Volkis News

We got phished! (but it was just a test)

Posted on 2024-05-17 by Alexei Doudkine in Volkis News


Over the last couple of weeks, we had a fellow security consultancy perform a penetration test on us! That’s right, even though we can do it ourselves, it’s always best to get someone independent to look at your security. We believe in following our own recommendations, so here we are. What did we learn?

Continue reading

Our first growing pains

Posted on 2023-03-21 by Matt Strahan in Volkis News


Earlier this year Alexei and I were staring at the screen, looking at a report that was less than flattering for the company. The reading of the report was simple: we were doing less billable work than we expected.

Unpacking the what and why of this problem drove us to change our processes and hire our first dedicated project coordinator.

Continue reading

Report Ranger roadmap

Posted on 2023-02-23 by Matt Strahan in Volkis News


When we started Volkis, Alexei and I had a big ranty discussion on how reports should be done. The next day I hacked together a PoC. We looked at it and went “damn, we already like this better than what’s already out there!”

Fast forward three years and Volkis is now more than just Alexei and I. That PoC ended up as Report Ranger and we’re still using it internally. Each time I ask “is Report Ranger still working for us” the answer seems to be “yes”. I follow that up with “are you sure?”, worried that they might just be trying to be nice and not hurt the feelings of the Managing Director and they still say “actually yes, I really like it!”

Part of the advantage of using our own internal tool for reporting has been the flexibility. Much of the functionality that Report Ranger has now was put in for a specific use case. We need a report that has charts, so let’s just put charts into Report Ranger. Wouldn’t it be good to have it read a spreadsheet and automatically generate our compliance report? Report Ranger can now do just that. Recently we had a report that needed two sections with separate groups of vulnerabilities and so now that change has been put together. All these breaking changes were fine - we just posted a message on our company Slack channel to give everyone a heads up and that was that.

There’s a big issue that has now cropped up though. Report Ranger is an open source project is now being used outside of Volkis. Ah well, there goes our fun. We have to start doing stuff properly!

Continue reading

We were vulnerable - how a security company could have vulns

Posted on 2022-06-22 by Alexei Doudkine in Volkis News


Well, it finally happened! We received the first submission to our Vulnerability Disclosure Program with actual possible impact. And, although it didn’t actually affect us or our clients in any way, it could have. So we awarded it a P3! But how could this happen? We’re security experts ourselves, so shouldn’t we have picked up on it? Well, as we always tell our clients, “security is hard” and no one is perfect.

In the interest of transparency (one of our core values), let’s dig deeper to see how this tale unfolded so that others may learn.

Continue reading

The value that Volkis brings as a company for penetration testing

Posted on 2022-04-13 by Matt Strahan in Volkis News


When building a cyber security company there’s a question we have to keep front of mind at all times. What value do we bring as a company? It’s one thing to just say “yes of course we provide value as a company” but for me I’ve tried to make an actual list. I’ve put up the results of this up in a new handbook page.

This exercise is more than just a bit of a boost for our egos. Rather, it’s a genuine component of the consulting model - of the business model that Volkis fits into. Whenever we have an engagement, there are three parties that come into play. They are the client, the consultancy, and the consultants themselves. The value of the consultants’ time is obvious: they perform the work. They find the security vulnerabilities in the systems that are being tested or find the ways the system might not be up to spec.

Why would the client not just contract someone out directly or employ their own pentester? If we don’t provide actual value then what’s the point? Thinking about this question directly has helped me solidify in my mind what we need to do well as a company and helped build our business model.

Continue reading

State of Volkis - what do we do well and what should we improve?

Posted on 2022-02-04 by Matt Strahan in Volkis News


A few weeks ago we had an internal strategy session with everyone at Volkis. In this session we only discussed four questions:

  • What does Volkis do well?
  • What can we improve?
  • What are pain points that could be taken away?
  • What does Volkis stand for?

While usually when companies do this they would keep it close, especially the “what can we improve” section. Transparency, though, ended up being something that everyone liked and wanted us to keep doing. In this spirit, everything we talked about in that session has been uploaded to our handbook as The State of Volkis.

Continue reading

Our first anniversary

Posted on 2021-02-09 by Matt Strahan in Volkis News


Today marks the 1 year anniversary of our official launch!

We’re thrilled with what we’ve been able to achieve over the past year. It’s extremely humbling to receive so much support from friends, family and colleagues; we couldn’t have done it without you. Thank you! 🍻

Continue reading

Volkis Stage 2

Posted on 2021-01-05 by Alexei Doudkine in Volkis News


Last year was definitely… something. I’m glad its over and although we’re not out of the woods yet, I am hopeful that 2021 will bring a much needed peace for us all. That being said, Volkis is now in its 2nd year of operation! Our first year was an amazing ride and such a humbling learning experience; equal parts excitement and terror!

In this post I wanted to look back on some of the achievements from last year that I’m proud of and give a few teasers about what is to come.

Continue reading

New guides, welcome packs, and methodologies in the Volkis Handbook

Posted on 2020-04-07 by Volkis in Volkis News


A couple of weeks ago we put up the Volkis Handbook. It is aimed at our customers, friends, employees, infosec colleagues and really anyone interested in the inner workings of Volkis.

More than this, it aims to form the core of Volkis and a key part of our philosophy as an organisation. We would like to be transparent, open, and honest. By showing what we do and the way we work, we hope that everyone will get to know us better and perhaps just learn a thing or two that they could do better as well.

Continue reading

Volkis up and running!

Posted on 2020-03-24 by Volkis in Volkis News


Since the start we’ve had a remote-first philosophy and even with these troubled times we’re up and running providing penetration testing, security consulting, and strategy work. There are obviously a few things we can’t do for now such as internal penetration testing, physical intrusion, and onsite debriefs, but most of our services including external and web app penetration testing, red team, security strategy, and compliance are still running.

Given internal penetration testing is out we do have gaps in our schedule now, so if you have urgent penetration testing work please let us know.

In this post we thought we might give some updates on what we’ve been up to and some of our future plans.

Continue reading