NOTICE
We will not publish any comments that contain confidential and/or sensitive information about Cyberklix. Recently we rejected multiple comments from ex-Cyberklix employees. These comments contained VPN configuration files that would enable anyone to access the Cyberklix corporate networks and customer information. Publishing such information would be irresponsible as it would allow an attacker to gain access to the Cyberklix customer data and would put those customers at risk. We love your comments, but please, refrain from posting sensitive and confidential data. END NOTICE
We discovered Cyberklix by searching for "Penetration Testing" on Google, as usual. When we first saw their website we thought that it looked very professional. We were actually under the impression that they might end up being An A- or a B+ company. But, we were wrong and here's why...
Over the course of two days and a dozen calls we were unable to contact a human at sales. Every time we tried we were directed to a woman's voice mail. We decided to skip sales and call the Cyberklix Security Operations Center and were successful. We had a wonderful conversation with a very smart person in heir Security Operations Center, and as a result, here is what we learned.
The Cyberklix Manged Security Services, with respect to IDS/IPS is nothing special. They are using third party technology and tying it all together with the RSA Envision Engine. Specifically the technologies that they are using are Cisco technologies, McAfee IPS technology, and RSA's Envision engine for correlation. (We would have used ArcSight instead as we think its much better.) Frankly, if we wanted to choose a provider of Managed IDS/IPS services, we'd want to see them using at least some proprietary technologies. How else are they supposed to have a competitive advantage?
We also weren't very impressed with their alerting capabilities. When we asked them how they alert people about Events of Interest we were told that they create a ticket in a system. Once the ticket is created then the customer needs to log into the system to evaluate the ticket. We're sure that there's more to it than that, but thats what we were told. Yes the system also has the ability to block or shun attacks, but thats only if it can detect them. We think that we could probably attack a Cyberklix customer and evade detection... wanna challenge us?
Anyway, enough on their Managed Security Services. As previously mentioned we were unable to contact anyone in sales. So, our opinion of the Cyberklix Professional Service Capabilities are being forged strictly from their website and information that we can collect from Google and other sources. We'd be happy to update our opinion if someone would provide us with useful information about Cyberklix. So here it is...
Cyberklix offers Information Security Consulting, Security Policy Design & Review, Vulnerability Assessment & Remediation, Penetration Testing, Network Security Architecture & Design, Security Audit, Project Management Services, Implementation Services, and Computer Forensics. So, the first thing that struck us as odd was "Project Management Services". What the hell does that mean, right?
Upon review of their services we discovered that we could eliminate two of them. We eliminated their Information Security Consulting Service and their Project Management Services. The Consulting service offering isn't actually an offering its just a repeat of the services that they offer, and the Project Management service is not a security service, it is something that should be offered by staffing companies. So... what the hell?
When we reviewed the services as presented on the Cyberklix website we realized that they were nothing special, just like their Managed Security Services. In fact, we're willing to bet that their services are what we would call "rubber stamp" services and are based on automation as opposed to true Ethical Hacker talent. We saw no indication anywhere that Cyberklix was following any sort of strong testing methodology like the OSSTMM, etc. and as a result are not impressed at all.
All in all our opinion is that Cyberklix services will do little to nothing to raise the proverbial security bar and protect you from real world malicious hackers. They might help you to identify common or known issues but you could do that yourself by downloading nessus. (Oh and you could also create a better IDS/IPS solution by combining OSSEC with Prelude and snort =] for free. ) So, we'd recommend spending your hard earned money with someone else. Sorry Cyberklix...
Oh and one last thing. The Cyberklix website is SQL Injectable. So why would anyone hire a company to protect them if they can't even protect themselves?
Score Card (Click to Enlarge)
57 comments:
So true.
I've had the 'pleasure' of dealing with Cyberklix, and whilst they make a fantastic sales pitch, experience was a harsh teacher.
Their subject matter experts and analysts were truly clueless (they couldn't even answer in-depth questions regarding the technologies they sell) without having to "check with the vendor first" nor could they provide any value in their anaylsis with respect to security.
Your dollar is tuly better spent elsewhere.
Speaking from someone who has worked there before the place is a real piece of work. Im not even concerned about witting this post as the place has such as high turn around of employees that they really would not even know who it is, and if they do who cares its my opinion. The SOC Manager....wow where do i start...First off the guy does not know his knee from his nipple, if the guy was as concerned with growing the SOC and employing it with actual knowledge rather then just trying to look good for his fearless leader JM he would be better off. Also please make sure that there is a portion of the training budget for some personality courses for the guy.
As for their services I personally would not bother purchasing any of them as first off I think they are a waste of money since anyone with half a brain could put the same appliances they use and run them, i really don't see any value in what they do or better off use your own IDS/IPS and that would be free.
And lastly i think this blog was too nice in giving them F+ when it really should have been an F-
They seem to have some very skilled people (on the Professional Services side - some that have recently left) mixed in with a lot of mediocre people.
If you think of them as a reseller of Security related equipment with some services to help get it installed they can do that. I doubt they could scale the service to a large scale although they show some large customers on the website are these just customers that took a course or are they using the managed services? The SOC seems to have a very high turn over rate which I'm not sure customers would appreciate having to "train" new people over and over.
I am familiar with this company as I was previously employed and have to say this is an unfair description of the company an its inner workings. Though it is not perfect I do think a F is a little off base.First off I think you need to define your ratings to add more credibility to your blog. A to F is really crazy. I didn't even get an F and I attended History for 4 class ( I got a D if you want to know) The thing is if you are looking for the top notch security company, Cyberklix is not it however they do what they say and manage security solutions that the customer purchases. If they purchase an envision, Cyberklix manages it. Plain and simple.
The Professional Services team is not bad but they get thrown to engagements without proper prep and it sometimes looks bad. All in all they are not that bad of a company and I left because it was time. I think Cyberklix is more of a C- or D like my history mark
In response to the post on: Monday, December 17, 2007 3:12:00 AM PST
While we value your opinion, we can not change the grade for a review based on your opinion alone. Also, our grade system is the same grade system used in high school and college. A to F, where A+ == Excellent and F- = Total Failure.
We could not give Cyberklix a D because their own website is vulnerable to obvious SQL Injection issues that are the result of very poor coding standards. That is what moved them from a D to an F.
This place is not a security company, its all smoke and mirrors. I currently work here and I am currently looking to get out.
This article is bang on and it shows how many issues we actually face. First we add zero value to any managed service, besides a jr admin creating tickets at 2am for our customers to review. I can just image how great that is every morning. Second this person completely social engineered us! A really nice security trait for any security company. Best of all we don't care.
Management here is ass backwards. Fortunately we just had a change in the CSOC (C standing for compliance, what a joke). Glenn as submitted above was a big jerk and got off by ruling the SOC by fear....fear of getting fired (which I am told happens all the time here).
BTW Management here also said this article was written by our competition and is garbage. They don't even realize that when you Google Cyberklix you find this in the TOP 5! LOL. I guess ignorance is bliss.
We follow no standards..but when a customer wants to do something we tell them its against best practices. LOL which ones, hopefully not ours!
Our network is a mess, however we have capabilities to protect ourselves, but that costs money so we don't. Some genius back in the day set most of our admin passwords to Cyberkl!x or Cyberklix123! or some variation of that, and we still have a user account (on some systems not many, I give them that) from some tech that was here 4 years ago, if any ex Cyberklix employees are reading this maybe you remember lesm. But to note we did move and I hope this move rid us of this issue...for now.
Most of the security practices here are horrendous and as our ex CSOC manager says "We are not is the business to fix our own problems". We have zero policies, well none that we follow. If we do I don't know about them and they are not enforced. Most of us are checked out here anyways. I am writing this right now via TOR inside the Cyberklix network, real nice security.
