The name Synack comes from a cybersecurity pillar: the “Three Way Handsake”, which is used to create confidence network connections between devices, guaranteeing that both are ready for communication. In that constant data flow, the two founders of the company, who had worked in the NSA, saw the potential to bring together human technology and intelligence to protect the digital world. We talked to Alejandro Novo, Country Manager of Synack for Iberia.

Interview with Alejandro Novo, Country Manager of Synack: “Penteting must be part of the cybersecurity strategy”

What does Synack offer and what differentiates it from other Pentesting companies?

Our model has nothing to do with traditional Penteting, which is normally done by one or two people in a small time and in a timely manner. Synack offers continuous Pentesting over time, with a fixed rate, which allows you to control costs and ensure that digital assets are protected at all times. It is that the Pentesting is strategic, not tactical, and for this we have a technological platform of great value for customers and a human team formed by more than 1,500 researchers from different highly qualified countries, called Synack Red Team.

As also commented, we charge a fixed rate, and regardless of whether we find a or 1,000 vulnerabilities, the client has a clear cost estimate, something that with other models is not possible.

How do you see the market? Are you prepared for Pentesting As A Services (PTAAS)?

Pentesting as Service arises precisely as a response to the new needs of companies, whose attack surface is growing continuously, and with cyberamezas that take advantage of technologies such as AI to multiply aggressions, which has made traditional models of Pentesting not enough.

PTAAS allows you to instantly perform flexible and scalable penetration tests, at any time. In fact, Gartner estimates that, in 2026, organizations that use PTAAS will perform their penetration tests with 10 times more frequency and will remedy 2 times faster than those used by manual Penteting.

How does the Synack platform work?

It is a platform that connects the world of customers with the Synack Red Team and through which customers not only define the assets that are part of the service, but also can interact with the professionals who perform the Pentest tests. It offers all the control and visibility of the attack surface, shows patterns and failures in the security program, allows organizations to act on critical vulnerabilities and offers high -level reports that can be shown to the address.

That is, the Synack platform encompasses all the information for customers, and that is where they can see the evolution of their security program. The client can also communicate with researchers who are working in their case to understand the vulnerabilities that have been found and how they can remedy. For the client it is a totally automated platform, although behind there is a human team that is the one who provides the difference and who finds vulnerabilities that a fully automated platform cannot find.

Tell us about the researchers team

We have a highly qualified ethical hacker team, formed by more than 1,500 people from different countries that serve our platform. And this is important, since different tactics are used in each country and this allows us to put ourselves in the minds of any cybercriminal.

We allocate a team of between 50 and 100 researchers that rotate each month, which guarantees resources that no company could reach for itself.

Who can be Synack’s hacker? How do you guarantee that these are ethical hackers?

To enter the Red Team, very thorough security controls are passed in a long process. Of the people trying to enter the team, it fails to spend more than 5%. It is Synack who responds to the client, who assumes legal responsibility if something fails, so we ensure that our researchers are totally reliable.

How do you see the market in Spain? Are mature companies for this Penteting Model?

We usually work with companies that have very critical assets and many changes over time: banks, insurers, telecommunications, etc. With them we define which assets and applications are critical and likely to include in continuous Pentesting. The rest of the applications can be tested on time, when necessary.

These are mature companies in regard to security policies. In addition, our model allows to place pentasting from the first moment, in the preproduction and testing phases. This type of companies is that required by continuous pentesting.

In Spain we already have a good customer base, many of them Ibex 35 companies, and we hope to continue growing both directly and through alliances and the channel.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.