Put your cybersecurity to the test
Cyloq – we protect you by attacking you.
Services
We do what attackers do – before they do it
Customer Case
How we helped VX Fiber secure their IT environment
Why Cyloq?
We find what others miss
With over 15 years of experience and the industry's most respected certifications, we identify critical vulnerabilities – before they can be exploited.
Certified hackers on your side
With over 15 years of experience and armed with the top certifications (OSCP), we guarantee security that holds under real-world pressure.
Real-world attack simulations
We replicate advanced attacks using the same methods and real threat hackers use, and find vulnerabilities before they do.
Tailored testing
No two systems are the same. Whether you're running cloud, microservices or old legacy solutions, we dive in fast and go straight for the weaknesses.
Superior reports
No 300-page nonsense. You get clear, prioritized reports with fixes you can act on right away. Instead of filing away and forget.
About us
We’re not like other IT consultants
We’re not your typical IT consultants. We’re hackers – with our hearts in offensive security and our minds wired for exploits.
Finding weaknesses isn’t just what we do, it’s what we live for. We attack your environment like a real threat actor would, showing you exactly what holds up and what cracks under pressure.
References
What our clients are saying about us
Cases
Results from real attacks
Sundbybergs Stad is a growing municipality in the Stockholm region. As the city expands and its operations become more digital, the need for strong cybersecurity keeps growing. To stay ahead of both current and emerging threats, the city has committed to an ongoing collaboration with Cyloq, built around regular penetration tests, weekly vulnerability scans, and close strategic alignment.
A long-term partner who understands our IT environment
Before working with Cyloq, the city’s approach to security was more reactive than proactive. Tests and scans were run from time to time, but without a consistent structure. That’s something IT Security Strategist Klas Strömberg set out to change.
Through a formal procurement process involving several vendors, Sundbybergs Stad chose Cyloq and signed a four-year contract covering penetration testing and vulnerability scanning.
“We wanted a long-term agreement so we could test continuously and adjust based on real-world threats,” says Klas. “That means we use different methods and different targets each time, and it’s always adapted to what’s most important right now.”
One of the biggest advantages of the long-term deal is that Cyloq now knows Sundbyberg’s IT environment inside and out. With ongoing dialogue between the teams, Cyloq can make proactive recommendations based on live threat intelligence, while Sundbyberg can request specific assessments tied to current needs.
“They understand our environment now and tailor suggestions based on real-world threats. That’s incredibly valuable.”
A smooth process and reports that drive action
You can’t test everything at once. You have to be intentional and focus on what matters most. Together with Cyloq, they agree on a scenario or an area to focus on for each test.
“We usually run it in two phases. First a broad mapping, then we regroup and decide what to drill deeper into.”
After each test, Cyloq delivers a detailed report.
“The reports are clear, well-structured, and easy to act on. They give us everything we need to fix and close off any identified vulnerabilities. Most of the time, our internal team handles the fixes, but Cyloq is always there when we need a hand.”
Today, Sundbybergs Stad runs two to three penetration tests per year, and weekly vulnerability scans to maintain constant visibility.
Fewer risks. Fewer unknowns.
The goal of the continuous testing was clear from the beginning: reduce risk, close gaps, and do it before someone else finds them. And it’s working.
“We’ve got fewer vulnerabilities in the environment, and that was the whole point. Cyloq helps us spot weak points early and fix them fast, before they turn into real problems.”
But the impact goes beyond technical fixes. The reports have also helped spark deeper internal conversations and increase security awareness among the internal IT staff.
“Sometimes you need an external perspective. Otherwise, it’s too easy to go blind to your own assumptions.”
Cyloq delivers. And yes, Sundbyberg recommends them.
One of the biggest advantages of working with Cyloq, Klas says, is how responsive they are.
“If something comes up, we get immediate feedback. Cyloq is fast and incredibly easy to work with.”
So, would he recommend Cyloq to other organizations?
“Absolutely. They know what they’re doing, and they genuinely care about delivering great results. The personal connection and engagement we get from Cyloq is on a totally different level from what we’ve seen with larger vendors.”
VX Fiber is an international broadband provider serving municipalities and enterprises that have their own fiber networks. With 80 employees and a rapidly growing infrastructure, cybersecurity has become a core priority. “Security is such a key issue now that it’s reported directly to the board,” says Tim Cambrant, Chief Security Officer at VX Fiber.
Bringing in an external partner became essential
Before working with Cyloq, security at VX Fiber was handled by a capable internal team. But something was missing. “We had good processes and the right mindset. But we realized that customers and investors started to expect third-party validation.” Tim explains.
As the company scaled up, the stakes grew. “The more customers we serve, the more critical we become to society. Questions concerning security now come up in sales meetings. We need to be able to show that our structure actually holds up.”
Even with strong in-house talent, the team knew: no matter how well you think you're doing, you need someone from the outside to challenge your assumptions.
“We wanted a clear picture of where we stood and someone independent to back it up.”
When VX Fiber started looking for a security partner, they didn’t want a big-box consultancy. They wanted someone who was agile, responsive, and easy to work with.
“They weren’t like the big vendors. They were easy to get in contact with, they were small and adaptable, and clearly ready to do the actual work instead of trying to sell a massive package.” After an initial meeting, VX Fiber brought in Cyloq to run a penetration test.
Penetration tests are now part of the policy
Tim admits they initially weren’t sure how much Cyloq would find in just two weeks.
“We had people on standby, ready to help or answer questions. But Cyloq didn’t need much. They just went in and got to work.”
Two weeks later, Cyloq delivered their report. The results spoke for themselves.
“Honestly, we were surprised by how much they found. Of course you want them to find something, but you still hope it’s not much. They dug deep, they were thorough, and it felt like they put in more time than they billed for.”
The process was smooth and effective. “We explain what we want them to focus on, grant access to relevant systems, and they take it from there. If something critical shows up, they let us know right away. They also offer to explain the results and assist with the fixes”
VX Fiber has now worked with Cyloq on three separate penetration tests and has made it policy to run one at least once a year. Each test targets a different area of the business, and when everything’s been tested, they start over.
“It’s not a one-off. It’s a continuous process. We rotate areas and keep the cycle going.”
Clear results and a stronger security culture
“The biggest shift is clarity. We now have a clear picture of our vulnerability profile. Cyloq gave us that external stamp of approval, which matters to our customers, our board, and our investors.”
But the impact wasn’t just structural, Cyloq reshaped the company’s security culture. “We have a young development team. Working with Cyloq gave them a new level of respect for security. They’ve seen firsthand why external reviews matter.”
“It’s not enough to have in-house experts. We all have blind spots. This partnership has shown us that no matter how thorough we think we are, we’ve definitely missed something. It’s raised awareness that even the most experienced people can overlook critical details, and we always need someone else reviewing what we do.”
Advice for other companies looking to tighten up security
Tim’s first tip: start with an honest audit.
“What are you trying to protect? For most, it’s customer data. Then take a hard look at access controls and storage practices. Smaller companies often overlook simple things, and what leaks is usually a document stored in the wrong place.”
His second tip: don’t do it alone.
“Not every company can afford a large security team. But even if you manage IT yourself, you need a third party to identify and close security gaps.”
Would they recommend Cyloq? No hesitation.
When asked if they would recommend Cyloq to others, the answer is clear:
“Definitely. They’re easy to work with, they’re fast, flexible, and knowledgeable. They deliver value and make our security efforts easier.”
“We see no reason to switch – or even supplement – with anyone else. So far, we haven’t given them a challenge they couldn’t handle.”
Want us to find the vulnerabilities you didn’t know were there?
Book a meeting
Stravito is an AI-powered insights platform that helps global enterprises centralize and organize their market and consumer data to drive better, data-informed decisions.
“We’re an AI company with strict security demands and as a SaaS provider, external validation is essential,” says Marcus Södervall, Head of Trust at Stravito.
A different experience from previous penetration tests
Stravito reached out to Cyloq in the summer of 2023 after a client requested a penetration test.
“We’d avoided traditional pentests in the past. Frankly, we never saw much value in the results. Instead, we’ve been running a bug bounty program as our ongoing testing method. But when a customer specifically asked for a formal test, we figured we’d give it a go.”
Marcus admits expectations were low, but the outcome turned out to be more valuable than anticipated.
“We were pleasantly surprised. Cyloq found several issues that hadn’t been caught by previous tests or our bug bounty program. So yeah, we were really happy with the results.”
The process was fast and efficient. Cyloq worked within a defined timeline, delivered a clear report, and outlined practical fixes the team could implement themselves – which they did.