Professional Services is alright We just lost of most senior guy several months ago...guess I should have seen the writing on the wall. What else...yeah the pay is shit and they higher anyone that has IBM on their CV. I know because this is how I was hired.
Oh well, i just hope this company gets what it deserves and that is failure which they are doing a good job of that on their own. Like the previous post stated the place is stickily based on having their employees or so called "Push button Monkeys" living with fear that their jobs will be lost if they dont perform.
One last point, they enforce this no msn chat or any other form of social website but ask the previous manager why he is on google chat with glennw@gmail.com or why he is on facebook :)
Have a great day and best of success to JM and his new AMG benz
Glenn Sucks, he was my boss
Here is is contact info
Glenn R. Williamson CD, CISSP
Director,
Compliance - Security Operations Centre (C-SOC)
Cyberklix
100 Milverton. 6th Floor, Suite 600
Mississauga, ON, L5R 4H1
Phone: (905) 306-9948 Ext. 264
Direct: (905) 740-1632
F: (905) 306-8374
C: (647) 299-2910
E: glennw@cyberklix.com E: grwilliamson@rogers.blackberry.net
drm1961@hotmail.com
http://www.cyberklix.com
Everyone is picking on Glenn, granted he is a retard he is just a peon to the great John M. John used to tell us all the time in our sales meetings "I know the SOC is shit, but who cares! I'm still selling!".
So when I read the above posts you have to understand Cyberklix is not trying to sell you security. They are selling you a product, based on how much money we make on it. Being a sales person this is good news to me, whats bad news is the ridiculous commission rates we get vs the quota's we have to meet. Being an ex-Cyberklix sales rep take it from me, you are better off going to Tiger Direct to work (or buy) your security products.
That place is h0t!
WARNING this company is under the review of the Labour Board with some of their previous employee's for wrongful dismissal. They are an unethical company who treat their employee's like garbage. The turn over is more then insane. They force their employee's to perform illegal actions to save a buck "plagiarism" is their favorite. They love to seal the competitions work. If you refuse you will be fired!!!!. You can't reach the sales team because we were all fired. This company needs a serious review. If you are an ex employee and have been abused I urge you to speak with the Labour Board. This company must be stopped from their scamming and employee abuse.
This just in Cyberklix has not been paid by any of their customers for over 8 months.
There are to many comments to make but some that stick out for me as an ex employee are.
Treatment of employees, from firing people (with families) without notice or cause to forcing all employees to take their vacation over Christmas or reviewing their cell phone bills and deducting all personal calls.
As bad as employees are treated customers are treated worse. Services/Products that do not exist are sold without thought or concern. Having engineers take online training then sending them out at $2,000/day never seemed to work out well, but continues to this day. I remember an assessment sold to a customer based on our expertise and the customer sending home the engineer because they found him googling the subject of which he was suppose to be the subject matter expert. Any product they sell that is new they have an exclusive and are jacking up the prices beyond belief. They still suffer from losing the Envision exclusive as a result of the RSA purchase. To show greed has no end they would convert from US at 25% then add 20% to the price. To top it off once they had the PO they would go back and nail the manufacturer saying extra discounts where needed to close for month end.
The SOC, where to begin they should change the name to the “Sock” which would be a more accurate representation of what goes on their. Best story in my opinion is how they bought a backup UPS unit which was never tested and as it turns out only works for 15 minutes which was discovered upon a power failure. Their internet connect has been cut off so many times it is hard to count (so much for redundancy). You would need more than 2 hands to count all the devices that went down without the “sock” noticing. Never a good call when the customer calls to tell you that their device is down. That call is not as bad as the customer who calls to tell you their network is down. For existing customers do yourself a favour and do not let them put your IPS Inline. One customer had their Network crash immediately after a patch was applied to the IPS, what frustrated them even more is that Cyberklix argued there was no proof showing the IPS caused the crash. For anyone making a purchase please let them add specifics around the SLA they provide as they purposely put terms like “reporting” in their as it cannot be measured. They will provide canned reports which are garbage and say the SLA only says reports.
