Fraktal – positive approach on cyber security

In 2019, Fraktal’s founders had been working in cyber security expert and leadership roles for over 15 years each. They had seen that too often cyber security was an endless story about failures – about viruses, data breaches, ambiguous threats, and of finding someone to blame for mistakes. That year, the founders Jani, Marko and Tuomo came together and realized there was a place in the market for a cyber security company with a fresh and constructive viewpoint. 

This realization lit the spark that became Fraktal. Our slogan Cyber Positivity® speaks about what we are: a company with a collaborative and positive approach to addressing clients’ cyber security needs. Now after 5 years our client NPS score has remained over 80 which is a testament that we’ve really succeeded in what we aimed for.

Fraktal focuses on improving and developing security through Purple Teaming, independent testing, training, advisory and management consulting services. This is what clients appreciate because a growth mindset is a necessity in cyber security: no matter how good your security is, no one can stay stagnant. Continuous improvement is the way forward.

There is still an increasing demand for cyber security expertise in the world. As a growing and agile company, we can offer services that are cutting edge and reflect the actual needs of clients adopting modern technologies in the cloud, using agile development methods, and embracing DevSecOps. 

Even though we are experts in technology and our market is B2B, human-to-human interaction is a very important part of the work we do. Humans are the strongest link in creating secure products and services. We love to work with our clients’ teams to build security features into applications and processes. So, a lot of the time when the clients commission us, the chosen collaboration method involves transferring knowledge to the clients’ teams so that they learn to build security in. This knowledge will help them in the long run and make their in-house security expertise and capabilities level up.

There’s a long tradition of software security where security testing is conducted only after something has already been engineered. Today that’s understood as not an optimal approach and the so-called shift left movement advocates product security processes that support building security in. Therefore, in addition to finding and fixing security in existing products, our passion is in helping our clients avoid those security bugs in the first place. 

There is a shortage of cyber security professionals on the market and many organizations struggle with finding full-time security staff or employ a permanent diverse and experienced team to perform complex activities like Red or Purple Teaming. We provide help by staffing our experts to work with existing teams. For example, we provide a Chief Information Security Officer (CISO) as a service to ensure security processes are defined and kept running. This takes the pressure off clients as they can get security expertise without having to hire an army of in-house security experts.

We also help our clients who are building apps, online services, or digital processes to shift security left. That means integrating security work into the processes of planning, implementing, and running software applications or products. 

Our services adapt to our clients’ needs. Therefore, our work with a client always starts with understanding the client’s situation and tailoring the work we do to reach the goal set for the project. 

These are the four general areas many of our clients are interested in: 

Red and purple team testing. In red team testing, we simulate attacks and through these simulations provide clients a view on how an attacker could gain access to their assets. Red team testing’s friendly and positive sibling is called purple teaming. In purple teaming assignments, we do continuously simulated attacks in small iterations and simultaneously work together with the client to ensure they have the necessary detection and prevention capabilities in place. In case the required capabilities are lacking, we work together to enhance them. Through several iterations, the client’s detection and prevention capabilities develop and their security posture strengthens.

Security management. We also do security advisory work, help clients implement and improve information security management systems and processes. Topics like, SWIFT, ISO 27001 and more recently NIS2, CRA (European Cyber Resiliency Act), are often heard being discussed between colleagues during the day. We love to help with security training too, whether it is general security awareness or training on a specific topic. Our security advisors are also very keen on conducting different types of Crisis Management Exercises.

Product Security. We integrate security into product development from the start, following a DevSecOps approach. This ensures security is part of both development and operations, helping teams address issues early and streamline workflows. We guide product teams on secure coding, architecture, and implementation. Our Cloud Security expertise allows us to secure cloud environments by identifying vulnerabilities and providing actionable recommendations based on our extensive experience. When products are ready to launch, we conduct thorough security testing, simulating attacks and checking compliance with industry standards to ensure readiness for deployment.

At Fraktal, employees are allowed and encouraged to be themselves. We believe that client satisfaction comes through employee satisfaction. We are committed to making a positive impact in our client projects and we know that only satisfied employees can deliver this level of service. Our employee NPS is over 60 which we are super proud about.

For us, a good work environment for employees does not only mean a comfortable office but also the type of company culture that supports employee well-being. We know that communication, freedom, as well as support matter. As do topnotch tools for delivering the work. For us, our work environment isn’t something that’s set in stone—it’s a reflection of the people within it. Together, through our shared values, collaboration, and energy, we create a space where everyone can thrive and feel comfortable.