hunters and pen testers can react faster and more efficiently to some vulnerabilities, and get to the low-hanging fruit much faster if the process is automated,” Popov tells The Recursive.
Moreover, users of Trickest’ Community Edition can connect their own self-hosted machines, allowing workflow execution on private infrastructure too.
Customized solutions as a future cybersecurity trend
According to Zaric, one of the biggest threats nowadays are attacks on digital infrastructure, which are becoming increasingly sophisticated and specific in targeting exact companies and their infrastructures.
“Like living organisms, these infrastructures are specific to each entity, and we can not rely on generic ways to protect them,” he explains, adding that it is more and more common for companies to go for customized solutions.
“One example of such a use case is a company having a couple of hundred companies under its umbrella where traditional products are always doing the same scans, and discovery techniques need help understanding the full context of the targeted infrastructure. That is why they wanted a customized solution to find their assets, services, web applications, technologies, and more and to scan them for vulnerabilities before the bad actors,” Zaric tells The Recursive.
Another trend is that the offensive security approach is growing rapidly among both ethical hackers and malicious actors, leading to a broader recognition that cybersecurity involves more than just running scans or meeting compliance requirements.
“More than a decade ago, I received a piece of advice about offensive security that is still relevant today: “Think evil, and do good”. The methods used in offensive security today are far more varied than in the past, yet the core challenge remains the same and will likely continue as long as humans exist. We need to think like malicious actors to be able to secure our world,” Zaric says.
Regarding AI and how it changes the cybersecurity game, while it enhances flexibility, performance, and overall user experience, it is also crucial to acknowledge that the technology has its vulnerabilities, just like any other feature.
These vulnerabilities can pose significant risks for companies utilizing AI, including issues such as prompt injections, insecure output handling, sensitive information disclosure, and model theft, he points out.
“With AI in the picture, new types of vulnerabilities and breaches will occur in large corporations, where this issue becomes increasingly more complex by employees’ incorporating classified and confidential data into the AI models, which can be the new emerging target in the security industry,” Zaric concludes.
