Product Security

At Toreon, our product security team excels in enhancing client security through a blend of offensive cybersecurity practices and collaborative support. We specialize in identifying vulnerabilities and crafting pragmatic solutions across the entire Software Security Development Life Cycle (SSDLC), including threat modeling and ethical hacking, SAMM assessments by using the OWASP Software Assurance Maturity Model (SAMM) as framework, code reviews, and application security coaching. Beyond products, our ethical hackers also put corporate networks to the test, combining best practices with their creative technical expertise to keep products and organizations secure.

Our team operates with a unique mix of structure and flexibility. We have established processes that ensure efficiency and smooth onboarding, but also encourage innovation and personal input. Communication and transparency are key, with everyone aware of each other’s projects and open to collaboration. This fosters a supportive environment where you can freely share ideas and seek expert advice.

What sets us apart is our diverse expertise and passion for cybersecurity. Our members come from varied professional backgrounds and include well-known figures in the global cybersecurity community. We blend our work with a sense of humor and friendliness, making every project a collaborative and enjoyable experience.

Steven Wierckx - Team lead Product Security

We thrive on lifelong learning and teaching. Our team is constantly expanding their knowledge through events, community involvement, and personal projects. We offer significant growth opportunities, supported by a learning budget and challenging projects. This commitment to both personal development and impactful client work makes us not just a team, but a dynamic and enriching environment where knowledge flows freely and everyone contributes to collective success.

Our expertise areas

Application Security

As Application Security experts, we guide clients through the entire Secure Software Development Life Cycle (SSDLC), ensuring the security of your products and services. This includes building threat models, addressing design flaws, and securing CI/CD pipelines. We actively participate in enterprise architecture discussions and help implement security solutions, swiftly resolving any vulnerabilities.

Ethical Hacking

We conduct penetration testing to identify vulnerabilities in applications and infrastructure, providing actionable recommendations for improvement. Our red teaming services offer comprehensive ethical hacking, testing both technical and non-technical defenses. By simulating sophisticated attacks, we help organizations strengthen their security posture and stay ahead of potential threats. Additionally, our phishing tests simulate attacks to raise employee awareness and assess security maturity.

Threat Modeling

Threat Modeling is crucial for identifying risks in system designs and business processes, especially in compliance-focused industries like Automotive and Medical Device Manufacturing. It unites system owners, architects, and developers to spot vulnerabilities early, complementing penetration testing by addressing issues beforehand. Benefits include high-level risk assessments, an evolving security document, and enhanced penetration testing value. We are leaders in Threat Modeling, having trained more than one thousand people and modeled systems from SaaS to critical infrastructure, ensuring safer systems globally.