At Cossack Labs, we build security solutions to protect sensitive data in customers' products and infrastructures. We help address security risks efficiently so that our customers can focus on building their products with peace of mind about security.
To do this, we build security libraries, developer tools, custom solutions and collaborate with development teams as a security engineering team.
In essence, we do whatever is necessary to efficiently build practically secure systems without draining developers' time and minds.
Our team #
We are a team of experienced cryptographers and security software engineers. We've built various software solutions that required data security in the past and realised how hard it is to get things right as end-users of security software.
In 2014, we started as a data security R&D startup. We found a huge gap between companies' real-life needs and security market proposals in mitigating data-related security risks.
We combine three crucial technical expertise areas. Some of us have extensive cryptography and "hard security" backgrounds. Some of us are product builders at heart. Some of us are security engineers equally apt at breaking security controls and building them.
Julian has founded, built, managed, and led multiple software companies over four decades. Having previously raised tens of millions of dollars of equity finance, he managed three successful disposals, two to publicly-quoted companies, yielding above-average returns to shareholders. His operational focus is on finance, financial strategy, and legal.
Eugene has managed software development with high security and performance demands for over 15 years. His extensive experience and research enable him to focus on the challenges that large and small companies experience when seeking to make data security central to their operations, especially in the face of external pressures and uncertainties.
Chris originally trained as an economist but has coded, designed, and invested in a diverse range of software systems and companies for over 40 years. Elegant, appropriate, and useful code continues to delight. Chris sees effort spent to make world-class data security available to all as central to advancing the common good both now and into the future.
What our customers say:
"We improved our applications, deepened our knowledge of application security, and gained a better understanding of mobile platform security. Your team’s knowledge and friendliness made the entire process easy and enjoyable. We are excited about future collaborations."
Konstantinos Natsios, lead mobile engineer at TradingCom
"We asked Cossack Labs engineers to review the security and cryptography in our products. What we’ve got was beyond expectations: a highly detailed analysis and lots of practical advice on how to fix current issues and implement long-term enhancements, all of them in line with our security and business goals."
Korney, CTO and Co-founder at MadFish.Solutions
"Thank you very much for all you did so far & the thoroughness, skill & knowledge you invested into this, all of you!"
Founder of a blockchain software company after our cryptographic review
"I have definitely learned A LOT since we started working together with Cossack Labs. I have learned to be a better engineer because of their knowledge in mobile security."
Ronald, Software Engineering Manager at M&A SaaS provider
"Cossack Labs shares myGaru’s mission to put individuals in the center of digital processes and give control on personal data back to users. Cossack Labs team is building secure data processing components and the privacy layer of myGaru solution."
Vitalii Morozenko, Founder and CEO at myGaru
"We were thrilled work with Cossack Labs, leveraging their 15+ years of experience, to secure Bear user`s notes. It enabled us to elevate our core user experience with the security and privacy our users demand."
Shiny Frog team, creators of Bear app
"Cossack Labs covered our back in data security, helping us to serve our customers better and target not only private hospitals, but also governmental healthcare companies."
Andrei Popa, CTO at GoClinic
"End-to-end encryption engine based on Themis and Acra allows us to scale our product and attract new customers while being sure that their data is available only to them."
Sergey Zenchenko, CEO at AppSpector
We help the leaders to get through building secure systems at scale
Our mission #
Safer space for everyone in the future—without restricting innovations.
Security is complex and, at times, stands in the way of innovation—either because it’s a burdensome distraction or because the absence of security measures puts innovation’s reliability at risk.
Software is eating the world. We help software eat the world responsibly—by making it respect privacy and avoid embarrassing security breaches.
What we do #
We help our customers protect the value of their innovation—with products, research, bespoke solutions and consulting services. Whenever you need to protect your IP, users’ PII, sensitive data or comply with regulations—we’re here to help.
Research focused on practical problems
We constantly explore new capabilities, evolving the ecosystem methodologically and technologically. Our attention covers a broad scope: from tiny missing bits in security instrumentation to fundamental research in adapting academic security to a practical environment. R&D allows us to build better tools and solve unique customer problems.
Open-core, enterprise ready software
All our security products are open-core. It means all cryptographic code is open source, but many enterprise conveniences are licensed under the commercial license. Open-source and proprietary tools or frameworks—our products come in many shapes but deal with the same problem: convenient, robust and modern data protection.
Services and bespoke solutions
Security challenges come in many forms. Following our mission to solve problems, we adapt solution designs to meet customer-specific requirements. We offer a variety of solutions: security engineering services, cryptography engineering, application security consulting, to building unique bespoke solutions around our tools.
Our operating principles
Every team relies on operating principles, guidelines, and protocols to get work done. Some call them "secret sauce", but we're pretty open about the fundamental approaches we follow. We adhere to these principles in everything we do: building our tools, submitting bug reports to third parties, conducting audits, or designing solutions for our customers. We don't think these principles are unique, but our customers often recognize and praise Cossack Labs' value proposition and engineering excellence.
Open-source security manifesto
At the core, we are an open-source company. All our fundamental and unique security technologies are open-source, all cryptography is open-source, often accompanied by the detailed scientific papers. Why so?
Secure data flow ecosystem
Often security tools are cumbersome. They don’t compose well. They add more complexity when deployed than they remove security risks. This is not what we want, and this is not how security tooling should look.
Magic of avoiding magic
We build tools to enable safe, responsible, and efficient innovation for everyone, bringing more magic of advanced technology into the world. To build technology which works like magic, we rely on boring things. What are they and how it works?
Our security efforts are targeted at 3 types of people: people inside, people outside, and attackers. No “universal optimal balance” allocation of effort works for every company. Why so?
Community support #
We're on the mission to make the world a better place, so we do much work for the community.
Our commitment to open source. Every novel security method or approach we implement ends up open source. Sooner or later, one form or another, we strive to make everything visible. Not just to follow Kerckhoffs's principle but to let the next generation of security builders have building blocks and references. Equally, we publish papers outlining the theory behind some of the technologies we're building to ensure more than just code to justify our designs.
OWASP contributions. We have learnt a lot from OWASP checklists and best practice guides, so we are giving back. Our security engineers contribute to several projects, including OWASP MASVS, OWASP MSTG, OWASP Cheatsheets, and others. We support, speak, and organise OWASP meetups.
Communities and events. Our team members often participate in international security and development conferences as speakers, organise and co-organise local events, and support communities (like CocoaHeads and Women Who Code).
Discounts for startups and products with good cause. If you're on a mission that will drastically improve the world, or the technology you're building might become a commodity making the world a better place, we can offer you great discounts on tools and services (conditions apply).
Supporting the next generation
of security professionals
We consistently support various community activities targeted at people just entering the security industry: our industry needs more smart people. We run a cryptographic R&D training program for interns with potential employment and extensive "deep dive" for professionals from other industries to information security.
Contact us #
Would you like to talk more about how we can help build a security solution for you? We're happy to talk. Ping us, and we'll be in touch soon.
HQ, United Kingdom
190 Clarence Gate Gardens
London NW1 6AD
Talk with sales:
Would you like to work with us?
Media related questions here: