Cybersecurity startup Cobalt has raised $29m in a Series B funding round to expand its Pentest as a Service (PtaaS) platform, which is designed to challenge software security testing.

The funding round was led by Highland Europe, growth-stage experts that have previously invested in companies including Malwarebytes and WeTransfer.

Additional funding for Cobalt came from Adobe chief product officer Scott Belsky; Zendesk VP of Engineering Soren Abildgaard; former oDesk CEO Gary Swart; former Upwork operations VP Elizabeth Tse; former Veracode product VP Greg Nicastro and former Google VP of security engineering Gerhard Eschelbeck.

Central to the startup’s offering is a focus on transforming penetration testing, or pentesting for short, where experts attempt to find vulnerabilities in software so that they can be fixed before they are found by malicious actors.

However, while most pentesting is currently conducted by traditional consultancies, Cobalt is one of a number of companies that is disrupting the market by connecting companies to individual penetration testers – also known as ethical hackers.

“Organisations do business globally and digitally, yet traditional pentesting is delivered locally via a PDF,” said Jacob Hansen, co-founder and CEO of Cobalt.

“The pentesting industry doesn’t need another cool tool, it needs people and process innovation. That is why we created a way to engage the best cybersecurity talent, via our pentest management platform, allowing customers to move from a static pentest to platform-driven pentest programmes. Cobalt ultimately drives better security and improves return on investment for each customer.”

Cobat funding to build on PtaaS model

Colbalt has innovated on this approach further by moving away from the popular bug bounty model, where companies offer high-value rewards for vulnerability discoveries during a fixed window, and instead offering a subscription-based service for continuous access to pentesters through its PtaaS platform.

This allows companies to launch pentesting programmes at extremely short notice – at little as 24 hours – with a pool of verified pentesters. And once such a programme begins, developers can act on vulnerabilities as soon as they are discovered and notify pentesters as soon as they are fixed.

For Cobalt, the opportunity for innovation – and perhaps the reason for its successful funding – has been not in changes to pentesting itself, but the way it is accessed by businesses.

“Sometimes it’s by solving unsexy problems that you revolutionse a whole industry,” said Caroline Wong, Chief Strategy Officer of Cobalt.

“Consultancies have relied on the story that the hardest part of pentesting is hacking the software. Actually, we’ve known for decades what the most pervasive technical problems are and how to address them.

The State of Technology This Week

“The much harder part is connecting with the right people who can do the technical security work, and delivering the results to the development team who can fix the vulnerability.”

This approach is chiming with customers, with the company already having over 500 customers, including GoDaddy, Vonage, Axel Springer and MuleSoft.

The funding will enable Cobalt to grow its customerbase further, particularly across the world, as well as further develop its PtaaS platform.


Read more: Apheris nets €2.5m funding to enhance privacy in data sharing