“It was fast, frictionless, and communication was easy. Everyone at Cyloq was great to work with. They were professional and straight to the point. Compared to past penetration tests we’ve done, both the expertise and final report were at a completely different level.”
Red Teaming: Attacking the company on all fronts
After the success of the penetration test, Stravito decided to move forward with a full red teaming operation – a broader simulation where the attacker can come at the company from any angle.
“We told Cyloq what absolutely couldn’t end up in the wrong hands and asked them to go after it, using whatever means they had.”
Just like before, Cyloq kept communication clear, understood the assignment right away, and maintained alignment throughout the engagement. They kept a tight feedback loop during the test and wrapped up with a well-structured report outlining what worked, what didn’t, and what could be improved.
“It took longer and was more comprehensive than a standard test, but it was incredibly valuable. Both for the security team and the entire organization.”
“Everyone should experience a planned attack”
The red teaming exercise led to immediate changes across the business.
“We’ve already made several improvements based on Cyloq’s findings. This partnership has made us better prepared, no doubt about it.”
But the real value wasn’t just technical. The simulation had a tangible impact on awareness across the company.
“It really raised the bar. Our employees now understand how attacks actually play out and what they personally need to pay attention to. If you haven’t gone through a red teaming exercise, you should. Everyone benefits from experiencing what a real-world attack looks like and how people respond.”
One of the key takeaways Marcus emphasizes is how attackers often don’t go through firewalls - they go through people.
“If someone’s going to breach you, chances are they’ll go through an employee. So we have to support our people and give them the tools to maintain good cyber hygiene.”
A long-term partner for Stravito
With two successful projects, Stravito plans to keep working with Cyloq.
“We’ll definitely keep testing with them. We’re also looking at bringing them in to break down the AI features in our platform, and we’ll likely ask them to run a security training session for our developers too.”
Cyloq hasn’t just delivered solid results, they’ve helped raise the security bar for the whole organization. For Marcus, recommending them is a no-brainer:
“Absolutely. They’re straightforward, easy to work with, and they know what they’re doing. Zero fluff, just real results.”
Marginalen Bank is a Swedish bank that offers a broad portfolio of financial services. But as a smaller player in a tightly regulated market, the bar for cybersecurity is set especially high. “We’re a financial company with a wide range of products, which brings unique security challenges,” says Yngve Swanström, Head of Security at Marginalen Bank.
A long-term partnership from day one
Security is a core pillar of operations at Marginalen Bank, and they have worked with Cyloq ever since Cyloq was founded in 2022. Before Cyloq, the bank had worked with various providers. That’s when they came across Andreas and Sam and were immediately impressed by their skills. So when those two went on to start Cyloq, continuing the collaboration was an easy decision.
“We rely on Cyloq for both penetration tests and security training, and we plan to keep it that way.”
Marginalen Bank has a clear policy. The security in the systems needs to be tested often and thoroughly. The bank conducts multiple penetration tests each year to make sure every system holds up at all times. But the partnership with Cyloq goes beyond just technical expertise.
“It’s not just about the results, they’re also flexible, responsive, and adapt to how we work. That matters just as much.”
A process that runs itself
Every engagement starts with a clear scoping session involving Cyloq, the security team, and project stakeholders. Thanks to the ongoing collaboration, Cyloq already has access to much of what they need to get going right away.
“They’re self-sufficient from the start. They know what’s expected and what we need. Full credit to them.”
Cyloq gets access to the right accounts and systems, runs the test quickly and effectively, and delivers a clear final report with concrete, prioritized recommendations.
“We handle most of the fixes in-house, but Cyloq is always there as a sounding board if we need to talk things through. That makes them a great partner too.”
Beyond testing, Cyloq also runs developer training sessions for Marginalen Bank’s tech teams.
“The trainings are always well received. Practical, straightforward, and easy to apply. We’ve got another one coming up soon.”
Currently, Marginalen Bank runs about ten penetration tests per year, along with regular training sessions. Looking ahead, they’re also planning to bring Cyloq in for a red teaming exercise.
Would they recommend Cyloq? No doubt about it.
Even after years of working together, Cyloq keeps raising the bar.
“They deliver beyond expectations, every time. They’re fast, thorough, and really easy to work with. It’s a partnership that just works.”
