ShadowTrackr
Log in >
ShadowTrackr is a cybersecurity company focused on External Attack Surface Management (EASM). Our software is designed to automatically discover and track your systems, scan for security problems, and send you alerts when things go bad. We aim to track everything you have connected to the internet, because, well, that’s where the attackers are. That also means we don’t offer scans or monitoring for your internal systems. If you need that, you should look into an EDR.
ShadowTrackr runs in the cloud, is easy to use and does not require any installation. Also, we play well with others and have options to integrate with your existing systems and other sources.
That’d be me, Bas van Schaik. I’ve been working in cybersecurity and intelligence for about 25 years now. During this time I developed tools, been in the incident response trenches, and got to go to some interesting courses and conferences. I passed the GCFA, GCTI, GCPN, GOSI and GMLE certification exams and I even won some of those SANS coins. Since Americans have trouble with Dutch surnames you'll have to look me up under v instead of the S.
My first programming adventures started in elementary school and I loved it ever since. Things went well and after some other distractions (BSc here, MSc there) I ended up getting a graduate degree in Computer Science at the University of Oxford. It's a magical place and one of the most rewarding things I’ve ever done.
I really enjoy both cybersecurity and software development, and ShadowTrackr is where I get to combine them.
I always had trouble finding good data on the security problems that I really need to worry about. There’s so much going on these days that it’s easy to get lost in chasing false positives, managing compliance or listening to the endless proposals of slick cybersecurity marketeers. Most security seems to be oriented towards satisficing the auditors or enabling the management to say they bought X and really, honestly did the best they could have done.
No evil hacker will care about what management or auditors think. And no client will be convinced by your shiny audit report when your data is ransomed, website is blacklisted or your servers start spamming or attacking them. The security problems that become visible online and how you handle these are what matters. I want to be the first to know when a website is blacklisted, when a remote login service is vulnerable, or when security on an internet facing machine is downgraded. I want to know what a hacker sees when he looks at my infrastructure from the outside. Since this was not readily available, I rolled my own.
ShadowTrackr started as a business on the way home from the (excellent!) T2 conference in 2016.