What is PWNX? If you surf the Internet a bit (https://pwnx.io/) you come across a site that talks about: challenges, games, red, blue and purple... But what do these terms refer to?
We ask Enrico Ingenito, sales director of PWNX.
Can you help us understand your role and the company's activities?
I am a Security person with commercial training and a visceral passion for innovation and technology, I hold the role of sales director of PWNX, an innovative start-up born in 2021 with over 20 years of experience of the founders.
PWNX is technically a platform that provides a cloud-based service and is our response to the important and widespread phenomenon of the "skill shortage" in Cyber Security, which in recent years has had a profound impact on both private companies and government organizations that are faced with a very complex, articulated and unprecedented scenario.
To date, selecting technical profiles, with extremely vertical skills, in the various specializations of the Cyber Security panorama is no longer the "plus" of a few virtuous subjects, but a real necessity for everyone to face the numerous and increasingly growing technological threats of a physical and logical nature.
PWNX is the Italian tool that allows you to measure and select profiles with extremely high technical skills and train new talents through a pragmatic approach.
The role of "gamification" today has an absolutely recognized value in many sectors and that of Cyber Security is no exception.
What PWNX offers through numerous and diversified "game modes" is a technically faithful representation of the real world, starting from the nomenclature of the disciplines of which this vast sector is composed. And it is precisely through these modes represented, highlighted by different colors:
• Red ⇒ team of attackers trying to exploit the vulnerabilities of computer systems and applications introduced in PWNX laboratories;
• Blue ⇒ unlike the traditional meaning that is usually given to the term "blue", in this case we are dealing with challenges aimed at solving vulnerabilities by implementing due countermeasures for mitigation through the laboratories provided by PWNX (also indicated for the selection of personnel in the context of software development);
• Purple ⇒ hybrid approach activities, which sees a balanced integration between the Red & Blue activities, in order to guarantee and maximize the effectiveness of both. In reality, the activities of Purple Teaming can be defined as a sort of relational dynamic between the two fronts, in a scenario of attack and defense "all against all").
Through these different game modes, PWNX offers punctual scenarios involving professional profiles oriented towards the ethical use of offensive attack techniques, aimed at identifying security vulnerabilities rather than defense and monitoring of IT incidents, through in-depth analysis of the traces left by an attacker.
Is PWNX an Italian company? Who are your competitors in Italy and in the world?
PWNX is the acronym of “PWN like an eXpert”, a name that defines the cultural extraction that gave rise to the PWNX mission, with over 20 years of experience behind it in the offensive security field. Becoming capable of hitting (to pwn) and consequently "taking possession and control" of an application, a website or a network infrastructure, as an expert attacker would do, with a considerable impact on the confidentiality, integrity and availability of the "assets". The term comes from video games and is widely used in the world of cyber security.
PWNX is a 100% Italian company, but with a global presence and geographical distribution, a solid reality that today has just under 3000 registered users scattered around the world which are proof of this. There are not many competitors of PWNX and almost all based in the United Kingdom, each of these has specific peculiarities that we share, consequently also embracing the reference market. Compared to its competitors, PWNX is a young company that aims to bring out its potential through the use of Natural Language Processing models to concretely support human resources departments in the appropriate selection of their candidates. A Curriculum Vitae is a document that anyone can write, perhaps enriching it with notes of colour, while the concrete and measurable result of a technical test carried out using PWNX is an objective fact.
Can you play just to learn? What kind of knowledge do you need to have to understand platform games?
The answer is yes, even if first of all we need to make a premise: today compared to 20 years ago, the web is a place where you can easily learn and experiment with new concepts through multiple free and paid contents.
Making "play" for the sole sake of learning something new is our first goal and that's why we offer 22 free workshops and constantly renewed with which to practice, together with the specific training material for the step-by-step solution of each single challenge present on the platform.
Possessing previous skills in the field of programming and administration of networks and operating systems certainly constitute a facilitation in undertaking this type of path; However, experience in the field has taught us that there are many young people in schools and universities who are passionate about this vast discipline, who voluntarily build or deepen their vertical technical background in the offensive world, long before arriving at their first real professional experience.
How much does the platform cost? Who would you recommend it to and who wouldn't you?
PWNX is a platform designed for all possible and feasible technical levels of the world of cyber security that are behind our slogan: "From Zero To Hero". The premium platform for individual accounts has an extremely competitive cost, starting from 75 euros for 200 hours to be used on all the laboratories on the platform.
The prices for personnel selection support services with the added value use of the AI component and the training packages consisting of laboratories and technical documentation vary, depending on the precise needs of the companies and are extremely customizable and modular.
PWNX's dedicated professional services are designed to create real job opportunities, in a market context where the demand for vertical skills is much higher than the available supply. This is precisely what makes our platform suitable for all levels of technical skills necessary for the Cybersecurity ecosystem.
Let's talk about the real and substantial problem of our ecosystem: the skill-shortage. How, through which tools, is the platform able to support a personnel selection process?
The main objective of PWNX is to provide HR with an effective tool, which does not overlap with the traditional consolidated processes for selecting qualified personnel, but which can instead offer valid practical and intuitive support, through which to concretely measure the performance and technical value of a candidate, using a practical and realistic approach. The dedicated development of Natural Language Processing models allows us to analyze the technical behavior of the candidate in detail, analyzing the different types of attack (as well as the related execution methods chosen) carried out during the entire selection test.
Each single test can be modeled by selecting appropriate practical laboratories, suitable for searching for a well-defined and circumscribed type of "ideal candidate".
Through the services provided by the platform, a selection team, a talent hunter, a company, what final result does it bring home?
A talent hunter can view the results obtained by the candidate during the selection test, see in detail the types of attacks carried out by the candidate, the degree of adherence to the laboratories used within the test compared to what was practically carried out by the candidate himself and a positioning of the same within a quadrant graph which allows a better understanding of the degree of practical technical preparation.
Based on the objective results processed by the platform, the individual evaluator rather than a selection team will have a truly clear and accurate picture of the candidate's real technical skills and their value.
Naturally, specialized technical consultancy services are also offered to companies, in order to offer the greatest possible added value to all those structures that need to select valid candidates, but which do not have the necessary skills in house to evaluate them at best.
We talked about skill shortage, calling it the "real problem". What do you think about the - related - problem of keeping experts in your organization?
The phenomenon of the skill shortage consequently creates a further difficulty in retaining and retaining such specialized professionals within companies, regardless of the level of skills. What were the classic ways to keep talent in the company are no longer adequate.
The demand for profiles in this specific sector is undoubtedly very high both in Italy and abroad and this consequently entails having to give rise to a profound cultural change within the companies themselves, which will have to concretely demonstrate, themselves first, a high degree of sensitivity to issues relating to Cyber Security and an adequate plan of investments and tools dedicated to the internal growth of their employees, from a professional, economic but above all training point of view.
Companies that invest in specialist training for their technical human resources will undoubtedly have an advantage over the others.
Any advice to finish?
The best way to understand the potential offered by PWNX is to try it. I invite you to go up https://pwnx.io for more information or, better yet, directly on https://play.pwnx.io to register your account for free and try the over 120 unique workshops available.