With Marginalen Bank’s agile way of working, tight timelines and fast-changing priorities, Cyloq has proven time and again that they can keep pace and stay in sync.
“We highly recommend Cyloq. They’re responsive, deliver top-tier quality, and are incredibly easy to collaborate with.”
blog
The future of cyber security is a topic of great interest as technology continues to advance. This article explores the trends and technologies that will shape cyber security in the coming years.
Quantum computing has the potential to revolutionize cyber security. While it poses new challenges, it also offers opportunities for creating more secure systems.
Blockchain technology is being explored for its ability to enhance security and transparency in transactions. Its decentralized nature makes it a promising solution for various security challenges.
“The future is not something we enter; the future is something we create.”
Collaboration among organizations and sharing information about threats will be crucial in building a more secure digital environment.
In the fight against cyber threats, having the right tools is essential for businesses. This article highlights some of the most effective cyber security tools available in 2023.
Firewalls are the first line of defense against cyber attacks. They monitor incoming and outgoing traffic and block unauthorized access.
Antivirus software is crucial for detecting and removing malware. Regular updates are necessary to protect against the latest threats.
“Investing in security tools is investing in your business.”
These systems help identify potential threats and breaches, allowing organizations to respond quickly to incidents.
As cyber threats continue to evolve, governments and regulatory bodies are implementing stricter cyber security regulations. This article provides an overview of the key regulations that organizations must comply with in 2023.
The General Data Protection Regulation (GDPR) remains a critical framework for data protection in Europe. Organizations must ensure that they are compliant to avoid hefty fines.
Many countries are introducing new data protection laws that require organizations to implement robust security measures to protect personal data.
“Compliance is not just a checkbox; it’s a commitment.”
Failure to comply with these regulations can lead to severe penalties and damage to reputation. Organizations must prioritize compliance to safeguard their operations.
In today's digital age, cyber security awareness is more important than ever. With the increasing number of cyber threats, educating employees about security practices is essential for protecting sensitive information.
Organizations should implement regular training programs to keep employees informed about the latest threats and best practices. This proactive approach can significantly reduce the risk of security breaches.
Phishing remains one of the most common tactics used by cybercriminals. Employees must be trained to recognize suspicious emails and links to avoid falling victim to these attacks.
“An informed employee is the first line of defense.”
Fostering a culture of security within the organization encourages employees to take responsibility for their actions and report any suspicious activity.
Vad får en etisk hacker med år av terminalkod bakom sig att lämna tangentbordet och kliva in i en poddstudio? Den 23 augusti 2024 slog vår medgrundare Sam Eizad sig ned hos programledaren Jorge Castro i podcasten The Growth Hackers för ett trekvarts samtal om e-handelns akilleshälar och hur de kan stärkas innan någon obehörig hinner dit.
Sam har mer än femton års erfarenhet av offensiv säkerhet och en rad bug-bounty-framgångar hos bland annat Google, Microsoft och Apple på meritlistan. I podden berättar han hur angripare kartlägger en butik, vilken typ av felkonfigurationer som lockar mest och varför “det handlar om att hitta svaga punkter i systemen”, som han uttrycker det.
Samtalet rör sig från teknik till människor. Lager-på-lager-skydd och regelbundna penetrationstester är grunden, men Sam betonar att utan medvetna medarbetare är brandväggen mest kuliss. Därför bygger Cyloq inte bara tester utan också skräddarsydda awareness-program som gör säkerhet till en vana i vardagen.
Det ligger nära vår egen filosofi – vi skyddar genom att attackera först. Pen-tester, red-team-övningar och blixtsnabb incidentrespons ger våra kunder möjligheten att stänga luckor innan någon annan hittar dem.
Nyfiken på alla detaljer? Avsnittet finns på ehandel.se/podd och Spotify. Luta dig tillbaka, lyssna och hör av dig om du vill veta vad ett offensivt säkerhetstest kan avslöja i just din plattform.
<iframe style="border-radius:12px" src="https://open.spotify.com/embed/episode/2YwSIiX1ICQUshmj66MJl7?utm_source=generator&theme=0" width="100%" height="352" frameBorder="0" allowfullscreen="" allow="autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture" loading="lazy"></iframe>
Sam Eizad on The Growth Hackers – the anatomy of a safer online store
On 23 August 2024 our co-founder Sam Eizad swapped console windows for a studio microphone and joined host Jorge Castro on The Growth Hackers podcast. The result is a forty-minute deep-dive into the weaknesses cyber-criminals look for – and how retailers can close those doors before anyone slips through.
