A man in a suit looking at multiple monitors displaying financial or security data.

Put your cybersecurity to the test

Cyloq – we protect you by attacking you.

book a meeting

Services

We do what attackers do – before they do it

Close-up of hands typing code on laptop in front of two screens — showing a technician conducting penetration tests.
Four people sit in a glass-walled meeting room, in discussion in front of an on-screen presentation -- illustrating a team planning or analyzing vulnerability scanning.
Two people with their backs to the camera work at dark-lit computers in a red-lit room — symbolizing a red teaming test in a controlled environment.
Several people sit in a meeting room with laptops in a late work situation — showing coordination when dealing with a cybersecurity incident

Customer Case

How we helped VX Fiber secure their IT environment

See all cases
“Now we have a 'stamp of approval' on our security work”

Results

94% threat mitigation in 3 months
Enhanced security compliance (PCI DSS, ISO 27001)
Stronger authentication & encryption
Read more
A futuristic digital representation of a blockchain network, featuring interconnected glowing cubes with transparent and metallic elements, symbolizing data processing and decentralized technology.
Se alla kundcase

Why Cyloq?

We find what others miss

With over 15 years of experience and the industry's most respected certifications, we identify critical vulnerabilities – before they can be exploited.

Certified hackers on your side

With over 15 years of experience and armed with the top certifications (OSCP), we guarantee security that holds under real-world pressure.

Real-world attack simulations

We replicate advanced attacks using the same methods and real threat hackers use, and find vulnerabilities before they do.

Tailored testing

No two systems are the same. Whether you're running cloud, microservices or old legacy solutions, we dive in fast and go straight for the weaknesses.

Superior reports

No 300-page nonsense. You get clear, prioritized reports with fixes you can act on right away. Instead of filing away and forget.

Cyloq's founder Sam Eizad gives a presentation
Cyloqs founder Sam Eizad holds a lecture on penetration tests in front of a room full of people.
Several people work at screens in a bright office landscape.

About us

We’re not like other IT consultants

We’re not your typical IT consultants. We’re hackers – with our hearts in offensive security and our minds wired for exploits.

Finding weaknesses isn’t just what we do, it’s what we live for. We attack your environment like a real threat actor would, showing you exactly what holds up and what cracks under pressure.


Read more about us
15+

Years of Experience

500+

Security Assesments

670+

Critical Vulnerabilities Identified

References

What our clients are saying about us

Yngve Swanström
Marcus Södervall
Klas Strömberg
Tim Cambrant
"Cyloq consistently exceeds expectations. They're especially thorough, quick, and easy to work with. It's a seamless, hassle-free partnership."
Yngve Swanström
CISO at Marginalen Bank
"We would absolutely recommend Cyloq. They're direct, highly skilled, and a pleasure to work with. Collaboration is smooth, and they consistently deliver strong results."
Marcus Södervall
Head of Trust at Stravito
"Whenever something arises, we receive immediate feedback. Cyloq is quick, efficient, and exceptionally easy to work with."
Klas Strömberg
IT Security Strategist at Sundbybergs Stad
"We have no reason to switch from Cyloq or even consider another provider. So far, they've succeeded with everything we've thrown at them."
Tim Cambrant
Chief Security Officer at VX fiber

Cases

Results from real attacks

Show more
Text Link

Sundbybergs Stad: Why we chose a long-term partnership with Cyloq

2025-05-17
0
min read

Sundbybergs Stad is a growing municipality in the Stockholm region. As the city expands and its operations become more digital, the need for strong cybersecurity keeps growing. To stay ahead of both current and emerging threats, the city has committed to an ongoing collaboration with Cyloq, built around regular penetration tests, weekly vulnerability scans, and close strategic alignment.

A long-term partner who understands our IT environment

Before working with Cyloq, the city’s approach to security was more reactive than proactive. Tests and scans were run from time to time, but without a consistent structure. That’s something IT Security Strategist Klas Strömberg set out to change.  

 

Through a formal procurement process involving several vendors, Sundbybergs Stad chose Cyloq and signed a four-year contract covering penetration testing and vulnerability scanning.

“We wanted a long-term agreement so we could test continuously and adjust based on real-world threats,” says Klas. “That means we use different methods and different targets each time, and it’s always adapted to what’s most important right now.”

One of the biggest advantages of the long-term deal is that Cyloq now knows Sundbyberg’s IT environment inside and out. With ongoing dialogue between the teams, Cyloq can make proactive recommendations based on live threat intelligence, while Sundbyberg can request specific assessments tied to current needs.

“They understand our environment now and tailor suggestions based on real-world threats. That’s incredibly valuable.”

A smooth process and reports that drive action

You can’t test everything at once. You have to be intentional and focus on what matters most. Together with Cyloq, they agree on a scenario or an area to focus on for each test.

“We usually run it in two phases. First a broad mapping, then we regroup and decide what to drill deeper into.”

After each test, Cyloq delivers a detailed report.

“The reports are clear, well-structured, and easy to act on. They give us everything we need to fix and close off any identified vulnerabilities. Most of the time, our internal team handles the fixes, but Cyloq is always there when we need a hand.”

Today, Sundbybergs Stad runs two to three penetration tests per year, and weekly vulnerability scans to maintain constant visibility.

Fewer risks. Fewer unknowns.

The goal of the continuous testing was clear from the beginning: reduce risk, close gaps, and do it before someone else finds them. And it’s working.

“We’ve got fewer vulnerabilities in the environment, and that was the whole point. Cyloq helps us spot weak points early and fix them fast, before they turn into real problems.”

But the impact goes beyond technical fixes. The reports have also helped spark deeper internal conversations and increase security awareness among the internal IT staff.  

“Sometimes you need an external perspective. Otherwise, it’s too easy to go blind to your own assumptions.”

Cyloq delivers. And yes, Sundbyberg recommends them.

One of the biggest advantages of working with Cyloq, Klas says, is how responsive they are.

“If something comes up, we get immediate feedback. Cyloq is fast and incredibly easy to work with.”

So, would he recommend Cyloq to other organizations?

“Absolutely. They know what they’re doing, and they genuinely care about delivering great results. The personal connection and engagement we get from Cyloq is on a totally different level from what we’ve seen with larger vendors.”

Read more
Text Link

VX Fiber: “Now we have a 'stamp of approval' on our security work”

2025-03-11
0
min read

VX Fiber is an international broadband provider serving municipalities and enterprises that have their own fiber networks. With 80 employees and a rapidly growing infrastructure, cybersecurity has become a core priority. “Security is such a key issue now that it’s reported directly to the  board,” says Tim Cambrant, Chief Security Officer at VX Fiber.

Bringing in an external partner became essential

Before working with Cyloq, security at VX Fiber was handled by a capable internal team. But something was missing. “We had good processes and the right mindset. But we realized that customers and investors started to expect third-party validation.” Tim explains.

As the company scaled up, the stakes grew. “The more customers we serve, the more critical we become to society. Questions concerning security now come up in sales meetings. We need to be able to show that our structure actually holds up.”

Even with strong in-house talent, the team knew: no matter how well you think you're doing, you need someone from the outside to challenge your assumptions.

“We wanted a clear picture of where we stood and someone independent to back it up.”

When VX Fiber started looking for a security partner, they didn’t want a big-box consultancy. They wanted someone who was agile, responsive, and easy to work with.

“They weren’t like the big vendors. They were easy to get in contact with, they were small and adaptable, and clearly ready to do the actual work instead of trying to sell a massive package.” After an initial meeting, VX Fiber brought in Cyloq to run a penetration test.

Penetration tests are now part of the policy

Tim admits they initially weren’t sure how much Cyloq would find in just two weeks.

“We had people on standby, ready to help or answer questions. But Cyloq didn’t need much. They just went in and got to work.”

Two weeks later, Cyloq delivered their report. The results spoke for themselves.

“Honestly, we were surprised by how much they found. Of course you want them to find something, but you still hope it’s not much. They dug deep, they were thorough, and it felt like they put in more time than they billed for.”

The process was smooth and effective. “We explain what we want them to focus on, grant access to relevant systems, and they take it from there. If something critical shows up, they let us know right away. They also offer to explain the results and assist with the fixes”

VX Fiber has now worked with Cyloq on three separate penetration tests and has made it policy to run one at least once a year. Each test targets a different area of the business, and when everything’s been tested, they start over.

“It’s not a one-off. It’s a continuous process. We rotate areas and keep the cycle going.”

Clear results and a stronger security culture

“The biggest shift is clarity. We now have a clear picture of our vulnerability profile. Cyloq gave us that external stamp of approval, which matters to our customers, our board, and our investors.”

But the impact wasn’t just structural, Cyloq reshaped the company’s security culture. “We have a young development team. Working with Cyloq gave them a new level of respect for security. They’ve seen firsthand why external reviews matter.”

“It’s not enough to have in-house experts. We all have blind spots. This partnership has shown us that no matter how thorough we think we are, we’ve definitely missed something. It’s raised awareness that even the most experienced people can overlook critical details, and we always need someone else reviewing what we do.”

Advice for other companies looking to tighten up security

Tim’s first tip: start with an honest audit.

“What are you trying to protect? For most, it’s customer data. Then take a hard look at access controls and storage practices. Smaller companies often overlook simple things, and what leaks is usually a document stored in the wrong place.”

His second tip: don’t do it alone.

“Not every company can afford a large security team. But even if you manage IT yourself, you need a third party to identify and close security gaps.”

Would they recommend Cyloq? No hesitation.

When asked if they would recommend Cyloq to others, the answer is clear:  

“Definitely. They’re easy to work with, they’re fast, flexible, and knowledgeable. They deliver value and make our security efforts easier.”

“We see no reason to switch – or even supplement – with anyone else. So far, we haven’t given them a challenge they couldn’t handle.”

Want us to find the vulnerabilities you didn’t know were there?

Book a meeting

Read more
Text Link

Stravito: “Cyloq gave us deeper security insights than any previous review.”

0
min read

Stravito is an AI-powered insights platform that helps global enterprises centralize and organize their market and consumer data to drive better, data-informed decisions.

“We’re an AI company with strict security demands and as a SaaS provider, external validation is essential,” says Marcus Södervall, Head of Trust at Stravito.

A different experience from previous penetration tests

Stravito reached out to Cyloq in the summer of 2023 after a client requested a penetration test.  

“We’d avoided traditional pentests in the past. Frankly, we never saw much value in the results. Instead, we’ve been running a bug bounty program as our ongoing testing method. But when a customer specifically asked for a formal test, we figured we’d give it a go.”

Marcus admits expectations were low, but the outcome turned out to be more valuable than anticipated.

“We were pleasantly surprised. Cyloq found several issues that hadn’t been caught by previous tests or our bug bounty program. So yeah, we were really happy with the results.”

The process was fast and efficient. Cyloq worked within a defined timeline, delivered a clear report, and outlined practical fixes the team could implement themselves – which they did.

“It was fast, frictionless, and communication was easy. Everyone at Cyloq was great to work with. They were professional and straight to the point. Compared to past penetration tests we’ve done, both the expertise and final report were at a completely different level.”

Red Teaming: Attacking the company on all fronts

After the success of the penetration test, Stravito decided to move forward with a full red teaming operation – a broader simulation where the attacker can come at the company from any angle.

“We told Cyloq what absolutely couldn’t end up in the wrong hands and asked them to go after it, using whatever means they had.”

Just like before, Cyloq kept communication clear, understood the assignment right away, and maintained alignment throughout the engagement. They kept a tight feedback loop during the test and wrapped up with a well-structured report outlining what worked, what didn’t, and what could be improved.

“It took longer and was more comprehensive than a standard test, but it was incredibly valuable. Both for the security team and the entire organization.”

“Everyone should experience a planned attack”

The red teaming exercise led to immediate changes across the business.

“We’ve already made several improvements based on Cyloq’s findings. This partnership has made us better prepared, no doubt about it.”

But the real value wasn’t just technical. The simulation had a tangible impact on awareness across the company.

“It really raised the bar. Our employees now understand how attacks actually play out and what they personally need to pay attention to. If you haven’t gone through a red teaming exercise, you should. Everyone benefits from experiencing what a real-world attack looks like and how people respond.”

One of the key takeaways Marcus emphasizes is how attackers often don’t go through firewalls - they go through people.

“If someone’s going to breach you, chances are they’ll go through an employee. So we have to support our people and give them the tools to maintain good cyber hygiene.”

A long-term partner for Stravito

With two successful projects, Stravito plans to keep working with Cyloq.

“We’ll definitely keep testing with them. We’re also looking at bringing them in to break down the AI features in our platform, and we’ll likely ask them to run a security training session for our developers too.”

