Synacktiv has just been awarded PASSI qualification following various audits carried out by LSTI. As President and co-founder of Synacktiv, what are your thoughts on the qualification process?
The qualification process is a demanding one. It required intense preparation, despite Synacktiv's 8 years of experience in security audits. This audit reminds us that there is a difference between "doing a good job" and being able to demonstrate to a third party that our processes ensure a systematic level of quality. Furthermore, the audit verifies contractual, legal and regulatory aspects that are rarely documented in small specialist companies like ours.
How does this qualification benefit your customers?
It demonstrates a certain consistency in the way we carry out our audits. Even if I don't think that the penetration testing profession is destined to become "industrialized", as the skills and flair of each individual auditor cannot be completely encapsulated in a qualification...
Above all, this enables our OIV (Opérateurs d'Importance Vitale) customers to have us intervene on the most sensitive perimeters without falling foul of regulations.
How did the written exams and interviews go?
As far as the written exams are concerned, some of the questions could do with a little updating to bring them into line with the latest technologies encountered by our customers, but overall they remain highly relevant (and it's true that old technologies are still being used in the field!) For the oral, we found it interesting to challenge the candidates on the errors they had noted during the written exam.
Generally speaking, it's always unsettling for an auditor with several years' experience to find himself being audited by a peer! But the 12 candidates we presented were all selected to become PASSI auditors. For a security expert who continues to carry out security audits on a regular basis, there are few surprises in the exam results.
What's your next step?
We will be taking steps to become PASSI LPM (Loi de Programmation Militaire). Every effort has already been made, and it will (I hope) only be a formality to demonstrate our credibility on the market.
Synacktiv joins the list of PASSI-qualified French companies, which you can find on our Certified Customers search engine.
PASSI certification: the Synacktiv case
PASSI certification: the Synacktiv case
Why choose LSTI?

Recognized expertise

Specialized auditors


