The Challenge
Quarterly pentests are a critical piece of Syndio’s Vulnerability Management Program. Syndio, a pay decision software solutions company, rotates pentesting vendors to ensure diverse viewpoints on their platform, however very few vendors provided a streamlined and comprehensive approach to testing. Alicia Muzzleman, Senior Manager of Security and Compliance at Syndio, explained: “With our previous vendors, communication wasn't centralized. We were constantly going back and forth in emails and ping ponging across multiple different tool sets. Once a test was complete, the vendor would disengage, leaving us without a partner for remediation.”
The security team also didn’t have a way to track vulnerabilities or previous test results in one location. Alicia stated: "We were literally at the point of creating a tracking system on our end just to manage vendor reports.” Syndio decided to look for a solution that could provide the new perspectives they valued from rotating vendors, but without the administrative overhead of changing providers.
The Solution
Syndio found their answer in Cobalt. Alicia noted: “Cobalt was the one-stop-shop platform to help us solve all of these issues. They provided the centralized and automated platform we needed for historical data and seamless communication.” The speed and automation of the Cobalt Offensive Security Platform reduced Syndio’s pentest setup time, and the turnaround for new tests was consistently less than three days. Syndio integrated Cobalt with Jira, their primary vulnerability management tool, automatically creating tickets and staging retests, to eliminate manual work.
Cobalt provided the expertise and flexibility Syndio required. Alicia explained: “We always like to rotate vendors to get a different viewpoint, but Cobalt went a step further and also allows us to change pentesters. For each new engagement, we get a fresh set of eyes from their pentester community.” The Cobalt Platform streamlined this process, allowing Syndio to easily provide the pentesters everything they needed from demos to demo data all in one place. This enabled the pentesters to get up to speed and dig deeper into the Syndio platform from day one.
The Results
After partnering with Cobalt, Syndio achieved significant, measurable results across finance, security, and operations. Alicia reported: “Cobalt has saved us 20% in costs in comparison to our top three previous vendors. And because of the automation and Jira integration, we're saving 50% of time in the overall scope of preparation, staging, and remediation for each pentest.”
These time and cost savings had a direct business impact. It gave security engineers time back to focus on remediation instead of project implementation and pentests maintenance. This new efficiency, combined with the ability to provide pentesters with better data upfront, allowed them to validate and surface higher-severity areas — including privilege escalation and potential data exfiltration — earlier as part of a more streamlined and well-contextualized testing process.
The cost savings even allowed Syndio to hire an additional person on the security team. Alicia concluded: “For Syndio, Cobalt is more than a vendor; they’re a partner that makes security seamless. It’s just easy.”