Cyloq hasn’t just delivered solid results, they’ve helped raise the security bar for the whole organization. For Marcus, recommending them is a no-brainer:

“Absolutely. They’re straightforward, easy to work with, and they know what they’re doing. Zero fluff, just real results.”

Read more
Text Link

Marginalen Bank: “Cyloq delivers beyond expectations – every time.”

0
min read

Marginalen Bank is a Swedish bank that offers a broad portfolio of financial services. But as a smaller player in a tightly regulated market, the bar for cybersecurity is set especially high. “We’re a financial company with a wide range of products, which brings unique security challenges,” says Yngve Swanström, Head of Security at Marginalen Bank.

A long-term partnership from day one

Security is a core pillar of operations at Marginalen Bank, and they have worked with Cyloq ever since Cyloq was founded in 2022. Before Cyloq, the bank had worked with various providers. That’s when they came across Andreas and Sam and were immediately impressed by their skills. So when those two went on to start Cyloq, continuing the collaboration was an easy decision.  

“We rely on Cyloq for both penetration tests and security training, and we plan to keep it that way.”

Marginalen Bank has a clear policy. The security in the systems needs to be tested often and thoroughly. The bank conducts multiple penetration tests each year to make sure every system holds up at all times. But the partnership with Cyloq goes beyond just technical expertise.

“It’s not just about the results, they’re also flexible, responsive, and adapt to how we work. That matters just as much.”

A process that runs itself

Every engagement starts with a clear scoping session involving Cyloq, the security team, and project stakeholders. Thanks to the ongoing collaboration, Cyloq already has access to much of what they need to get going right away.

“They’re self-sufficient from the start. They know what’s expected and what we need. Full credit to them.”

Cyloq gets access to the right accounts and systems, runs the test quickly and effectively, and delivers a clear final report with concrete, prioritized recommendations.

“We handle most of the fixes in-house, but Cyloq is always there as a sounding board if we need to talk things through. That makes them a great partner too.”

Beyond testing, Cyloq also runs developer training sessions for Marginalen Bank’s tech teams.

“The trainings are always well received. Practical, straightforward, and easy to apply. We’ve got another one coming up soon.”

Currently, Marginalen Bank runs about ten penetration tests per year, along with regular training sessions. Looking ahead, they’re also planning to bring Cyloq in for a red teaming exercise.

Would they recommend Cyloq? No doubt about it.

Even after years of working together, Cyloq keeps raising the bar.

“They deliver beyond expectations, every time. They’re fast, thorough, and really easy to work with. It’s a partnership that just works.”

With Marginalen Bank’s agile way of working, tight timelines and fast-changing priorities, Cyloq has proven time and again that they can keep pace and stay in sync.

“We highly recommend Cyloq. They’re responsive, deliver top-tier quality, and are incredibly easy to collaborate with.”

Read more
Text Link
Text Link
Text Link
Text Link
Text Link
Text Link
Text Link
Text Link
Visa fler

blog

Explore our latest news

view more
Text Link

The Future of Cyber Security

October 5, 2023
0
min read

The Future of Cyber Security

The future of cyber security is a topic of great interest as technology continues to advance. This article explores the trends and technologies that will shape cyber security in the coming years.

Quantum Computing

Quantum computing has the potential to revolutionize cyber security. While it poses new challenges, it also offers opportunities for creating more secure systems.

Blockchain Technology

Blockchain technology is being explored for its ability to enhance security and transparency in transactions. Its decentralized nature makes it a promising solution for various security challenges.

“The future is not something we enter; the future is something we create.”

Collaboration and Information Sharing

Collaboration among organizations and sharing information about threats will be crucial in building a more secure digital environment.

Read more
Text Link

Essential Cyber Security Tools for Businesses

October 4, 2023
0
min read

Essential Cyber Security Tools for Businesses

In the fight against cyber threats, having the right tools is essential for businesses. This article highlights some of the most effective cyber security tools available in 2023.

Firewalls

Firewalls are the first line of defense against cyber attacks. They monitor incoming and outgoing traffic and block unauthorized access.

Antivirus Software

Antivirus software is crucial for detecting and removing malware. Regular updates are necessary to protect against the latest threats.

“Investing in security tools is investing in your business.”

Intrusion Detection Systems

These systems help identify potential threats and breaches, allowing organizations to respond quickly to incidents.