The biggest challenge is there is no employee continuity for sales and engineering. The best engineers for their main products our now working for competitors (that has to hurt) but not as much as ½ dozen sales people now working for the competition as well.
Anyone looking at a major purchase “Buyer Beware” and make them walk the walk before you sign anything. As well they will bragg about the largest managed service offering etc, etc. If it is so large as them to provide 5 customers who have been on the service at least a year as the proof will be in the pudding.
Finally the biggest reason for such employee turnover is it looks great from the outside and at about the 6 month mark they figure out the problems and they either leave or told to leave.
You know what would really be interesting?
To have the publisher of this blog actually perform some non-intrusive, non-abrasive intrusion attempts on a few of Cyberklix's Managed Customers.
Let's see if Cyberklix actually caught them!
Now that be something to comment on!
Publisher, are you up to the task?
The last post is exactly on the money! In every detail including Henderson's IPS :) ooopss
I hope these postings get to them just for constructive criticism and hopefully they improve, but personally I don't think they will b/c their Big Cheese is to proud and arrogant. I've email Glenn R. Williamson at work asking him for an explanation of this as I was actually interested in signing with them but received no email back. Oh well maybe they didn't need my business.
PS: Treat an employee with respect and you in turn will be treated as you should
I can't believe they fired Wayne G!! He was the Manager of professional services.....WOW another one bites the dust....hold on why do I sound surprised .... they were due for an "effective immediately"
Very unstable company.
Glenn now runs the Pro Services Department. Smart move JM, when shit is breaking down put a retard in charge.
I was wondering whether or not the blogger took up the challenge of performing non-intrusive, non-abrasive attacks against Cyberklix customers.
If he/she/it has, share the results.
I think it would be beneficial to see if the blogger and Cyberklix can put their actions into words and demonstrate their worth.
Word on the street is that Cyberklix just lost three more employees.
The Top Salesperson quit.
A SOC Analyst quit.
The Director of Professional Services was fired.
Glenn above is now the Director of Professional Services.
Any new factual updates on this company?
I have to admit this made for a very interesting read :) My days are not the same.
I demand you take down this blog! Its making it hard for my sales staff to sell our crap. We are the GODS of security and we will prevail. I have spoken!
John Menezes
I must admit that it is nice NOT living in fear anymore of loosing my employment now that I am working elsewhere rather then the slave driven Cyberklix. The funny thing is that Requiters are actually aware of their behavior with employees and are actually not recommending Cyberklix anymore !!
Rumor has it that someone gained access to their Bell Hosting account. Look out for modifications ( NOT defacement as that is illegal ) to their website.
The reason for this post is to hopefully give them time to change their password, and provide them a friendly reminder that as a Security Company they should use more complexity in their passwords.
In case you dont know where to change it from here is the link.
http://www.bellhosting.ca/en/login.php
Finally! The Furor surrounding this negative press has died down.
Now Cyberklix can get back to the business of raping and pillaging!
Yikes! Any comments regarding their purchase of Performance Network Solutions?
Anyone get raped by these jokers lately?
I am so ashamed and embarrassed to say this but Glenn from Cyberklix touched me in an unprofessional way while I worked there, I just wanted to share my experience to warn others. He is a creepy old man.
"Yikes! Any comments regarding their purchase of Performance Network Solutions?"
I hope not. I have worked with Eric's team for awhile now and they are great.
The question is will cyberklix learn from PerformanceNS?
RE: PerformanceNS
Looks like these guys can they can learn a lot from PNS.
Did Cyberklix keep Jesse and Eric from PerformanceNS?
if so they may fix this mess
Did anyone even try to contact these clowns lately?
Another sales casualty at Cyberklix! Was hired May 20th and told by John on Oct 24th that "it wasn't working out" then escorted to the door. Unbelievable when you consider the traction I was getting in net-new accounts but John isn't a patient man. His modus operandi is to demean his sales reps in order to drive results, but what I'm hearing on the street is that his top 5 accounts that drive 80% of his business are being won by his competitors. When a sales force is hired isn't the goal to drive more business in those existing accounts, but because he lacks confidence in his own reps he prefers to keep those accounts close to his chest and not share information. He did replace Trevor with a previous employee that has tenure but no managerial skills and is in Ottawa, not in Toronto where the bulk of the business is done.
