About us
At Cossack Labs, we build security solutions to protect sensitive data in customers' products and infrastructures. We help address security risks efficiently so that our customers can focus on building their products with peace of mind about security.
To do this, we build security libraries, developer tools, custom solutions and collaborate with development teams as a security engineering team.
In essence, we do whatever is necessary to efficiently build practically secure systems without draining developers' time and minds.
Our team #
We are a team of experienced cryptographers and security software engineers. We've built various software solutions that required data security in the past and realised how hard it is to get things right as end-users of security software.
In 2014, we started as a data security R&D startup. We found a huge gap between companies' real-life needs and security market proposals in mitigating data-related security risks.
We combine three crucial technical expertise areas. Some of us have extensive cryptography and "hard security" backgrounds. Some of us are product builders at heart. Some of us are security engineers equally apt at breaking security controls and building them.
Julian Swallow
Julian has founded, built, managed, and led multiple software companies over four decades. Having previously raised tens of millions of dollars of equity finance, he managed three successful disposals, two to publicly-quoted companies, yielding above-average returns to shareholders. His operational focus is on finance, financial strategy, and legal.
Eugene Pilyankevich
Eugene has managed software development with high security and performance demands for over 15 years. His extensive experience and research enable him to focus on the challenges that large and small companies experience when seeking to make data security central to their operations, especially in the face of external pressures and uncertainties.
Chris Hennings
Chris originally trained as an economist but has coded, designed, and invested in a diverse range of software systems and companies for over 40 years. Elegant, appropriate, and useful code continues to delight. Chris sees effort spent to make world-class data security available to all as central to advancing the common good both now and into the future.
What our customers say:
Our mission #
Safer space for everyone in the future—without restricting innovations.
Security is complex and, at times, stands in the way of innovation—either because it’s a burdensome distraction or because the absence of security measures puts innovation’s reliability at risk.
Software is eating the world. We help software eat the world responsibly—by making it respect privacy and avoid embarrassing security breaches.
What we do #
We help our customers protect the value of their innovation—with products, research, bespoke solutions and consulting services. Whenever you need to protect your IP, users’ PII, sensitive data or comply with regulations—we’re here to help.
Research focused on practical problems
We constantly explore new capabilities, evolving the ecosystem methodologically and technologically. Our attention covers a broad scope: from tiny missing bits in security instrumentation to fundamental research in adapting academic security to a practical environment. R&D allows us to build better tools and solve unique customer problems.
Open-core, enterprise ready software
All our security products are open-core. It means all cryptographic code is open source, but many enterprise conveniences are licensed under the commercial license. Open-source and proprietary tools or frameworks—our products come in many shapes but deal with the same problem: convenient, robust and modern data protection.
Services and bespoke solutions
Security challenges come in many forms. Following our mission to solve problems, we adapt solution designs to meet customer-specific requirements. We offer a variety of solutions: security engineering services, cryptography engineering, application security consulting, to building unique bespoke solutions around our tools.
Our operating principles
Every team relies on operating principles, guidelines, and protocols to get work done. Some call them "secret sauce", but we're pretty open about the fundamental approaches we follow.We adhere to these principles in everything we do: building our tools, submitting bug reports to third parties, conducting audits, or designing solutions for our customers. We don't think these principles are unique, but our customers often recognize and praise Cossack Labs' value proposition and engineering excellence.
Our approach
Open-source security manifesto
At the core, we are an open-source company. All our fundamental and unique security technologies are open-source, all cryptography is open-source, often accompanied by the detailed scientific papers. Why so?
Secure data flow ecosystem
Often security tools are cumbersome. They don’t compose well. They add more complexity when deployed than they remove security risks. This is not what we want, and this is not how security tooling should look.
Magic of avoiding magic
We build tools to enable safe, responsible, and efficient innovation for everyone, bringing more magic of advanced technology into the world. To build technology which works like magic, we rely on boring things. What are they and how it works?
Realistic security
Our security efforts are targeted at 3 types of people: people inside, people outside, and attackers. No “universal optimal balance” allocation of effort works for every company. Why so?
Community support #
We're on the mission to make the world a better place, so we do much work for the community.
Our commitment to open source. Every novel security method or approach we implement ends up open source. Sooner or later, one form or another, we strive to make everything visible. Not just to follow Kerckhoffs's principle but to let the next generation of security builders have building blocks and references. Equally, we publish papers outlining the theory behind some of the technologies we're building to ensure more than just code to justify our designs.
OWASP contributions. We have learnt a lot from OWASP checklists and best practice guides, so we are giving back. Our security engineers contribute to several projects, including OWASP MASVS, OWASP MSTG, OWASP Cheatsheets, and others. We support, speak, and organise OWASP meetups.
Communities and events. Our team members often participate in international security and development conferences as speakers, organise and co-organise local events, and support communities (like CocoaHeads and Women Who Code).
Discounts for startups and products with good cause. If you're on a mission that will drastically improve the world, or the technology you're building might become a commodity making the world a better place, we can offer you great discounts on tools and services (conditions apply).
Supporting the next generation
of security professionals
#
We consistently support various community activities targeted at people just entering the security industry: our industry needs more smart people. We run a cryptographic R&D training program for interns with potential employment and extensive "deep dive" for professionals from other industries to information security.
Contact us #
Would you like to talk more about how we can help build a security solution for you? We're happy to talk. Ping us, and we'll be in touch soon.
HQ, United Kingdom
190 Clarence Gate Gardens
Glentworth Street
London NW1 6AD
United Kingdom
Any thoughts?
Talk with sales:
Would you like to work with us?
Media related questions here: