Picus360

Established in 2013, Picus Security is a cybersecurity firm that provides a platform for continuous security validation and exposure management. The company was founded in Ankara, Turkey, by Hamdi Alper Memis, Dr. Süleyman Özarslan, and Volkan Erturk. CEO Alper Memis brings over two decades of experience in international business development and finance, having previously held roles in strategy and risk management. Co-founder Dr. Süleyman Özarslan, who holds a Ph.D. in Information Systems, and co-founder Volkan Erturk, provide deep technical expertise to the company's operations. Picus Security was created to address a gap in the market for real-time visibility into an organization's security posture, moving beyond the point-in-time insights of traditional penetration testing.

Picus Security operates in the cybersecurity market, serving over 500 enterprise customers globally across various sectors, including finance and healthcare. The company's business model is centered on its Complete Security Control Validation Platform, which is offered as a Software as a Service (SaaS). This platform helps clients to proactively assess and enhance their cyber resilience. The firm generates revenue by providing subscription-based access to its suite of security validation tools. The company has secured $80 million in total funding over five rounds, with its latest Series C funding round in September 2024 raising $45 million, led by Riverwood Capital. This capital is intended to fuel product innovation and expand sales, marketing, and customer support initiatives.

The company's core offering is a Breach and Attack Simulation (BAS) platform that automates the process of emulating real-world cyberattacks to continuously test and validate a client's security infrastructure without disrupting business operations. The platform simulates a wide range of threats, including ransomware, advanced persistent threats (APTs), and various malware across network, endpoint, and cloud environments. It identifies security gaps, misconfigurations, and vulnerabilities in security controls like firewalls, Endpoint Detection and Response (EDR), and Security Information and Event Management (SIEM) systems. A key feature is the provision of actionable, vendor-specific mitigation recommendations to help security teams remediate identified weaknesses. By consolidating data on assets, vulnerabilities, and threats, the platform allows security teams to prioritize risks and optimize their existing security investments.

Keywords: Breach and Attack Simulation, security validation, exposure management, cybersecurity, penetration testing automation, threat simulation, cyber resilience, security posture management, vulnerability assessment, risk management, security control validation, network security, endpoint security, cloud security validation, threat intelligence, continuous security testing, proactive security, attack path validation, detection rule validation, automated red teaming