There are a lot of companies that offer cybersecurity protection and resources that help companies better protect their systems. However, a unique and necessary part of this ever-rowing field is penetration testing, paid hacking, which is what Atlanta-based technology company Raxis specializes in.
Founded by CEO Mark Puckett, Raxis is a pure-play penetration company that is paid to break-in to systems and provide recommendations. Its elite team not only breaks in but also attempts to extract sensitive data including addresses, social security numbers, passwords, credentials, bank account information, and trade secrets, to show how easily an external party can compromise a company’s system.
“Raxis is a technology company that really focuses hard on breaking into companies for hire,” Puckett said. “You’re probably thinking, well that doesn’t sound very good. It’s quite helpful for companies when they spend tons of money on their security, they need to figure out if it’s actually working or is it’s effective.”
“So we hack like the real hackers do. We break in or attempt to break into companies of any size, from small to large enterprises, and see how far we can get. If we can break in, we write up a report explaining how we did it, with screenshots showing step by step how we did it.”
Many larger companies task their internal teams with penetration testing, but without an actual threat or an external testing company, accuracy comes into question.
For example, back in 2014 Home Depot was hacked, exposing information from over 56 million credit debit cards. And Home Depot is one of the large companies that have an internal team to constantly do penetration testing on their systems.
Prior to this major hack, Puckett was apart of that team as the penetration testing division manager. He immediately started Raxis after leaving in 2011.
“The web team at Home Depot would attack their own systems to determine security posture. I decided that I wanted to go on my own and I wanted to start a business for some time. I ended up leaving Home Depot and starting my own company,” Puckett said.
A Georgia State University alumnus, Puckett has been in cybersecurity since 1994.
“I started out in security back in college,” Puckett said. “I ran the network and computer systems for students to write their term papers or use the tools. Often the students would try to break into the systems of compromise it. I found myself trying to keep them out and that got me into security.”
While he definitely had the background and expertise for cybersecurity when he decided to go out on his own, Puckett discovered that running a business was an entirely different thing altogether.
“For the first several years, I was the penetration tester, the accountant, the tax guy, and the sales guy. I did the website, marketing, everything. I found that I was pretty much just working a job. I was chasing the next job. I would do the job and then I would do marketing to chase the next job. I found that I was working just as much as I was before and I didn’t start a real company,” Puckett said.
According to him, it wasn’t until he brought on additional help that he started to see Raxis grow. Today the company has more than ten employees, most living Atlanta-area.
Additionally, his staff has always been 100-percent remote. Prior to the pandemic, Raxis would visit customers and conduct internal testing onsite. The onsite testing has continued, but the social calls have been put on hold.
“We like to visit a lot of our customers, especially if they’re in Atlanta or the North Georgia area. We say hello or take them to lunch. That type of stuff stopped,” Puckett said.
“Also, most of our tests can be done remotely. We use our own device, called a Transporter, to connect to the customer’s network and pretend like we’re a malicious insider or bad employee. They plug it in for us and we do the internal test remotely.”
Another thing that the Raxis team started doing during the pandemic was to create videos of cybersecurity tips and tutorials on YouTube. For five months, the company has built a small library of videos to discuss the use of badge scanners and hidden cameras to bypass security, how hackers use compressed air to breach physical security and the most common security vulnerabilities.
These videos not only provide helpful information but also open people’s eyes to the many things that hackers do to get information.