NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive application security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive application security.

How a SaaS Startup Scaled Growth with PtaaS & SOC 2 Compliance Automation

How Neural Payments uses pentesting and SOC 2 compliance automation to set themselves up for security posture success.
Apr 13, 2022
Est Read Time: 3 min
Caroline Wong

Let’s talk about how a SaaS startup scaled growth with PtaaS & SOC 2 compliance automation! 

Cobalt provides modern pentesting to help organizations start testing faster, enable smarter & faster remediation, and make their security stronger. Secureframe is a security compliance automation platform that makes the process of getting compliant in SOC 2, ISO 27001, HIPAA, and many other frameworks fast and stress-free. 

Combined with Cobalt’s platform, this webinar dives into how the partnership provides a better compliance journey for customers together. 

Neural Payments was in the process of re-architecting its solution for PCI compliance. Because this was a major undertaking, the company knew they needed to partner with a pentest provider that had specific SOC and PCI experience with quick pentest engagement. 

By partnering with Cobalt and Secureframe for their pentest and SOC 2 compliance needs, Neural Payments maintains compliance, customer confidence, and overall security for their fast-growing organization.

If you didn’t have a chance to tune in to the webinar on March 28th, watch the full on-demand webinar for a conversation led by Nathan Foulds of Cobalt featuring panelists David Patrick from Neural Payments and Scott Sugimoto from Secureframe.

Here’s What You Missed 

There are many things to weigh when looking to achieve compliance. As a sneak peek, here are a few considerations you can make as you scale your organization:

Start with the right tools. A security compliance tool with built-in automation can save your team the countless hours tracking tasks can take manually. With that in mind, it’s important to consider the right SaaS platforms to stay compliant on an annual basis. 

“If you don’t have a SOC 2 or ISO 27001 report, it’s never too early to get compliant and it’s more accessible than ever if you use platforms like Secureframe and Cobalt.” - Scott Sugimotto

Based on a recommendation from Secureframe, here are a few of the reasons Neural Payments chose Cobalt:

  • Experience with the fintech sector - SOC, PCI, fintech, and cloud-based platforms.
  • Short lead time to schedule and start a pentest 
  • Dynamically updated pentest report - As pentests are executed, findings are dynamically updated on the platform.
  • Final report quality - The reports reflect the thoroughness of the test, fulfilling the requirements for SOC, PCI, and partners. 

Treat compliance as an ongoing process. While a lot of the processes can be automated, it’s important to keep in mind the significant manual piece that comes with human expertise. Working with the right people like Cobalt and Secureframe can help streamline this. 

Choose the right partners. Overall, choosing the right partners helps make the compliance journey easier year after year to help get ahead of evolving compliance frameworks. 

We needed providers that had the necessary skill sets for our industry sector, were aligned with the unique needs of a startup, and were able to meet our timeframes.” 

- David Patrick 

Partnering with Cobalt, Neural Payments was able to make changes that remediated the findings while increasing security posture. This was done by: 

  1. Increasing crypto cypher suite strength
  2. Improving authentication mechanisms
  3. Enhancing brute force attack protection

As compliance changes and new technologies are introduced, utilizing a platform offered by Cobalt and Secureframe helps alleviate the stress and need to constantly keep up with evolving frameworks.

Meet the Host and Panel 

 

Nathan Foulds

Nathan has been part of Cobalt's Customer Success Team for over 3 years, supporting a wide range of organizations to implement & enable their pentest programs. Prior to Cobalt, Nathan worked at Brandwatch (now part of Cision), in the Social Intelligence & Data Analytics space.

Scott Sugimoto

Scott is the head of product marketing at Secureframe. He is passionate about helping companies build trust with their customers and believes in Secureframe's vision: The complex process of obtaining and maintaining the most rigorous global compliance standards, including SOC 2, ISO 27001, HIPAA, and PCI DSS, should be fast and stress-free. Previously, Scott worked as a product marketer at Salesforce and New Relic and was a technology consultant at Accenture.

David Patrick 

David is the Director of Engineering for Neural Payments, a financial technology company providing Peer to Peer (P2P) payment solutions for banks and credit unions. He is responsible for security, compliance, and cloud infrastructure at Neural Payments, and possesses 20+ years of experience in designing, deploying, and maintaining highly available enterprise-class networks.
Back to Blog
About Caroline Wong
Caroline Wong is an infosec community advocate who has authored two cybersecurity books including Security Metrics: A Beginner’s Guide and The PtaaS Book. When she isn’t hosting the Humans of Infosec podcast, speaking at dozens of infosec conferences each year, working on her LinkedIn Learning coursework, and of course evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. More By Caroline Wong

Related resources

NIST Overview: What is NIST Compliance?
Compliance
Blog
Apr 14, 2021
Read more
Importance of a Wireless Network Penetration Test
Importance of a Wireless Network Penetration Test
Cybersecurity Services
Blog
Dec 1, 2023
Read more
Meet Judy: The Security AI Watching Out for Small and Midsize Businesses
Compliance mapping, ongoing security training, endpoint detection and response, password management, and 24/7 monitoring — if you pictured a whole team of security consultants while reading this, you’ve clearly not met Judy.
Cybersecurity Insights
Blog
Jul 29, 2022
Read more
see more

Never miss a story

Stay updated about Cobalt news as it happens