Compass Security

Compass Security

Speciality: Comprehensive Penetration Testing and Red Teaming

Singapore 74 employees Publishes CVEs
Visit Website View on LinkedIn
[01] About

Cybersecurity company specializing in penetration testing, security reviews, red teaming, and incident response; 36 employees, $1.7M revenue, founded 1999, headquartered in Singapore, with offices in Switzerland, Germany, and Canada; CREST certified pentest provider with a global rank of #911,455 and 24,491 monthly website visits.

Compass Security has been a leader in the prevention and detection of cyberattacks since 1999. With more than 70 employees in Switzerland, Germany, and Canada, the group provides comprehensive cybersecurity services and solutions. *Prevention - Detection - Reaction* We help you to improve the security of your data and systems. Whether through penetration testing or red teaming, we identify vulnerabilities before others do. Our team of experts supports the monitoring and detection of threats and the coordination and resolution of security incidents (24/7). Our bug bounty platform connects organizations with a global community of security researchers to identify vulnerabilities proactively and efficiently. Live hacking demos, awareness workshops and in-depth cybersecurity training programs round out our services. *Secure File Transfer* The FileBox from Compass Security is a secure solution for the exchange of documents and data. It is user-friendly and offers a high level of security. All data is hosted in Switzerland or at the customer's site. *Hands-on Cyber Security Training* The development of security specialists is very important to us. With Hacking-Lab, we operate a globally used online platform that imparts knowledge and practical skills in attack and analysis techniques. The platform is highly successful in assessments, skill-building, as an exam platform, and in international capture-the-flag (CTF) events. Compass Security strives to be “Leading Edge”. Our focus is on our people and their knowledge and skills. Their research and analysis regularly receive international recognition in the IT security community and at major security conferences such as Pwn2Own Toronto and Ireland, BlackHat Las Vegas, Nullcon India.
[02] Services
Provides Penetration Testing
Red Teaming
Managed Detection And Response
Incident Response And Forensics
Security Reviews
Purple Teaming
Bug Bounty Management
Cybersecurity Training
Secure File Transfer Solutions
An Online Ethical Hacking Platform.
[03] Certifications
ISO/IEC 27001:2022

ISO/IEC 27001:2022


Origin


ISO/IEC 27001 was developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard evolved from the British Standard BS 7799, first published in 1995, with the first ISO/IEC 27001 version released in 2005. The most recent version, ISO/IEC 27001:2022, was published in October 2022. It was created to provide organizations with a systematic framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), addressing the growing need for standardized approaches to protecting sensitive information in an increasingly digital world.


Industry Value


ISO/IEC 27001 is highly valued in the industry because it demonstrates an organization's commitment to information security through independent, third-party certification. The standard provides credibility and competitive advantage, often serving as a prerequisite for doing business with government agencies and security-conscious organizations. It helps companies systematically identify and manage information security risks, ensure regulatory compliance, and build customer trust. For many industries—particularly finance, healthcare, technology, and cloud services—ISO/IEC 27001 certification has become essential for winning contracts, entering new markets, and demonstrating due diligence in protecting client and organizational data.
CREST

CREST Cybersecurity Certification


Origin


CREST (Council of Registered Ethical Security Testers) was established in 2006 in the United Kingdom by a group of cybersecurity professionals and industry representatives. It was created to address the growing need for standardized, recognized qualifications in penetration testing and cybersecurity services. The organization emerged from concerns about the quality and professionalism of security testing services, aiming to provide a framework that would certify both individual practitioners and the companies that employ them.


Industry Value


CREST certifications are highly valued in the cybersecurity industry because they demonstrate a practitioner's technical competence and adherence to professional ethical standards. Many government agencies, financial institutions, and large corporations specifically require CREST-certified professionals when procuring penetration testing or security assessment services. The certification provides assurance to employers and clients that certified individuals have been independently verified to possess the necessary skills and knowledge, and that they follow established codes of conduct. This makes CREST credentials particularly important for cybersecurity professionals working in regulated industries or seeking to work with organizations that have stringent security requirements.
[05] Notable Clients
  • Vereinigte Hagelversicherung VVaG
  • Nimbus AG
  • Magnolia International Ltd.
  • Pensionskasse Stadt Zürich
  • Förster-Technik GmbH
  • Walder Wyss Ltd.
  • Metrohm AG
  • Fabasoft AG
  • CSP AG
  • University Hospital Zurich
  • Visana Services AG