Sam brings more than fifteen years in offensive security plus high-profile bug-bounty wins against Google, Microsoft and Apple. He explains the attacker’s mindset and reminds listeners that “finding the soft spots in a system” is step one for any breach attempt.
Tools alone won’t cut it. Layered defences and routine penetration tests matter, yet culture completes the shield. That is why Cyloq pairs hands-on testing with tailored awareness sessions, turning staff into a living part of the defence.
Our creed is simple – protect by striking first. Pen-tests, red-team engagements and rapid incident handling reveal, respond, and reinforce long before real attackers get a chance.
Curious? Find the episode on ehandel.se/podd or Spotify, then drop us a line. We are ready to put your storefront to the test – on your terms, not the attacker’s.
blog
Sundbybergs Stad is a growing municipality in the Stockholm region. As the city expands and its operations become more digital, the need for strong cybersecurity keeps growing. To stay ahead of both current and emerging threats, the city has committed to an ongoing collaboration with Cyloq, built around regular penetration tests, weekly vulnerability scans, and close strategic alignment.
A long-term partner who understands our IT environment
Before working with Cyloq, the city’s approach to security was more reactive than proactive. Tests and scans were run from time to time, but without a consistent structure. That’s something IT Security Strategist Klas Strömberg set out to change.
Through a formal procurement process involving several vendors, Sundbybergs Stad chose Cyloq and signed a four-year contract covering penetration testing and vulnerability scanning.
“We wanted a long-term agreement so we could test continuously and adjust based on real-world threats,” says Klas. “That means we use different methods and different targets each time, and it’s always adapted to what’s most important right now.”
One of the biggest advantages of the long-term deal is that Cyloq now knows Sundbyberg’s IT environment inside and out. With ongoing dialogue between the teams, Cyloq can make proactive recommendations based on live threat intelligence, while Sundbyberg can request specific assessments tied to current needs.
“They understand our environment now and tailor suggestions based on real-world threats. That’s incredibly valuable.”
A smooth process and reports that drive action
You can’t test everything at once. You have to be intentional and focus on what matters most. Together with Cyloq, they agree on a scenario or an area to focus on for each test.
“We usually run it in two phases. First a broad mapping, then we regroup and decide what to drill deeper into.”
After each test, Cyloq delivers a detailed report.
“The reports are clear, well-structured, and easy to act on. They give us everything we need to fix and close off any identified vulnerabilities. Most of the time, our internal team handles the fixes, but Cyloq is always there when we need a hand.”
Today, Sundbybergs Stad runs two to three penetration tests per year, and weekly vulnerability scans to maintain constant visibility.
Fewer risks. Fewer unknowns.
The goal of the continuous testing was clear from the beginning: reduce risk, close gaps, and do it before someone else finds them. And it’s working.
“We’ve got fewer vulnerabilities in the environment, and that was the whole point. Cyloq helps us spot weak points early and fix them fast, before they turn into real problems.”
But the impact goes beyond technical fixes. The reports have also helped spark deeper internal conversations and increase security awareness among the internal IT staff.
“Sometimes you need an external perspective. Otherwise, it’s too easy to go blind to your own assumptions.”
Cyloq delivers. And yes, Sundbyberg recommends them.
One of the biggest advantages of working with Cyloq, Klas says, is how responsive they are.
“If something comes up, we get immediate feedback. Cyloq is fast and incredibly easy to work with.”
So, would he recommend Cyloq to other organizations?
“Absolutely. They know what they’re doing, and they genuinely care about delivering great results. The personal connection and engagement we get from Cyloq is on a totally different level from what we’ve seen with larger vendors.”
VX Fiber is an international broadband provider serving municipalities and enterprises that have their own fiber networks. With 80 employees and a rapidly growing infrastructure, cybersecurity has become a core priority. “Security is such a key issue now that it’s reported directly to the board,” says Tim Cambrant, Chief Security Officer at VX Fiber.
Bringing in an external partner became essential
Before working with Cyloq, security at VX Fiber was handled by a capable internal team. But something was missing. “We had good processes and the right mindset. But we realized that customers and investors started to expect third-party validation.” Tim explains.
