A new startup is looking to solve the shortcomings of traditional security testing by integrating it into a company’s workflow.

Cytix, based in Manchester, was founded by former NCC Group and Secarma duo Ben Armstrong and Tom Ballin, commercial lead and ethical hacker respectively.

“Tom and I have worked on hundreds of security tests and noticed a common theme: customers were starting to see less and less ROI (return on investment) from penetration testing efforts,” Armstrong (pictured centre) tells BusinessCloud.

“This was primarily down to two things: the consultants don’t understand their organisations and therefore often don’t have enough context to provide useful advice; and once the engagement is finished, the tester moves on to another job and leaves the organisation with a PDF and nothing else. 

“We realised that this wasn’t an issue with testing, but an issue with consultancy as a whole. So we set about building a solution where testing is supplied continuously, and detached from the traditional consultancy model.”

Armstrong says traditional pentesting has long lead times and lacks developer support and transparency in the process. In effect, the companies these consultants serve move faster than the testers themselves.

Cytix, which launched its minimum viable product in December 2022, has developed a software-as-a-service vulnerability management platform and clusters of dedicated pentesters to help customers identify and resolve vulnerabilities.

Cytix platform

“Effectively we structure our testers into an airport control tower-style format where instead of carrying out lengthy tests, they are allocated specific tasks,” he explains. 

A task can be completed within a five-day window, picked by the client, who can also set a frequency of the task and track the status of testing.

Cytix was part of the first cohort of the DiSH accelerator in Manchester City Centre – run by Plexal in a space managed by Barclays Eagle Labs –  and has now taken office space inside the building to continue its growth.

“The programme was robust and covered all aspects of starting a cybersecurity company,” says Armstrong. “We have used what we learned in the programme to shape our vision for the future.”

The company – which raised £230,000 from SFC Capital earlier this year – has taken on a developer in Matt Milan, also ex-Secarma, and a marketeer so far. It has ads out currently for another developer and a tester.

It has signed clients regularly since launch, with more than 17 customers actively trialling the product already.

Cytix has also joined the fifth cohort of Exchange, the tech scaleup support scheme at Department Bonded Warehouse, and is currently forecasting an ARR of £400k in its first year.

‘Fail, learn & have fun’: Zuto flourishes in cutting-edge space