Scitum S.A. de C.V.

Scitum S.A. de C.V.

Speciality: Operational technology and red team penetration testing

Mexico 1091 employees
Visit Website View on LinkedIn
[01] About

Mexico-based IT services and cybersecurity company with 716 employees; the largest information security integrator in Latin America, specializing in penetration testing and vulnerability assessments for OT environments; founded in 1998; global rank #1,723,111, local rank #24,429 in Mexico.

Scitum is the largest information security integrator company, with presence in Mexico and other Latin American countries. Scitum's focus is aimed at meeting the needs of our clients, and we have services that comprehensively cover the security cycle, including consulting services and managed services. We are part of Telmex and Grupo Carso, which provides us with great support and financial capacity to undertake complex and large-scale projects. It is currently made up of more than 500 specialists in constant training who have more than 900 certifications from high level organizations such as: GIAC, ISC2, ISACA, ITIL, among other leading manufacturers in the industry.
[02] Services
Penetration Testing
Vulnerability Assessment
Red Team
Security Consulting
Cybersecurity Monitoring
[03] Certifications
GIAC

GIAC Certification in Cybersecurity


The Global Information Assurance Certification (GIAC) was created by the SANS Institute in 1999 to provide vendor-neutral certification for information security professionals. SANS (SysAdmin, Audit, Network, and Security) established GIAC to validate that cybersecurity practitioners possess the practical, hands-on skills needed to perform technical security roles effectively. The certification program was developed in response to the growing need for standardized measures of cybersecurity competency, particularly as organizations struggled to identify qualified professionals who could defend against increasingly sophisticated cyber threats.


GIAC certifications are highly valued in the penetration testing and cybersecurity industry because they focus on practical, real-world skills rather than purely theoretical knowledge. Each GIAC certification requires candidates to demonstrate technical proficiency through challenging exams that test their ability to apply knowledge in realistic scenarios. Certifications like the GIAC Penetration Tester (GPEN) and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) are particularly respected among penetration testing professionals and employers because they validate specific offensive security capabilities. Organizations seeking penetration testing services often look for teams with GIAC-certified professionals as assurance that the testers have been rigorously evaluated and possess current, applicable skills in identifying and exploiting vulnerabilities.

ISC2
ISACA

ISACA Certifications


ISACA, originally founded in 1969 as the Information Systems Audit and Control Association, was established by a small group of individuals who recognized the need for a centralized source of information and guidance in the growing field of auditing controls for computer systems. The organization evolved from focusing solely on audit professionals to addressing broader information security, governance, and assurance needs. ISACA developed several well-known certifications including the Certified Information Systems Auditor (CISA) in 1978, followed by the Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified in the Governance of Enterprise IT (CGEIT).


ISACA certifications are highly valued in the penetration testing and cybersecurity industry because they demonstrate a comprehensive understanding of IT governance, risk management, and security frameworks that contextualize technical testing work. While penetration testers focus on identifying vulnerabilities through hands-on technical assessments, ISACA credentials—particularly CISA and CISM—validate their ability to understand the broader organizational risk landscape, communicate findings to management effectively, and align security testing with business objectives and compliance requirements. Many penetration testing firms employ or seek ISACA-certified professionals to bridge the gap between technical security testing and strategic risk advisory services, making their offerings more comprehensive and valuable to enterprise clients who need both technical depth and business-aligned security guidance.
ITIL

ITIL Certification Overview


Origins


ITIL (Information Technology Infrastructure Library) was created by the UK government's Central Computer and Telecommunications Agency (CCTA), now part of the Office of Government Commerce (OGC), in the 1980s. It was developed to standardize IT service management practices across government agencies, addressing the need for more efficient and cost-effective IT service delivery. While ITIL itself is an IT service management framework rather than specifically a cybersecurity certification, it has evolved through multiple versions (currently ITIL 4) and includes modules addressing security management as part of comprehensive IT service delivery.


Industry Value


ITIL certification is highly valued in the IT industry because it provides a globally recognized framework for aligning IT services with business needs and improving service quality. Organizations implementing ITIL practices typically experience reduced costs, improved customer satisfaction, and more efficient incident and problem management. For IT professionals, ITIL certification demonstrates knowledge of best practices in service management, making them more competitive in the job market. The framework's emphasis on continual service improvement and risk management makes it particularly relevant for organizations seeking to maintain robust, secure, and reliable IT operations.
[05] Notable Clients
  • Telmex
  • Grupo Carso