Read more
Text Link

Cyber Security Regulations in 2023

October 3, 2023
0
min read

Cyber Security Regulations in 2023

As cyber threats continue to evolve, governments and regulatory bodies are implementing stricter cyber security regulations. This article provides an overview of the key regulations that organizations must comply with in 2023.

GDPR Compliance

The General Data Protection Regulation (GDPR) remains a critical framework for data protection in Europe. Organizations must ensure that they are compliant to avoid hefty fines.

New Data Protection Laws

Many countries are introducing new data protection laws that require organizations to implement robust security measures to protect personal data.

“Compliance is not just a checkbox; it’s a commitment.”

Impact on Businesses

Failure to comply with these regulations can lead to severe penalties and damage to reputation. Organizations must prioritize compliance to safeguard their operations.

Read more
Text Link

The Importance of Cyber Security Awareness

October 2, 2023
0
min read

The Importance of Cyber Security Awareness

In today's digital age, cyber security awareness is more important than ever. With the increasing number of cyber threats, educating employees about security practices is essential for protecting sensitive information.

Employee Training Programs

Organizations should implement regular training programs to keep employees informed about the latest threats and best practices. This proactive approach can significantly reduce the risk of security breaches.

Phishing Attacks

Phishing remains one of the most common tactics used by cybercriminals. Employees must be trained to recognize suspicious emails and links to avoid falling victim to these attacks.

“An informed employee is the first line of defense.”

Creating a Security Culture

Fostering a culture of security within the organization encourages employees to take responsibility for their actions and report any suspicious activity.

Read more
Text Link

Sam Eizad gästar The Growth Hackers – varför hackare älskar svaga nätbutiker

October 1, 2023
0
min read

Vad får en etisk hacker med år av terminalkod bakom sig att lämna tangentbordet och kliva in i en poddstudio? Den 23 augusti 2024 slog vår medgrundare Sam Eizad sig ned hos programledaren Jorge Castro i podcasten The Growth Hackers för ett trekvarts samtal om e-handelns akilleshälar och hur de kan stärkas innan någon obehörig hinner dit.

Sam har mer än femton års erfarenhet av offensiv säkerhet och en rad bug-bounty-framgångar hos bland annat Google, Microsoft och Apple på meritlistan. I podden berättar han hur angripare kartlägger en butik, vilken typ av felkonfigurationer som lockar mest och varför “det handlar om att hitta svaga punkter i systemen”, som han uttrycker det.

Samtalet rör sig från teknik till människor. Lager-på-lager-skydd och regelbundna penetrationstester är grunden, men Sam betonar att utan medvetna medarbetare är brandväggen mest kuliss. Därför bygger Cyloq inte bara tester utan också skräddarsydda awareness-program som gör säkerhet till en vana i vardagen.

Det ligger nära vår egen filosofi – vi skyddar genom att attackera först. Pen-tester, red-team-övningar och blixtsnabb incidentrespons ger våra kunder möjligheten att stänga luckor innan någon annan hittar dem.

Nyfiken på alla detaljer? Avsnittet finns på ehandel.se/podd och Spotify. Luta dig tillbaka, lyssna och hör av dig om du vill veta vad ett offensivt säkerhetstest kan avslöja i just din plattform.

<iframe style="border-radius:12px" src="https://open.spotify.com/embed/episode/2YwSIiX1ICQUshmj66MJl7?utm_source=generator&theme=0" width="100%" height="352" frameBorder="0" allowfullscreen="" allow="autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture" loading="lazy"></iframe>


Sam Eizad on The Growth Hackers – the anatomy of a safer online store

English article

On 23 August 2024 our co-founder Sam Eizad swapped console windows for a studio microphone and joined host Jorge Castro on The Growth Hackers podcast. The result is a forty-minute deep-dive into the weaknesses cyber-criminals look for – and how retailers can close those doors before anyone slips through.

Sam brings more than fifteen years in offensive security plus high-profile bug-bounty wins against Google, Microsoft and Apple. He explains the attacker’s mindset and reminds listeners that “finding the soft spots in a system” is step one for any breach attempt.

Tools alone won’t cut it. Layered defences and routine penetration tests matter, yet culture completes the shield. That is why Cyloq pairs hands-on testing with tailored awareness sessions, turning staff into a living part of the defence.

Our creed is simple – protect by striking first. Pen-tests, red-team engagements and rapid incident handling reveal, respond, and reinforce long before real attackers get a chance.

