Q&A: Nico Cooman (Managing Partner @ tSF)

We regularly receive questions about the foundation, future and philosophy of TSF. We decided to pour this into a short Q&A with our Managing Partner, Nico Cooman.

The Security Factory, the name says it all. Nico Cooman and his team are working on cybersecurity and getting companies more safe on a daily basis. We’ve spoken to Nico about TSF and what he intends to do with his team of ethical hackers. As part of The Cronos Group, TSF is teaming up with several other security companies to get cybersecurity out there.

2020 was a life changing year. Remote working became the new standard. This has introduced vulnerabilities which cybercriminals use to their advantage. To avoid becoming a victim of this, you can call on ethical hackers to get tested. Before someone else does.



Why was TSF founded?

The Security Factory was founded in the belief that there was a need for a dedicated security testing/ethical hacking company with the necessary expertise to help customers map their risks and weaknesses. Pentesting has been around for a long time now but there was not really a company that fully specialized in this area. At TSF, we live and breathe pentesting.

What is your biggest accomplishment with TSF?

I think succeeding in creating a company that can offer security testing experts with a real passion and the necessary knowledge. Furthermore, we created a home for them. They can work, learn, have sparring partners with the same interest, no side jobs and other projects they are not interested in, …

What is the strength of TSF?

We live and breathe security testing. It is in our DNA. We are not a company that has some testing profiles with the sporadic pentesting project. These are the only projects we have. So, we can step further into the knowledge of testing. This is a main skill of TSF. Security testing comes in different flavors: automated testing, manual penetration testing, community-based bug bounty testing, and much more. At TSF, we focus on the manual penetration testing. We believe it is the most cost friendly with the least false positives and negatives as possible. Don’t get me wrong: every type of testing is important, and they all have their advantages and disadvantages. Ideally, if your organization is capable of it, you should perform all these kinds of testing: automated to detect the low hanging fruit as soon as possible; manual penetration testing to detect the false negatives and complex issues where automated tools lack the hacking, creative mindset; Finally bug bounty to have a community with multiple techniques and continuous testing. To increase our quality, we have chosen only one aspect of these security testing types: the manual approach.

What is the impact of Covid-19 on cybercrime?

“Never waste a good crisis…” As always, hackers and cybercrime are trying to take advantage of a crisis situation. We started working from home, and actually… in no time we all set this up technically. As usual, security is something we think of afterwards or when it is too late. There is also an increase in the human aspect. Quite often, successful hacks originate from abusing a human aspect like phishing mails, vishing calls, social engineering… With the new remote-working approach, we receive more mails, perform more calls and hackers try to abuse this. We also notice that companies are more aware of this approach and come to us to test the current situation of the security awareness amongst their employees.

What is the future of TSF?

Keep providing a home for people with a passion for security testing and create the perfect conditions so they can over exceed themselves and become the experts the market needs.

If you have cybersecurity questions, questions about penetration testing or just want to get to know The Security Factory, send us an email : hello@thesecurityfactory.be