As the company scaled up, the stakes grew. “The more customers we serve, the more critical we become to society. Questions concerning security now come up in sales meetings. We need to be able to show that our structure actually holds up.”
Even with strong in-house talent, the team knew: no matter how well you think you're doing, you need someone from the outside to challenge your assumptions.
“We wanted a clear picture of where we stood and someone independent to back it up.”
When VX Fiber started looking for a security partner, they didn’t want a big-box consultancy. They wanted someone who was agile, responsive, and easy to work with.
“They weren’t like the big vendors. They were easy to get in contact with, they were small and adaptable, and clearly ready to do the actual work instead of trying to sell a massive package.” After an initial meeting, VX Fiber brought in Cyloq to run a penetration test.
Penetration tests are now part of the policy
Tim admits they initially weren’t sure how much Cyloq would find in just two weeks.
“We had people on standby, ready to help or answer questions. But Cyloq didn’t need much. They just went in and got to work.”
Two weeks later, Cyloq delivered their report. The results spoke for themselves.
“Honestly, we were surprised by how much they found. Of course you want them to find something, but you still hope it’s not much. They dug deep, they were thorough, and it felt like they put in more time than they billed for.”
The process was smooth and effective. “We explain what we want them to focus on, grant access to relevant systems, and they take it from there. If something critical shows up, they let us know right away. They also offer to explain the results and assist with the fixes”
VX Fiber has now worked with Cyloq on three separate penetration tests and has made it policy to run one at least once a year. Each test targets a different area of the business, and when everything’s been tested, they start over.
“It’s not a one-off. It’s a continuous process. We rotate areas and keep the cycle going.”
Clear results and a stronger security culture
“The biggest shift is clarity. We now have a clear picture of our vulnerability profile. Cyloq gave us that external stamp of approval, which matters to our customers, our board, and our investors.”
But the impact wasn’t just structural, Cyloq reshaped the company’s security culture. “We have a young development team. Working with Cyloq gave them a new level of respect for security. They’ve seen firsthand why external reviews matter.”
“It’s not enough to have in-house experts. We all have blind spots. This partnership has shown us that no matter how thorough we think we are, we’ve definitely missed something. It’s raised awareness that even the most experienced people can overlook critical details, and we always need someone else reviewing what we do.”
Advice for other companies looking to tighten up security
Tim’s first tip: start with an honest audit.
“What are you trying to protect? For most, it’s customer data. Then take a hard look at access controls and storage practices. Smaller companies often overlook simple things, and what leaks is usually a document stored in the wrong place.”
His second tip: don’t do it alone.
“Not every company can afford a large security team. But even if you manage IT yourself, you need a third party to identify and close security gaps.”
Would they recommend Cyloq? No hesitation.
When asked if they would recommend Cyloq to others, the answer is clear:
“Definitely. They’re easy to work with, they’re fast, flexible, and knowledgeable. They deliver value and make our security efforts easier.”
“We see no reason to switch – or even supplement – with anyone else. So far, we haven’t given them a challenge they couldn’t handle.”
Want us to find the vulnerabilities you didn’t know were there?
Book a meeting
Stravito is an AI-powered insights platform that helps global enterprises centralize and organize their market and consumer data to drive better, data-informed decisions.
“We’re an AI company with strict security demands and as a SaaS provider, external validation is essential,” says Marcus Södervall, Head of Trust at Stravito.
A different experience from previous penetration tests
Stravito reached out to Cyloq in the summer of 2023 after a client requested a penetration test.
“We’d avoided traditional pentests in the past. Frankly, we never saw much value in the results. Instead, we’ve been running a bug bounty program as our ongoing testing method. But when a customer specifically asked for a formal test, we figured we’d give it a go.”
Marcus admits expectations were low, but the outcome turned out to be more valuable than anticipated.
“We were pleasantly surprised. Cyloq found several issues that hadn’t been caught by previous tests or our bug bounty program. So yeah, we were really happy with the results.”
The process was fast and efficient. Cyloq worked within a defined timeline, delivered a clear report, and outlined practical fixes the team could implement themselves – which they did.
“It was fast, frictionless, and communication was easy. Everyone at Cyloq was great to work with. They were professional and straight to the point. Compared to past penetration tests we’ve done, both the expertise and final report were at a completely different level.”
Red Teaming: Attacking the company on all fronts
After the success of the penetration test, Stravito decided to move forward with a full red teaming operation – a broader simulation where the attacker can come at the company from any angle.
