Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні (UA) Lviv IT Outsourcing Forum 2022 Website - https://liof.org/online Youtube - https://www.youtube.com/startuplviv FB - https://www.facebook.com/ukrof

1. Cybersecurity,
Software Engineering & Supply Chain
Why customers ask about it even more?
What can you do with it?

2. UnderDefense
Today’s Discussion
∙ About me and Underdefense
∙ Ransomware and data leakage. Lessons learned
∙ IT outsource in wartime. What we have to expect from RuZZia
∙ New business opportunities. Cybersecurity as a competitive
advantage
∙ Benefits
∙ Summary
∙ Q&A

3. Your Dream Team
45 000+ systems protected 24x7 IR + Threat Hunting
A Global Incident Response company
serving customers around the world and
leveraging partnership with Nexia
international to deliver IR services
worldwide
Work for global Multinational
Corporations in Gaming, Fintech,
Insurance and Law
Work on behalf of PE firms for their
portfolio businesses, pre and post IPO
Specialize in Cyber resiliency, Cyber
Operations and Cloud
14000 systems
960 systems
33000 systems

4. Your Dream Team
#1 on Clutch - B2B review platform
https://clutch.co/profile/underdefense#reviews
#1 of 3521 Companies!

5. Recognitions, Awards & Partnerships

6. UnderDefense
The question is not IF you are going
to be hacked, but WHEN?

7. UnderDefense
Key problems
1. Supply Chain attacks are a big deal nowadays
2. Your Clients need to be compliant (SOC2, ISO27001, HIPAA, GDPR…..)
3. Customers of your Clients require proofs for YOUR cybersecurity
maturity
4. You as Suppliers need to be compliant too as you process their data
5. USA and EU enhanced requirements for data security against external
attacks

8. Your Dream Team
Everyone can be Hacked.
Reaction is
differentiation
Good companies vs Bad companies

9. UnderDefense

10. Your Dream Team
TIME & COMMUNICATION =
IMPACT & $$$

11. People are
greedy....
…Greedy
people pay 2-
3x
YOU what to
customers to
outsource work but
not ready to
outsource
themselves.
Security isn't your core competence. OUTSOURCE IT

12. UnderDefense
Bigger players understand it

13. UnderDefense
What to do?
1. Security isn't your core competence. OUTSOURCE IT
2. Порахуйте скільки втратить ваша компанія за 1 день простою в роботі
3. Реалістично оцініть свої ризики
4. Стрестестінг секюріті

14. UnderDefense
Stress/crush test your Cyber Security

15. UnderDefense
Letter of attestation

17. Calculate your risks in $$$

18. Your Dream Team
To Pay or NOT to Pay?

19. UnderDefense
After SolarWinds, ISVs must:
Conduct a
Penetration Test
24x7 monitoring Practical
Incident Response
Plan
Social Engineering
Test

20. Existing successful customers in 24x7 Monitoring & Compliance
ISO27001
GDPR
SOC2 PCI DSS

21. ш
ш
On your software development
projects data security is vital and
customer needs you to cover that
part
Cooperation models
Your business or your customer
experience cyber attack or data
breach. We help companies
Respond & Recover from Security
Incidents (e.g. SoftServe case)
Data breaches do happen. We are
the first responders. You can
count on our Incident Response
Team to help you and your clients
recover after cyber attacks.
We provide a AppSec expert to
support Your development team
to build product secure by
design.
Easy:
Your customers mention about
security and You refer to
UnderDefense to run a penetration
test or compliance (SOC2,
ISO27001, PCI, HIPAA, GDPR)
Added value: You can recommend
UnderDefense as your
Cybersecurity Partner for an audit
of application developed by your
team
Critical: Complex:

22. Security as added value:
Your Wins
You get 10% for a referred deal
We work with fixed-price and subscription model
increases trust
to your code and
company through
3rd party
differentiates your
standard development
offering
You deliver software
secure by design

23. Partner network

24. UnderDefense
IT outsource in wartime. What we
have to expect from RuZZia

25. UnderDefense
Cybersecurity as Enabler. New business opportunities

26. UnderDefense
Summary
● Security isn't your core competence. OUTSOURCE IT
● Stress/crush test your Cyber Security
● Calculate your risks in $$$
The question is not IF you are going to be hacked, but WHEN?

27. Thank you for your trust
Ukraine
Lviv Heroiv UPA 77 3rd floor, Lviv, 79014
Tel: +38 093 900 30 95
email: help@underdefense.com
USA
New York 375 Park Avenue, Suite 2800, NY
Tel: +1 929 999 5101
email: help@underdefense.com
Call us now at +1 929 999 5101
Contact me: Michael
mh@underdefense.com

28. Service Value Proposition Pricing range
Penetration Testing
A penetration test, is a simulation of real world cyberattack, performed to discover gapd and
weaknesses and evaluate the security of the system with further improvement recommendations. $ 16 000 - 60 000
Compliance &
Certification
UnderDefense specializes in assessing and diagnosing solutions to improve security and validate
for regulatory compliance (HIPAA, PCI DSS, SOC2, ISO27001) helping you make better decisions,
become more agile and leverage security to sell more.
$ 5 000 - 9 000/
month
Secure Development
process (SDLC)
We believe that Security should not be an afterthought, so we make sure vulnerabilities are found
and fixed prior to application deployment reducing the total cost of software development.
$ 90 000 - 130 000
depends on duration
24x7 Security Monitoring
UnderDefense managed security services (MSS) are delivered by our team of vulnerability and
security researchers, from security operation centers (SOC) to support your organization on-
demand, 24 hours a day, 365 days a year. By combining and correlating log activity, our services
help eliminate blind spots and provide visibility to what really matters.
$ 36 000 - 220 000
per year
Incident Response
We help you respond and recover with advice, guidance and hands-on expertise. Evaluating IT
infrastructure security and identifying vulnerabilities, UnderDefense helps its customers properly
respond to security incidents and build prevention plans in all kinds of situations.
$ 20 000 - 340 000
Service pricing
Agenda:
Can be white-labeled.
Direct sales