About Cryptosense

Fixing the World’s Broken Cryptography

With the emergence of technologies such as mobile, cloud, Internet of Things and blockchain, companies are relying more and more on cryptography as a risk control for authorising operations and protecting sensitive data. Modern cryptography is powerful, but also fragile and complex to deploy. In practice, it is often breakable, leading to serious security issues.

Why is deploying crypto so hard? I thought it was a solved problem?

We know (mostly) what are the right crypto algorithms to use, but using crypto securely is much more complicated than that. It requires secure implementations, secure APIs, secure use by applications, secure key-management, secure randomness generation, and secure protocols. Expertise in these areas is rare and expensive. Cryptosense software detects and shows how to fix exactly these kinds of problems.

How does it work?

Our software works in two stages. First we get visibility on enterprise crypto-use using a combination of passive and active tracing and sniffing, on networks, endpoints and applications. Then, we apply our continuously updated crypto analysis rules to examine security and recommend actions to take. Our analysis algorithms and risk evaluation rules take into account the latest academic research results, our own in-house vulnerability research and requirements in standards.

We deliver our software to clients in software-as-a-service (SaaS) mode or as an on-premises solution. In the former, a customer will download from us the software required to capture details of cryptography usage on their infrastructure, and send the traces obtained to our server in the cloud for analysis. In the on-premises solution, we supply our analysis server as a virtual machine for the customer to install in the corporate private cloud.

Benefits

Getting crypto right produces a robust core around which security can be built and the consequences of breaches can be limited. Once problems have been fixed, Cryptosense software can be integrated into the development process to give continuous testing of the crypto used in applications, or set to monitor infrastructure regularly to detect weak keys or configurations.  The result is a real-time view on crypto security across IT infrastructure.

Customers

Our current customers include five of the top ten European banks, two SIFIs (providers of critical infrastructure to the financial service industry), government agencies in Europe and the US, and cryptographic hardware and software developers in the EU, China and Israel.

Background

Cryptosense was founded in 2013 as an academic spin-off of INRIA and Ca’ Foscari University of Venice. We’re based in downtown Paris. Our seed funding round was lead by Elaia Partners, one of the best-known VC firms in Paris.


Recruitment

Fancy joining the team?

Think you can help us deliver ground-breaking software or promote our products? Get in touch to discuss career opportunities with us.

Cryptosense is an equal-opportunities employer and we encourage applications from candidates from all backgrounds. You will however need working papers for France (e.g. a Visa or an EU passport).

Our interview process includes an informal chat and a programming test. The first stage can be conducted remotely if necessary, with a possible face-to-face interview to follow, for which we will cover travel.

Send us your CV

All applicants welcome, however we have a strict 'no assholes' policy.

Vacancy: Software Engineer

As our crypto assurance technology achieves more widespread adoption in SaaS mode, we’re looking for a generalist software engineer with experience of deploying web-based products. You’ll also need a strong motivation to learn about cryptography and the ways it goes wrong, as well as a taste for difficult algorithmic problems and performance engineering challenges. It’s an advantage to have some experience of cryptography or practical information security.

At Cryptosense, we encourage developers to be autonomous and take ownership of problems as well as fostering a culture of team spirit and knowledge sharing. We use various technologies, including OCaml for logical and numerical analysis, AWS, Heroku and Python for our web platform, and a variety of languages to allow us to capture traces of crypto use by applications and network services, including Java, C and Lua. Note that we’re OCaml fans, but knowledge of OCaml is not a prerequisite.

You can find out a little more about the kinds of problems we address on the company blog, or this video where Cryptosense CEO Graham Steel explains the difficulties of secure crypto API design, taken from QCon London 2014.

Vacancy: Software Engineering Intern

You’re looking to complement your studies with an internship where you’ll get real development experience, and not just be asked to make the coffee and do the photocopying. You’re already confident with OCaml, but you’ll also receive training from our top developers and in return you’ll be expected to produce high quality code. Internships can last from anything from 12 weeks to 12 months.


The Team

Graham Steel

Graham Steel
CEO

   

Clément Jeanjean

Clément Jeanjean
COO

Etienne

Etienne Millon
Senior Engineer

Nathan Rebours

Nathan Rebours
Engineer

bertrand

Bertrand Bonnefoy-Claudet
Engineer

       

Nicolas Consigny
Biz Dev Assistant

Riccardo Focardi

Riccardo Focardi
Chief Scientist

blank

You?
We’re hiring

See the vacancies.


Investors

Elaia Partners under the leadership of Xavier Lazarus.

Elaia Partners is an independent VC with more than 125M€ under management. The Elaia team is dedicated to investing in young companies in the digital economy and plays an active role in its portfolio companies. Its investments include Criteo, Sigfox, Agnitio, adomik, Mirakl, tinyclues, 1001menus, Orchestra Networks and Wyplay.

IT-Translation under the leadership of Laurent Kott.

IT-Translation is an “ultra-early stage” investor specialized in taking innovative projects from the laboratory to their first steps in the marketplace. Their funding comes principally from CDC Enterprises (BPI France), INRIA, and the European Investment Fund.

 

 

Follow Cryptosense on Twitter

Java crypto security whitepaper

Covers JCE and BouncyCastle, key-management vulnerabilities, flaws in encryption and signature modes, randomness problems, insecure interactions between crypto operations and more.