Case Study: Startup InfoSec team

How automated reporting saves Unipart Cyber Security 2 days per project

The Client: Unipart Cyber Security

Unipart Cyber Security, a passionate team of security professionals based in Oxford, England, was formed and operates as a startup under the larger Unipart Group.

They offer a suite of cyber security services to address the key components of People, Process, and Technology for national and international organizations, across public and private sectors. Unipart Cyber Security believes in delivering sustainable solutions to protect organizations from internal and external threats whilst enabling customer's businesses.

Lewis Warner

Technical Lead

Unipart Cyber Security

“Dradis saves us a massive amount of time on reporting, and it ensures that our quality standards are met every time.

I'd say we probably save at least a day, maybe two days worth of effort on reporting per project.”

The Problem: Manually Combining the Output of Scanning Tools Took Several Days

Lewis Warner described their old reporting process as inefficient saying that they used to spend an average of nine days per project but would only charge for seven.

The extra two days would have been used on reporting.

Now with Dradis' automated reporting, they're not only saving 2 days of time, they're saving two billable days per project.

A Laborious Manual Process

Like many teams, the Unipart Cyber Security team had been using Microsoft Word to create their reports, combining data from many different tools and sources into a single report.

Lewis described how they would collect output (from Nessus, Burp, other tools, and manual testing methods), then they would manually collate that data in Google Sheets or Excel. Next, they would split the vulnerabilities between team members and each work on a separate version of a Word document before creating the final report in Word.

Enter Dradis Pro

Dradis Professional Edition is software aimed at improving InfoSec reporting and collaboration. Dradis provides a centralized, standardized platform for creating reports and keeping issue descriptions up-to-date. Its features include:

From "This isn't going to work" to Up and Running in 20 Minutes

In 2015, Lewis and his former colleague Paul Heffernan introduced the Dradis Pro platform to the rest of the team.

Their approach to Dradis was "fail fast" - trying to implement it as soon as possible so that they could move on to another solution quickly if it failed.

The adoption process was, in their words, "pretty seamless". They used the concierge reporting service to convert their existing Word report template into a Dradis report template. With their template in hand, they were off and running, generating their own custom and automated reports!

They removed the entire middle of their old reporting process. Now, they gather their information and tool output, plug the data into Dradis, and generate a report. The whole process, including quality assurance, takes a matter of hours instead of days.

New team members get a 5-20 minute onboarding walkthrough to learn how to configure Dradis and generate a report. After that quick induction, they're ready to jump in and start using Dradis.

Side Effect #1 of Improved Reporting: Better Overall Quality

It has improved our quality of work and standards of work.

Antonis Charalambous, a consultant at Unipart Cyber Security, says that a Dradis-generated report is just a "better output in terms of how it looks":

The Dradis reporting process automates the structure and formatting of each report, allowing them to quickly combine the output of multiple tools into one easy-to-read document.

Since using Dradis, they've identified several ways to improve their report templates and are continuing to iterate and improve the structure, format, layout, and content to best serve their customers.

And because the reporting process is automated, they can spend more time thinking about the big picture rather than spending the bulk of their time just putting together a document!

It's eased the quality assurance process in the sense that it's easier to two-way collectively make changes - instead of having multiple iterations of a report.

Since adopting Dradis, the Unipart Cyber Security team has actually been able to do more quality assurance on their reports. Since the information is all in one place, it's easy to make changes or see what others are working on through the revision history.

Side Effect #2 of Improved Reporting: Helps the Management Team

It eases the side of the communication between the technical team and the management team, who might be having the contact with the customer.

Unipart Cyber Security is even using Dradis on the management side to help give clients quick and easy progress updates by leveraging the Project Dashboard view. Giving the customer a status update and a high-level overview of vulnerabilities and test progress is as simple as opening the Draidis project.

Will this work for me?

Do you want the same results Lewis, Antonis and their team got?

  • Cut your reporting time from days to hours.
  • Your high quality standards met by every team in every project.
  • Onboard new team members in less than 20 mins.
  • More time spent testing and less time spent manually combining tool output.

Want to ask us a question about how Dradis Pro can help your project management and report creation?

Reach out to us on our Contact page or go ahead and request a demo.

Try Dradis for 30 Days

We are confident that Dradis Pro will improve your InfoSec workflow as it did for Include Security. If you try Dradis Pro for 30 days and don’t believe you’ve gotten your money’s worth, just let us know and we’ll give you your money back.

See Pricing Plans

Happiness Report

This is how our users have rated their support interactions with us

We are trusted the world over

Hundreds of InfoSec teams in over 44 countries use Dradis every day

ArgentinaArgentina
AustraliaAustralia
AustriaAustria
BelgiumBelgium
CanadaCanada
ChileChile
DenmarkDenmark
FinlandFinland
FranceFrance
GermanyGermany
Hong KongHong Kong
HungaryHungary
IcelandIceland
IrelandIreland
IsraelIsrael
JordanJordan
MalaysiaMalaysia
MexicoMexico
NetherlandsNetherlands
NorwayNorway
PolandPoland
PortugalPortugal
QatarQatar
United Arab EmiratesUnited Arab Emirates
Saudi ArabiaSaudi Arabia
SingaporeSingapore
SloveniaSlovenia
South AfricaSouth Africa
SpainSpain
SwedenSweden
SwitzerlandSwitzerland
TaiwanTaiwan
ThailandThailand
TurkeyTurkey
UKUK
USUS

We would be more than happy to put you in touch with any of our clients in your industry or country so that you can speak with them directly about their experience with our product. Send us a note at sales@securityroots.com and we’ll get back with you with the details right away.

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.