Netragard is trusted by leading brands and featured in major publications for a reason: decades of hands-on experience and advanced research drive every engagement, uncovering risks that scanners and AI miss. Each assessment delivers detailed, prioritized findings and practical, tailored guidance enabling clients to improve real-world security where it matters most. Organizations trust Netragard’s expert team to help them face emerging threats with confidence while meeting compliance requirements along the way.

Table of Contents

They Will Protect My Data (Won’t They?)

Data Protection
So the other day I was talking with my buddy Kevin Finisterre. One of the things that we were discussing was people who just don’t feel that security is an important aspect of their business because their customers don’t ask for it. That always makes my brain scream “WHAT!?”. Here’s a direct quote from a security technology vendor “We don’t perform regular penetration tests because our customers don’t ask us to do that.”
Isn’t it the service provider’s/vendor’s responsibility to properly manage and maintain the security of their infrastructure? Don’t they have an ethical obligation to their customers to protect the service that they are offering and any information that the customers decide to store on their systems?
The real question is, how many customers would they lose if the customers heard them say that? That is after all just like saying “We don’t care about security because our customers aren’t asking us to care about it.”
So who have I heard this from? Here’s the (very) short list:
  • Vendors that make security software (like email gateways, anti-virus technology, Intrusion Prevention Systems, etc).
  • Vendors that make technology that is used to control our Nuclear Power Plants, Water Purification Plants, Traffic Control Systems, etc.
  • Vendors that sell business enabling technologies like PHP based Content Management Systems, Commercial Web Servers, Server based applications, Web Applications, etc.
  • Vendors that sell desktop applications like Financial Tracking Systems, Invoicing Systems, File Sharing Systems, Backup Solutions, etc.
  • I’ve also heard this from MAJOR Service Providers such as Web Hosting Providers, Email Providers, Backup Service Providers, etc.
  • The list goes on….
I think that people need a wake up call. This strikes me as a serious ethical issue, what about you? Leave me a comment I’m very interested in feedback on this one.

Adriel Desautels

Adriel Desautel Profile Picture
Founder & Chief Executive Officer
Divider

Adriel is a recognized leader in the information security industry with over 20 years of professional experience. In 1998, he founded Secure Network Operations, Inc., home to the renowned SNOsoft Research Team, which helped shape today’s best practices for responsible vulnerability disclosure. Adriel pioneered the zeroday Exploit Acquisition Program (EAP), later integrated into Netragard, and has served as an expert witness in US Federal court.

In 2006, Adriel founded Netragard to deliver high-quality, realistic threat penetration testing, now known as Red Teaming, and has since expanded its offerings to include mobile application security, source code reviews, web application assessments, and more. As the primary architect behind Netragard’s innovative services, Adriel continues to push the boundaries of research-based cybersecurity.

Frequently sought as a subject matter expert, Adriel has been featured by Forbes, The Economist, Bloomberg, Ars Technica, Gizmodo, The Register, and has appeared in documentaries and authoritative books such as “Unauthorized Access” and “This Is How They Tell Me the World Ends.” He is also a seasoned public speaker, presenting at leading conferences like Blackhat USA, InfoSec World, BSides, and the NAW Billion Dollar CIO Roundtable.