“We told Cyloq what absolutely couldn’t end up in the wrong hands and asked them to go after it, using whatever means they had.”
Just like before, Cyloq kept communication clear, understood the assignment right away, and maintained alignment throughout the engagement. They kept a tight feedback loop during the test and wrapped up with a well-structured report outlining what worked, what didn’t, and what could be improved.
“It took longer and was more comprehensive than a standard test, but it was incredibly valuable. Both for the security team and the entire organization.”
“Everyone should experience a planned attack”
The red teaming exercise led to immediate changes across the business.
“We’ve already made several improvements based on Cyloq’s findings. This partnership has made us better prepared, no doubt about it.”
But the real value wasn’t just technical. The simulation had a tangible impact on awareness across the company.
“It really raised the bar. Our employees now understand how attacks actually play out and what they personally need to pay attention to. If you haven’t gone through a red teaming exercise, you should. Everyone benefits from experiencing what a real-world attack looks like and how people respond.”
One of the key takeaways Marcus emphasizes is how attackers often don’t go through firewalls - they go through people.
“If someone’s going to breach you, chances are they’ll go through an employee. So we have to support our people and give them the tools to maintain good cyber hygiene.”
A long-term partner for Stravito
With two successful projects, Stravito plans to keep working with Cyloq.
“We’ll definitely keep testing with them. We’re also looking at bringing them in to break down the AI features in our platform, and we’ll likely ask them to run a security training session for our developers too.”
Cyloq hasn’t just delivered solid results, they’ve helped raise the security bar for the whole organization. For Marcus, recommending them is a no-brainer:
“Absolutely. They’re straightforward, easy to work with, and they know what they’re doing. Zero fluff, just real results.”
Marginalen Bank is a Swedish bank that offers a broad portfolio of financial services. But as a smaller player in a tightly regulated market, the bar for cybersecurity is set especially high. “We’re a financial company with a wide range of products, which brings unique security challenges,” says Yngve Swanström, Head of Security at Marginalen Bank.
A long-term partnership from day one
Security is a core pillar of operations at Marginalen Bank, and they have worked with Cyloq ever since Cyloq was founded in 2022. Before Cyloq, the bank had worked with various providers. That’s when they came across Andreas and Sam and were immediately impressed by their skills. So when those two went on to start Cyloq, continuing the collaboration was an easy decision.
“We rely on Cyloq for both penetration tests and security training, and we plan to keep it that way.”
Marginalen Bank has a clear policy. The security in the systems needs to be tested often and thoroughly. The bank conducts multiple penetration tests each year to make sure every system holds up at all times. But the partnership with Cyloq goes beyond just technical expertise.
“It’s not just about the results, they’re also flexible, responsive, and adapt to how we work. That matters just as much.”
A process that runs itself
Every engagement starts with a clear scoping session involving Cyloq, the security team, and project stakeholders. Thanks to the ongoing collaboration, Cyloq already has access to much of what they need to get going right away.
“They’re self-sufficient from the start. They know what’s expected and what we need. Full credit to them.”
Cyloq gets access to the right accounts and systems, runs the test quickly and effectively, and delivers a clear final report with concrete, prioritized recommendations.
“We handle most of the fixes in-house, but Cyloq is always there as a sounding board if we need to talk things through. That makes them a great partner too.”
Beyond testing, Cyloq also runs developer training sessions for Marginalen Bank’s tech teams.
“The trainings are always well received. Practical, straightforward, and easy to apply. We’ve got another one coming up soon.”
Currently, Marginalen Bank runs about ten penetration tests per year, along with regular training sessions. Looking ahead, they’re also planning to bring Cyloq in for a red teaming exercise.
Would they recommend Cyloq? No doubt about it.
Even after years of working together, Cyloq keeps raising the bar.
“They deliver beyond expectations, every time. They’re fast, thorough, and really easy to work with. It’s a partnership that just works.”
With Marginalen Bank’s agile way of working, tight timelines and fast-changing priorities, Cyloq has proven time and again that they can keep pace and stay in sync.
“We highly recommend Cyloq. They’re responsive, deliver top-tier quality, and are incredibly easy to collaborate with.”
Take action
Don’t wait for an attack to happen - strengthen your defenses now.
You know what’s at stake. We know how to protect it.