Syndis receives a development grant for Adversary

Since the inception of Syndis we have been trying to solve some of the global cyber security concerns. One of the projects we have been working on since 2014 is Adversary, an advanced security training platform for IT staff. Adversary helps organizations validate that their IT personel, such as developers, have a strong understanding of current security threats. The goal is not just to provide participants with a fun to use lab-based platform but also to help organizations exceed security requirements.

Syndis has received a three year grant from the Icelandic Technology Development Fund to fully develop and market Adversary. The role of the fund is to support research and development activities, which aim towards innovation in Icelandic industry. The Technology Development Fund is a competitive fund which issues its calls for proposals twice a year.



How is the security of your organization evolving? How does it compare with other companies? With the proliferation of security threats and attacks, it can be challenging for companies to assess how many resources should be spent on mitigating potential problems. Risk assessments do not exist in vacuum, and in a competitive environment such as the Icelandic marketplace, companies often look to one another for comparison and advice on how much risk is deemed acceptable. To encourage companies to better monitor their security readiness and to facilitate comparison of security readiness between companies, Syndis has defined a security index, ÖRVÍS, that captures the absolute and relative standing of Icelandic companies when it comes to susceptibility to common attacks. 

Syndis conducts numerous security assessments in Iceland every year. The outcomes of these assessments are statistics that we can combine and use as a stable metric for the responsiveness to security threats. In particular, we measure the proportion of a company who fall for phishing attacks and the severity of the response, the attack surface of the web browsers at the company, weighing more serious problems more aggressively than relatively minor concerns. The resulting measure is normalized to range between 0 and 100, where 0 denotes perfect security as measured by the assessment, and 100 suggests deplorable security practices. We track the values of the assessments for each industry sector, allowing for longitudinal and categorical comparisons.



At the core of the Syndis strategy is to educate people about security problems. In parallel with our OWASP Top 10 training services, we have developed extensive and unique university-level curricula for security training. Our focus is on communicating how hackers think: what is the mind-set by which an adversary penetrates a target? How are defenses circumvented? How is software exploited?

Our Professor in Residence, Dr. Ýmir Vigfússon, explains why we take an offensive-first focus on security education in an entertaining TEDx talk. The presentation has over 300.000 views, which surpasses the entire Icelandic population.





Ýmir Vigfússon

Raised as a hacker, Dr. Ýmir leads the Syndis research strategy and education. He is Professor of Computer Science at Emory University and Reykjavik University where he teaches people how to write distributed systems, analyze large-scale networks and how to hack.