Curious? Find the episode on ehandel.se/podd or Spotify, then drop us a line. We are ready to put your storefront to the test – on your terms, not the attacker’s.

Read more
Text Link
Text Link
Text Link
Text Link
view more

blog

Kundcase

Visa fler
Text Link

Sundbybergs Stad: Why we chose a long-term partnership with Cyloq

2025-05-17
0
min read

Sundbybergs Stad is a growing municipality in the Stockholm region. As the city expands and its operations become more digital, the need for strong cybersecurity keeps growing. To stay ahead of both current and emerging threats, the city has committed to an ongoing collaboration with Cyloq, built around regular penetration tests, weekly vulnerability scans, and close strategic alignment.

A long-term partner who understands our IT environment

Before working with Cyloq, the city’s approach to security was more reactive than proactive. Tests and scans were run from time to time, but without a consistent structure. That’s something IT Security Strategist Klas Strömberg set out to change.  

 

Through a formal procurement process involving several vendors, Sundbybergs Stad chose Cyloq and signed a four-year contract covering penetration testing and vulnerability scanning.

“We wanted a long-term agreement so we could test continuously and adjust based on real-world threats,” says Klas. “That means we use different methods and different targets each time, and it’s always adapted to what’s most important right now.”

One of the biggest advantages of the long-term deal is that Cyloq now knows Sundbyberg’s IT environment inside and out. With ongoing dialogue between the teams, Cyloq can make proactive recommendations based on live threat intelligence, while Sundbyberg can request specific assessments tied to current needs.

“They understand our environment now and tailor suggestions based on real-world threats. That’s incredibly valuable.”

A smooth process and reports that drive action

You can’t test everything at once. You have to be intentional and focus on what matters most. Together with Cyloq, they agree on a scenario or an area to focus on for each test.

“We usually run it in two phases. First a broad mapping, then we regroup and decide what to drill deeper into.”

After each test, Cyloq delivers a detailed report.

“The reports are clear, well-structured, and easy to act on. They give us everything we need to fix and close off any identified vulnerabilities. Most of the time, our internal team handles the fixes, but Cyloq is always there when we need a hand.”

Today, Sundbybergs Stad runs two to three penetration tests per year, and weekly vulnerability scans to maintain constant visibility.

Fewer risks. Fewer unknowns.

The goal of the continuous testing was clear from the beginning: reduce risk, close gaps, and do it before someone else finds them. And it’s working.

“We’ve got fewer vulnerabilities in the environment, and that was the whole point. Cyloq helps us spot weak points early and fix them fast, before they turn into real problems.”

But the impact goes beyond technical fixes. The reports have also helped spark deeper internal conversations and increase security awareness among the internal IT staff.  

“Sometimes you need an external perspective. Otherwise, it’s too easy to go blind to your own assumptions.”

Cyloq delivers. And yes, Sundbyberg recommends them.

One of the biggest advantages of working with Cyloq, Klas says, is how responsive they are.

“If something comes up, we get immediate feedback. Cyloq is fast and incredibly easy to work with.”

So, would he recommend Cyloq to other organizations?

“Absolutely. They know what they’re doing, and they genuinely care about delivering great results. The personal connection and engagement we get from Cyloq is on a totally different level from what we’ve seen with larger vendors.”

Read more
Text Link

VX Fiber: “Now we have a 'stamp of approval' on our security work”

2025-03-11
0
min read

VX Fiber is an international broadband provider serving municipalities and enterprises that have their own fiber networks. With 80 employees and a rapidly growing infrastructure, cybersecurity has become a core priority. “Security is such a key issue now that it’s reported directly to the  board,” says Tim Cambrant, Chief Security Officer at VX Fiber.

Bringing in an external partner became essential

Before working with Cyloq, security at VX Fiber was handled by a capable internal team. But something was missing. “We had good processes and the right mindset. But we realized that customers and investors started to expect third-party validation.” Tim explains.

As the company scaled up, the stakes grew. “The more customers we serve, the more critical we become to society. Questions concerning security now come up in sales meetings. We need to be able to show that our structure actually holds up.”

Even with strong in-house talent, the team knew: no matter how well you think you're doing, you need someone from the outside to challenge your assumptions.

“We wanted a clear picture of where we stood and someone independent to back it up.”

