Back to overview

Why Helloflex group uses periodic pentesting: "we have a high risk profile"

  • Case Study

Today, thanks in part to strict privacy legislation, it’s increasingly important to properly protect personal data against data leaks and misuse. More and more organizations are therefore looking for a partner to expose the vulnerabilities in their digital products, including companies like HelloFlex group. We discussed this topic with Menno Methorst, Security Officer at HelloFlex group.


HelloFlex group is a software provider with a strong focus on companies in the recruitment and personnel sector, such as employment agencies, recruitment and selection agencies, and secondment agencies. With their workforce management software, HelloFlex helps these organizations simplify their daily HR processes using automation.

The company has a ‘high-risk profile’ because their products are used in an industry where personal data and special personal data are processed on a large scale.

Because HelloFlex handles sensitive information, a good cybersecurity process is very important. At all costs, they want to prevent any vulnerabilities in their product that could cause problems for their clients.


Periodic Pentesting with Hacksclusive

To prevent these kinds of vulnerabilities from being overlooked, the HelloFlex group wants to pentest their digital products periodically and frequently. They have recently embraced Hacksclusive as a permanent partner for solving this requirement.

This is not the first time HelloFlex group has turned to Hacksclusive for assistance. A while ago, HelloFlex group had Hacksclusive perform a pentest on one of its labels. Today, Hacksclusive is being used organization-wide to test processes and products for vulnerabilities.

So, the initial, one-off pentest, ended up becoming the starting point for a renewed collaboration.

In addition to looking for a partner that could perform pentests, HelloFlex group also wanted help with DevSecOps (Development, Security & Operations). This is a software development process that integrates cybersecurity at every stage, to deliver a robust and secure application.



Pentesting in the cloud has its advantages!

Hacksclusive's entire pentesting process is now available via a cloud-based platform. This makes pentesting an interactive collaboration between the client and the ethical hacker. In this way, HelloFlex group can take rapid action, ensuring critical vulnerabilities are dealt with in a timely manner.
“It is great that people on our side can get a handle on it this way. Because we can see the findings in real time, we can get started right away. If we think we have solved it, we can request a retest immediately. This way of working is therefore an absolute added value for us compared to a closed process that ultimately only produces a report at the end of the pentest process.

"By sharing the findings in real-time, Hacksclusive offers us the opportunity to take immediate action. This way we can work quickly and methodically on improving the safety of the product. As a result, our developers are not suddenly overwhelmed with a large number of ‘to-dos’ at the end of the process".


“At Hacksclusive you know that you get quality. It’s a young company, but this does not mean that they have yet to earn their stripes. Together, they combine years of experience within the cybersecurity sector”.

Menno Methorst, Security Officer, HelloFlex Group
Kopie van Flexpeople_carilijnepieters-18-scaled

Not always pleasant, but very important

Of course, there are always new challenges in the field of cybersecurity. After all, developments happen at lightning speed in this field. But what is the greatest challenge for the HelloFlex team?

“That is mainly due to the culture-shift component,” says Menno, who describes the significant challenge of communicating - across all layers of the organization - what is happening in the area of cybersecurity, and what needs to be done.

 “At the moment we have drawn up a lot of fundamental policies and the overarching framework is in place, but it still needs to be implemented. It is precisely this that is a major challenge in the phase where we are now with our company.

Why is this such a big challenge? When we implement this, employees who are not directly involved with security are also expected to take a number of actions. They may find this annoying - and that is not always pleasant, but it is very important.”

Related stories