For anyone considering working for Cyberklix be aware that their track record for retaining good people is questionable and inability to work with you in order to be successful doesn't exist.
Myself along with 3 other individuals were fired in late October 2008 because we didn't see eye-to-eye with the director of sale Luigina.
I personally am not vindictive but when it comes to philanthropy I've a real issue. As a major participant in worthy causes like Multiple Sclerosis, Ride to Conquer Cancer etc. I solicit pledges. While working at Cyberklix I asked Luigina, Jager and Philip Lee for support. In all cases they gladly said yes and I put them down for various amounts. Prior to the event I personally paid there pledges with the intent to collect the monies from each afterwards. In all 3 cases not one of those individuals has paid me for their pledge and therefore I'm out of pocket over $80 dollars.
Now what does that say about the character of the company and it's ethics?
PS. I sent an email to John Menezes in hopes that he would assist in getting me the money for these worthy cause, and he didn't even respond.
Who cares about the comments... could be anyone disgruntled employee, Cyberklix manager or an imposter.
What you have to look at is:
14 Grades, on legitimate companies, (1 pending)
A 5
B 1
C 2
D 1
F 4
Why did Cyberklix get the lowest grade an (F-)?
Did Eric stay on after selling? I doubt he would stay at that organization based on what I have read here.
Brilliant post. You couldn't get anyone to respond to a no-name blogger, so you give them an F based on their website.
This post is ridiculous, and the comments are a bunch of disgruntled, fired salespeople.
This is a good company with smart, honest people. Most companies who have a security need would do well to at least get Cyberklix's advice.
Eric was with Cyberklix for awhile, but ended up getting fired first from managing professional services in Canada, then from the company outright.
John told me today he was going to "put the screws" to RSA. RSA just posted a video on YouTube of this joker and they don't even know he is implementing Loglogic for a customer in the Managed Service (if you can call it that)
Cyberklix is down to one sales person in Canada. JM has fired them all. He also let Mile go, who was a star in our SOC.
I have confirmation that most of the PNS team is gone. I work for McAfee formally Secure Computing and I knew they could not keep the talent from PNS.
I have met the CEO once at a Secure event and he was a tool.
Check it:
http://www.personratings.com/name/John/Menezes/264667
Not sure how it went down. but something happend with the CTO where he was let go early. if jesse is the app guy then he's gone too.
They got the F bc they deserved it and its all factual data that was provided for the testing.
As for the monies that the guy didnt get you are right that was pretty lame on their end but you should have collected right off the bat.
As for Luigina....i would like to give her an F'ing :)
Eric was fired/quietly let go from that place. Something very bad/maybe illegal he did to a client a couple of months before his last day. From what I understand, it was pretty bad. Removing him and other people from there is probably the best thing that could happen to CyberKlix. I had a lot more success working out of the Canadian office anyway.
Eric was not actually fired ... what happened was as the manager of Pro Serv he demanded control of his team. If you know any of the executive there they are only figureheads and JM makes all the calls. So Eric was to work out of the US only. Then JM tried to change the cut Erics salary stating the US was not performing. Finally, this very recent.... JM did not pay the balance of of what was owed for the purchase of PNS.
So Eric and JM are doing battle over this...
Hi All -
So I know a lot of people like to post on this thread and use ex or current Cyberklix names in posts but I really am Eric Perkins, and my personally e-mail address is eric.perkins@gmail.com feel free to send me a note anytime, seriously.
It is difficult to wade through what is true and what is not with the comments, but I can tell you I was not fired. I tendered my resignation due to breach of contract on Cyberklix end and I am currently in US court suing them both at the local level in cook county and at the Federal level.
