Full Report
With 2013 coming to a close, I thought it pertinent to look back at the year we’ve had and also forward to what’s promising to be an incredibly exciting 2014 for us. 2013 for SensePost, was a year of transition. With a new leadership structure in myself, Shane and Dominic, we had a chance to stamp our style and vision and also learn from Charl and Jaco. One of the first leadership choices was to expand our reach and open our first office in London, aptly in a borough called Hackney. Here, we grew our family and welcomed some amazing people into the plak. After a few short months, we had outgrown the office and needed to look for bigger premises, this time in another aptly named area: Whitechapel (think Jack the Ripper).
Analysis Summary
# Industry News: SensePost Review 2013 and Strategic Expansion
## Summary
SensePost reviewed 2013 as a significant year of transition, marked by new leadership, aggressive geographical expansion into London, and substantial growth in technical training and services. Critically, the year culminated in the company's acquisition by SecureData Europe, signaling a new trajectory for growth and organizational maturity.
## Key Details
- Date: Announced late in 2013 (Acquisition details linked to Nov 2013)
- Companies Involved: SensePost, SecureData Europe
- Category: Company Milestone / Acquisition / Operational Expansion
## The Story
SensePost experienced a transformative 2013 under new executive leadership (Shane, Dominic, and the author). Key business developments included expanding international reach by opening its first London office, quickly necessitating a second move within the city due to rapid growth. Operationally, the company ramped up its offensive security training globally (Blackhat, 44Con) and introduced new specialized courses (mobile assessments, malware reverse engineering). Strategic internal hires focused on service delivery efficiency (Project Manager for assessments) and service line enhancement (new head for Managed Vulnerability Service, MVS). The year concluded with the major strategic announcement of SensePost's acquisition by SecureData Europe, framing 2014 as an era of accelerated development.
## Business Impact
### For the Companies Involved
- **SensePost:** Gains access to the resources, stability, and likely broader customer base of SecureData Europe, enabling continued investment in R&D and specialized service offerings. The acquisition validates their technical prowess and market standing.
- **SecureData Europe:** Integrates a highly respected, technically driven offensive security/pentesting team and a mature, well-regarded training portfolio, enhancing its end-to-end security offering.
### For Competitors
- Competitors in the specialized penetration testing and offensive security training space face increased pressure from a newly integrated, potentially better-funded entity. The combination may streamline service delivery, offering a more compelling value proposition than stand-alone boutiques.
### For Customers
- **Current SensePost Clients:** Benefit from the increased stability and potential integration with broader SecureData services. The ongoing commitment to high-level research and training suggests service quality continuity.
- **Potential Clients:** Gain access to a combined capability set, potentially streamlining procurement for both offensive security services and managed security needs (via the revamped MVS).
### For the Market
- The acquisition signifies the continued maturation and consolidation within the specialized cybersecurity services market. Highly technical, research-focused boutique firms are increasingly becoming attractive targets for larger security integrators looking to bolster capabilities beyond traditional managed security services (MSSP) or compliance.
## Technical Implications
SensePost highlighted significant technical activities, including research into IoT vulnerabilities, surveillance frameworks, Trustzone OS analysis, and using Spatial Statistics for Fast-Flux C2 detection. The integration ensures these rigorous research methodologies are likely to continue, potentially being leveraged across SecureData Europe’s broader client base. Key focus areas for 2014 involve expanding their proprietary training curriculum (Hacking by Numbers) and revamping the Managed Vulnerability Service (MVS).
## Strategic Analysis
- **Market Positioning:** SensePost transitions from a highly respected independent technical consultancy to a specialized component within a larger European security group, improving its market reach across geographies (especially the now-established UK presence).
- **Competitive Advantage:** The unique blend of deep offensive research ethos, global training presence, and new corporate backing creates a hybrid advantage—combining agility with enterprise scale.
- **Challenges:** Integrating the distinct "hacker ethos" and creative work environment of SensePost with the structure of SecureData Europe will be crucial to retain technical talent and prevent cultural friction. Rapid scaling of the London office also indicates ongoing operational challenge management.
## Industry Reactions
- **Analyst Opinions:** Acquisitions like this often draw attention as proof points for the value of deep technical expertise in the modern security landscape, moving beyond simple compliance checks.
- **Expert Commentary:** The focus on formalizing training management (Craig Swan's return) and process efficiency (Victor Tadden's role) suggests a professionalization of service delivery, which is necessary for sustainable growth post-acquisition.
- **Market Response:** The acquisition generally signals positive momentum for SecureData Europe, demonstrating a strategy focused on acquiring niche, high-value intellectual property.
## Future Outlook
- 2014 is predicted to be a year of accelerated growth, heavily supported by investment from SecureData Europe, particularly in their education services and the newly structured MVS. We should watch for specific announcements regarding how the MVS service line is revamped under new leadership.
## For Security Professionals
This development underscores the high market value placed on certified, cutting-edge offensive security training and expertise. Practitioners should note the continued importance of specialized skills in mobile security and malware analysis, as these areas are being actively developed and commercialized by top-tier firms.