For pen testing firm IOActive, security is cultural not transactional

IOActive may not be a household name but you almost certainly know its work.

The Seattle-headquartered company has been behind some of the most breathtaking hacks in the past decade. Its researchers have broken into in-flight airplanes from the ground and reverse engineered an ATM to spit out gobs of cash. One of the company’s most revered hackers discovered a way to remotely shock a pacemaker out of rhythm. And remember that now-infamous hack that remotely killed the engine of a Jeep? That was IOActive, too.

If it’s connected, they will bet that they can hack it.

IOActive has made a name for itself with its publicly reported findings, but its bread and butter is helping its corporate customers better understand how they approach security.

Since its founding more than two decades ago, the penetration testing and ethical hacking company now serves customers mostly in the Global 1000 largest companies to help assess and test their security posture.

“You can have the absolute most sophisticated alarm in the entire world, and I guarantee our team can break in,” said Jennifer Steffens, IOActive’s chief executive, in a call with TechCrunch. “But if you left your front door unlocked lock, hackers are going to walk right through.”

“Don’t pay us to show you how to break into the alarm before someone learns how to lock the door,” she said.