Fraktal – positive approach on cyber security

In 2019, Fraktal’s founders had been working in cyber security expert and leadership roles for over 15 years each. They had seen that too often cyber security is an endless story about failures – about viruses, data breaches, ambiguous threats, and of finding someone to blame for mistakes. That year the founders Jani, Marko and Tuomo came together and realized there was a place in the market for a cyber security company with a fresh and a constructive viewpoint. 

This realization lit the spark that became Fraktal. Our slogan Cyber Positivity® speaks about what we are: a company with a collaborative and positive approach to addressing clients’ security needs. Today our client NPS score is over 80 which is excellent so we believe we’ve really succeeded in what we aimed for.

Fraktal focuses on improving and developing security through advisory and consulting services. This is what clients appreciate because a growth mindset is a necessity in cyber security: no matter how good your security is, no one can stay stagnant. Continuous improvement is the way forward. 

There is an increasing demand for cyber security expertise in the world. As a growing and agile company, we can offer services that are cutting edge and reflect the actual needs of clients adopting modern technologies in the cloud, using agile development methods, and embracing DevOps. 

Even though we are experts in technology and our market is B2B, human-to-human interaction is a very important part of the work we do. Humans are the strongest link in creating secure products and services. We love to work with our clients’ teams to build security features into applications and processes. So, a lot of the time when the clients commission us, the chosen collaboration method involves transferring knowledge to the clients’ teams so that they learn to build security in. This knowledge will help them in the long run and makes their in-house security expertise and capabilities level up.

There’s a long tradition of software security where security testing is conducted only after something has already been engineered. Today that’s understood as not an optimal approach and the so-called shift left movement advocates product security processes that support building security in. Therefore, in addition to finding and fixing security in existing products, our passion is in helping our clients avoid those security bugs in the first place. 

There is a shortage of cyber security professionals on the market and many organizations struggle with finding full-time security staff. We provide help by staffing our experts to work with existing teams. For example, we provide a Chief Information Officer (CISO) as a service to ensure infosec processes are defined and kept running or a security champion to support a dev team on their efforts. This takes the pressure off clients as they can get security expertise without having to hire an army of in-house security experts.

We also help our clients who are building apps, online services, or digital processes to shift security left. That means integrating security work into the processes of planning, implementing, and running software applications or products. 

Our services adapt to our clients’ needs. Therefore, our work with a client always starts with understanding the client’s situation and tailoring the work we do to reach the goal set for the project. 

These are the four general areas many of our clients are interested in: 

1. DevSecOps. Secure practices and processes are the key to making secure products. Sometimes organizations struggle with how to integrate security into product development and DevOps. We are experts in this, so we offer our clients both training and hands-on help.
2. Cloud security. We help in implementing or validating the security of cloud services. 
3. Red and purple team testing. In red team testing, we simulate attacks and through these simulations provide clients a view on how an attacker could gain access to their assets. Red team testing’s friendly sibling is called purple team testing. In purple team assignments, we do simulated attacks in small iterations and simultaneously work together with the client to ensure they have the necessary detection and prevention capabilities in place. In case the required capabilities are lacking, we work together to enhance them. Through several iterations, the client’s detection and prevention capabilities develop and their security posture strengthens.
4. Security management. We also do security advisory work, help clients implement and improve information security management systems and processes. We love to help with security trainings too, whether it is general security awareness or training on a specific topic.

At Fraktal, employees are allowed and encouraged to be themselves. We believe that client satisfaction comes through employee satisfaction. We are committed to making a positive impact in our client projects and we know that only satisfied employees can deliver this level of service. Our employee NPS is over 90 which we are super proud about.

For us, a good work environment for employees does not only mean a comfortable office but also the type of company culture that supports employee well-being. We know that communication, freedom, as well as support matter. As do topnotch tools for delivering the work. For us, a work environment is not set in stone, but it is what we make it together to be.