I wish I could say more about what the breach of my contract consisted of and why I left but I need to complete the litigation process first.
I wish none of the Cyberklix employees themselves any ill will, actually I like most if not all the employees I worked with during my time at Cyberklix.
I will say I am going to do everything within my power to pursue every last legal option I can to ensure John does the right thing.
""Anonymous said...
Eric was not actually fired ... what happened was as the manager of Pro Serv he demanded control of his team. If you know any of the executive there they are only figureheads and JM makes all the calls. So Eric was to work out of the US only. Then JM tried to change the cut Erics salary stating the US was not performing. Finally, this very recent.... JM did not pay the balance of of what was owed for the purchase of PNS.
So Eric and JM are doing battle over this...""
Whoever posted this is dead on. this is what happened... Thank you for posting this.
I worked with Eric, Jesse and the rest of the Performance Network Solutions team for a year and a half while at Secure Computing. Eric ran an excellent company. His sales guys knew our product and brought value to every opportunity (there were a ton of deals) and his services team was A+ all the time. PNS was my go-to vendor at Secure. I never had to worry about them at all.
As for this Comment:
"Eric was fired/quietly let go from that place. Something very bad/maybe illegal he did to a client a couple of months before his last day."
That couldn't be further from the truth. Eric is a stand-up guy with ethics and honesty in his DNA.
This is Jager... these comments are directed to the ASS that was yacking on about pledges not being paid. I don't remember who you are, but I assure you I do not skip out on charitable contributions, so your comments are derogitory. I did pledge and pay cash when I filled out the pledge form. I make a practice of always paying when I complete the form because I know I am forgetfull and with the revolving door at Cyberklix I would have made certain I took care of that. If you think I owe you money then contact me I am not hard to find. you can send me an email at jagersb90@hotmail.com, I'd be happy to give you my phone so we can get this straightened out and straighten you out at the same time you spineless piece of crap. If there is one thing I can't tolorate is people who hide behind anonymous blogs while accusing others of things like this. At least Eric has the courage and integrity to identify himself.
This is Jager... these comments are directed to the ASS that was yacking on about pledges not being paid. I don't remember who you are, but I assure you I do not skip out on charitable contributions, so your comments are derogitory. I did pledge and pay cash when I filled out the pledge form. I make a practice of always paying when I complete the form because I know I am forgetfull and with the revolving door at Cyberklix I would have made certain I took care of that. If you think I owe you money then contact me I am not hard to find. you can send me an email at jagersb90@hotmail.com, I'd be happy to give you my phone so we can get this straightened out and straighten you out at the same time you spineless piece of crap. If there is one thing I can't tolorate is people who hide behind anonymous blogs while accusing others of things like this. At least Eric has the courage and integrity to identify himself.
Hello Eric;
I am sorry to hear of your plight with Cyberklix.
Your story is yet another example of similar stories where Cyberklix has tried to stiff ex-employees on their due compensation.
I hope that things work out for you in the end.
My biggest wish to see Eric sues John for big money.....
CYBERKLIX WILL GO UNDER WATER....
US Operations are shut down. After buying a very successful company, with highly talented people John ran it into the ground in just over a year.
Why would someone buy a company that has a clear vision, great relationships and then terminate the people that make it work?
This guy is a piece of work. A friend of mine said the building in Chicago is putting a lien on his personal assets.
I am looking for a new job now as Cyberklix just fired me. I dont know why I was John's right hand. Literally i was his right hand whenever he needed pleasuring i was there with my right hand...I thought he loved me
Go get em Eric. You deserve every penny You get!
As for Cyberklix and John I have one thing to say:
NA NA NA NA
NA NA NA NA
Hey Hey Hey
GOODBYE Cyberklix!!!!!
John
So, Glenn was laid off from Cyberklix.
Now, that is a complete surprise considering he was The Right Hand man!
Could this be a sign of the times?
Cyberklix in 2012?
http://www.cyberklix.com/terms.aspx?Hid=57
I guess you are all wrong huh!
Post a Comment