When VX Fiber started looking for a security partner, they didn’t want a big-box consultancy. They wanted someone who was agile, responsive, and easy to work with.

“They weren’t like the big vendors. They were easy to get in contact with, they were small and adaptable, and clearly ready to do the actual work instead of trying to sell a massive package.” After an initial meeting, VX Fiber brought in Cyloq to run a penetration test.

Penetration tests are now part of the policy

Tim admits they initially weren’t sure how much Cyloq would find in just two weeks.

“We had people on standby, ready to help or answer questions. But Cyloq didn’t need much. They just went in and got to work.”

Two weeks later, Cyloq delivered their report. The results spoke for themselves.

“Honestly, we were surprised by how much they found. Of course you want them to find something, but you still hope it’s not much. They dug deep, they were thorough, and it felt like they put in more time than they billed for.”

The process was smooth and effective. “We explain what we want them to focus on, grant access to relevant systems, and they take it from there. If something critical shows up, they let us know right away. They also offer to explain the results and assist with the fixes”

VX Fiber has now worked with Cyloq on three separate penetration tests and has made it policy to run one at least once a year. Each test targets a different area of the business, and when everything’s been tested, they start over.

“It’s not a one-off. It’s a continuous process. We rotate areas and keep the cycle going.”

Clear results and a stronger security culture

“The biggest shift is clarity. We now have a clear picture of our vulnerability profile. Cyloq gave us that external stamp of approval, which matters to our customers, our board, and our investors.”

But the impact wasn’t just structural, Cyloq reshaped the company’s security culture. “We have a young development team. Working with Cyloq gave them a new level of respect for security. They’ve seen firsthand why external reviews matter.”

“It’s not enough to have in-house experts. We all have blind spots. This partnership has shown us that no matter how thorough we think we are, we’ve definitely missed something. It’s raised awareness that even the most experienced people can overlook critical details, and we always need someone else reviewing what we do.”

Advice for other companies looking to tighten up security

Tim’s first tip: start with an honest audit.

“What are you trying to protect? For most, it’s customer data. Then take a hard look at access controls and storage practices. Smaller companies often overlook simple things, and what leaks is usually a document stored in the wrong place.”

His second tip: don’t do it alone.

“Not every company can afford a large security team. But even if you manage IT yourself, you need a third party to identify and close security gaps.”

Would they recommend Cyloq? No hesitation.

When asked if they would recommend Cyloq to others, the answer is clear:  

“Definitely. They’re easy to work with, they’re fast, flexible, and knowledgeable. They deliver value and make our security efforts easier.”

“We see no reason to switch – or even supplement – with anyone else. So far, we haven’t given them a challenge they couldn’t handle.”

Want us to find the vulnerabilities you didn’t know were there?

Book a meeting

Read more
Text Link

Stravito: “Cyloq gave us deeper security insights than any previous review.”

0
min read

Stravito is an AI-powered insights platform that helps global enterprises centralize and organize their market and consumer data to drive better, data-informed decisions.

“We’re an AI company with strict security demands and as a SaaS provider, external validation is essential,” says Marcus Södervall, Head of Trust at Stravito.

A different experience from previous penetration tests

Stravito reached out to Cyloq in the summer of 2023 after a client requested a penetration test.  

“We’d avoided traditional pentests in the past. Frankly, we never saw much value in the results. Instead, we’ve been running a bug bounty program as our ongoing testing method. But when a customer specifically asked for a formal test, we figured we’d give it a go.”

Marcus admits expectations were low, but the outcome turned out to be more valuable than anticipated.

“We were pleasantly surprised. Cyloq found several issues that hadn’t been caught by previous tests or our bug bounty program. So yeah, we were really happy with the results.”

The process was fast and efficient. Cyloq worked within a defined timeline, delivered a clear report, and outlined practical fixes the team could implement themselves – which they did.

“It was fast, frictionless, and communication was easy. Everyone at Cyloq was great to work with. They were professional and straight to the point. Compared to past penetration tests we’ve done, both the expertise and final report were at a completely different level.”

Red Teaming: Attacking the company on all fronts

After the success of the penetration test, Stravito decided to move forward with a full red teaming operation – a broader simulation where the attacker can come at the company from any angle.

“We told Cyloq what absolutely couldn’t end up in the wrong hands and asked them to go after it, using whatever means they had.”

