DERUUA

Cyber Security Team Extension and Remote CISO Service

Add cyber security experience to your short-term or long-term projects by hiring our certified Remote CISO (Chief Information Security Officer) and/or information security specialists! Near-shore outsourcing and outstaffing of IT and information security to Ukraine is a good decision. Ukraine shares European values like responsibility and reliability, and fosters the best IT specialists in the world. Finally, it is profitable! We can also work on your behalf for your clients and deliver white-label services.

Competence in cyber security

We have wide, deep and unique experience and competence in IT and corporate security:

  • Security Assessment: IT Audits, Information Security Audits, pen-testing, social engineering, Red-teaming, security review of source code.
  • Managed compliance with GDPR, ISO 27001, VDA ISA, TISAX, PCI DSS, HIPAA, ITIL, ISF, NIST, COBIT, etc.
  • Application Security and Software Engineering: Secure Software Development Lifecycle (SDLC) management and Security DevOps of specific software products.
  • Trainings and workshops on Secure Software Development (SDLC, Secure DevOps). Personnel Security Awareness and Behavior Management. People-Centric Security.
  • Security Operations Center (SOC) Implementation and SOC as a Service, including: technical vulnerability management, security event monitoring, security incident response and investigations, etc.
  • Development and audit of Smart Contracts and blockchain technologies.
  • Enterprise Risk Management and IT-related Risk Management.
  • Business Continuity Management and Disaster Recovery Planning.
  • Search Engine Reputation Management (SERM), Physical security and other security areas.

Get more information on team profiles or press the button below now to get a quote on Cyber Security Team Extension Service!

 

Valid international certificates

The certificates can be verified online at the respective certification organizations.

  • (ISC)2: Certified Information Systems Security Professional (CISSP)
  • Offensive Security: Offensive Security Certified Professional (OSCP)
  • EC Council: Certified Ethical Hacker (CEH)
  • ISACA: Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM)
  • PCI SSC: Payment Card Industry Professional (PCIP)
  • SANS: Security-560. Training course at SANS, USA
  • PECB: Certified Lead Pen Test Professional (CLPTP)
  • Other certificates
H-X certificates
 

Why we are profitable

  1. Our cyber security specialists are very skilled. They have not only earned prestigious security certifications, but constantly improve their technical skills and win CTF hacker competitions. On the other hand, they have broad experience in security governance, standards, business processes and secure software development lifecycle.
  2. We are very experienced. We have been hacking since 2000, and remember even MS-DOS, OS/2 and Windows 3. On the other hand, we know well modern systems, languages, frameworks, APIs, CI, DevOps and cloud technologies.
  3. We are mature. Our specialists have good corporate culture and multi-national experience. We strictly adhere to international and industry standards and specific legislations.
  4. The senior and expert specialists' rates are 35 to 55 EUR/hour. However we work not only using Time-and-Material model, but also Fixed Price.
  5. We are flexible because provide free consultations, and you can order even 1 hour of our specialist to try the quality. We are ready to assist.


 

Profiles of specialists

Key resource, roleIT security experienceCompetence areasCertificates, diplomas
Vladimir, Security Lead17 years
  • Security audits and compliance. Security regulations, standards and frameworks (ISO, ISF, NIST, PCI DSS, CIS, OWASP, GDPR, etc.). Process management. Risk management.
  • Penetration testing of embedded systems and thick clients.
  • Social engineering, security awareness and psychology.
  • Automation and software development. Secure software development life cycle.
  • Payment systems and technologies.
  • Project management, human resource management, quality assurance. Development of documentation and record management.
  • IT service and product sales. IT marketing.
CISSP, CEH, PCIP
Frol, Security Analyst 113 years
  • Cyber security, penetration testing, malware analysis, open source intelligence gathering, incident response, critical infrastructure protection, application security, information security management system, IT audit, IT strategy.
  • Delivering multiple projects to customers all over the world, including penetration testing, malware analysis, open source intelligence gathering, computer forensics, fraud investigations and fraud controls audit, ISMS audits, trainings, etc.
OSCP, CISA, CISSP
Yakiv, Security Analyst 216 years
  • Penetration testing of web resources, web based services, networks, client-server systems.
  • Reverse engineering. Development of vulnerability exploit.
  • Cryptology: cryptography and cryptanalysis.
  • Security audits and compliance. Security regulations, standards and frameworks (ISO, ISF, NIST, PCI DSS, OWASP, etc.). Risk management.
  • Web application firewalls, web security gateways, network devices, data leakage protection, etc.
CISM, CISSP, CEH, MCP
Viktor, Security Analyst 39 years
  • Penetration testing of web resources, web based services, networks, client-server, mobile, car infotainment and other embedded systems. Security audits.
  • Debug and reverse engineering (bytecode, ARM, TrustZone, Security Element), threat modeling, risk analysis.
  • Participation in the CTF (Capture The Flag) hacker competitions with wins and high results.
  • Information security event management and incident response. SIEM systems. Forensic investigations of cyber security incidents.
  • Security hardening. Intrusion detection/prevention system.
  • Security standards and frameworks (ISO, PCI DSS, SOX, etc.).
CCNA
Nikolay, Security Analyst 414 years
  • Sofware and hardware assessment, penetration testing. Security assessments of applications, software libraries and frameworks.
  • Testing of hardware security and protection against hardware-level attacks.
  • Cisco Internetworking, design and administration of heterogeneous environments.
  • Proficiency in system level programming and development of Android applications.
  • System level programming (Linux/Windows), OS internals, embedded systems.
  • Blackbox software security testing (i.e. binary reversing and fuzzing): ARM binaries and Intel binaries, Windows and Linux applications.
  • Whitebox software security testing (i.e. source code analyzing).
  • IoT (smart-home and smart-building solutions) penetration testing: hardware and software side.
  • Analyzing custom obfuscators and protectors: obfuscators for binary ARM code and C/C++ source code, Java/Android protectors and obfuscators, Javascript obfuscator, etc.
  • Application fuzzing and TEE OS fuzzing.
  • Web services and network environment penetration tests.
  • Development of custom tools for binary and source code analysis (C, Python, Groovy), custom software fuzzing (C, Python), deobfuscation tools (Python, Java, Javascript), etc.
  • Participated in different CTF and security wargames with wins and high results.
Master of Computer Systems and Networks
Denis, Security Analyst 519 years
  • Development of methodologies for penetration testing and security audit, vulnerability assessment, source code audit.
  • Malware and spyware research and analysis, development of information security systems, technical expertise, development of security policy for corporations, manual security testing.
  • Investigation of cybercrimes, open-source intelligence, competitive intelligence, Internet research and analysis, Deep Web, Shadow Web, Dark Web research.
  • Security awareness and education, security competence management. Project management. Organizing of security events (seminars and conferences).
Microsoft MVP (Most Valuable Professional) in Consumer Security
Oleksandr, Security Analyst 616 years
  • Penetration testing of client-server and embedded systems.
  • Physical penetration testing.
  • Industrial IT security audits.
SSCP, ISA/IEC 62443 Cybersecurity Fundamentals Specialist
H-X cyber security experts

We are passionate about what we do, because we believe that we make this world safer and give sureness to people.

Feel free to hire us for your short-term or long-term projects, for remote or on-site work.




Who we are, what we do and what we offer.

About penetration tests.