Just like before, Cyloq kept communication clear, understood the assignment right away, and maintained alignment throughout the engagement. They kept a tight feedback loop during the test and wrapped up with a well-structured report outlining what worked, what didn’t, and what could be improved.

“It took longer and was more comprehensive than a standard test, but it was incredibly valuable. Both for the security team and the entire organization.”

“Everyone should experience a planned attack”

The red teaming exercise led to immediate changes across the business.

“We’ve already made several improvements based on Cyloq’s findings. This partnership has made us better prepared, no doubt about it.”

But the real value wasn’t just technical. The simulation had a tangible impact on awareness across the company.

“It really raised the bar. Our employees now understand how attacks actually play out and what they personally need to pay attention to. If you haven’t gone through a red teaming exercise, you should. Everyone benefits from experiencing what a real-world attack looks like and how people respond.”

One of the key takeaways Marcus emphasizes is how attackers often don’t go through firewalls - they go through people.

“If someone’s going to breach you, chances are they’ll go through an employee. So we have to support our people and give them the tools to maintain good cyber hygiene.”

A long-term partner for Stravito

With two successful projects, Stravito plans to keep working with Cyloq.

“We’ll definitely keep testing with them. We’re also looking at bringing them in to break down the AI features in our platform, and we’ll likely ask them to run a security training session for our developers too.”

Cyloq hasn’t just delivered solid results, they’ve helped raise the security bar for the whole organization. For Marcus, recommending them is a no-brainer:

“Absolutely. They’re straightforward, easy to work with, and they know what they’re doing. Zero fluff, just real results.”

Read more
Text Link

Marginalen Bank: “Cyloq delivers beyond expectations – every time.”

0
min read

Marginalen Bank is a Swedish bank that offers a broad portfolio of financial services. But as a smaller player in a tightly regulated market, the bar for cybersecurity is set especially high. “We’re a financial company with a wide range of products, which brings unique security challenges,” says Yngve Swanström, Head of Security at Marginalen Bank.

A long-term partnership from day one

Security is a core pillar of operations at Marginalen Bank, and they have worked with Cyloq ever since Cyloq was founded in 2022. Before Cyloq, the bank had worked with various providers. That’s when they came across Andreas and Sam and were immediately impressed by their skills. So when those two went on to start Cyloq, continuing the collaboration was an easy decision.  

“We rely on Cyloq for both penetration tests and security training, and we plan to keep it that way.”

Marginalen Bank has a clear policy. The security in the systems needs to be tested often and thoroughly. The bank conducts multiple penetration tests each year to make sure every system holds up at all times. But the partnership with Cyloq goes beyond just technical expertise.

“It’s not just about the results, they’re also flexible, responsive, and adapt to how we work. That matters just as much.”

A process that runs itself

Every engagement starts with a clear scoping session involving Cyloq, the security team, and project stakeholders. Thanks to the ongoing collaboration, Cyloq already has access to much of what they need to get going right away.

“They’re self-sufficient from the start. They know what’s expected and what we need. Full credit to them.”

Cyloq gets access to the right accounts and systems, runs the test quickly and effectively, and delivers a clear final report with concrete, prioritized recommendations.

“We handle most of the fixes in-house, but Cyloq is always there as a sounding board if we need to talk things through. That makes them a great partner too.”

Beyond testing, Cyloq also runs developer training sessions for Marginalen Bank’s tech teams.

“The trainings are always well received. Practical, straightforward, and easy to apply. We’ve got another one coming up soon.”

Currently, Marginalen Bank runs about ten penetration tests per year, along with regular training sessions. Looking ahead, they’re also planning to bring Cyloq in for a red teaming exercise.

Would they recommend Cyloq? No doubt about it.

Even after years of working together, Cyloq keeps raising the bar.

“They deliver beyond expectations, every time. They’re fast, thorough, and really easy to work with. It’s a partnership that just works.”

With Marginalen Bank’s agile way of working, tight timelines and fast-changing priorities, Cyloq has proven time and again that they can keep pace and stay in sync.

“We highly recommend Cyloq. They’re responsive, deliver top-tier quality, and are incredibly easy to collaborate with.”

Read more
Text Link
Text Link
Text Link
Text Link
Text Link
Text Link
Text Link
Text Link
view more

Take action

Secure your business today

Don’t wait for an attack to happen - strengthen your defenses now.

You know what’s at stake. We know how to protect it.

Book a meeting