About Cryptosense

Background

Cryptosense was founded in 2013 as an academic spin-off of INRIA and Ca’ Foscari University of Venice. We’re based in downtown Paris. Our seed funding round was lead by Elaia Partners, one of the best-known VC firms in Paris.

Our mission: to fix the world’s broken cryptography.

With the emergence of technologies such as mobile, cloud, Internet of Things and blockchain, companies are relying more and more on cryptography as a risk control for authorising operations and protecting sensitive data. Modern cryptography is powerful, but also fragile and complex to deploy. In practice, it is often breakable, leading to serious security issues.

Why? Because deploying crypto securely is hard.

Using crypto securely is more complex than choosing the right crypto algorithms. It requires secure implementations, secure APIs, secure use by applications, secure key-management, secure randomness generation, and secure protocols. Expertise in these areas is rare and expensive.

Cryptosense software detects these kinds of problems and shows you how to fix them.

Financial services & payment infrastructure

Our current customers include five of the top ten European banks, two SIFIs (providers of critical infrastructure to the financial service industry), government agencies in Europe and the US, and cryptographic hardware and software developers in the EU, China and Israel.

Download brochure


How does Cryptosense software work?

Our software works in two stages. First we get visibility on enterprise crypto-use using a combination of passive and active tracing and sniffing, on networks, endpoints and applications. Then, we apply our continuously updated crypto analysis rules to examine security and recommend actions to take. Our analysis algorithms and risk evaluation rules take into account the latest academic research results, our own in-house vulnerability research and requirements in standards.

We deliver our software to clients in software-as-a-service (SaaS) mode or as an on-premises solution. In the former, a customer will download from us the software required to capture details of cryptography usage on their infrastructure, and send the traces obtained to our server in the cloud for analysis. In the on-premises solution, we supply our analysis server as a virtual machine for the customer to install in the corporate private cloud.

Integrated into the dev process

Getting crypto right produces a robust core around which security can be built and the consequences of breaches can be limited. Once problems have been fixed, Cryptosense software can be integrated into the development process to give continuous testing of the crypto used in applications, or set to monitor infrastructure regularly to detect weak keys or configurations. The result is a real-time view on crypto security across IT infrastructure.

 

Try Cryptosense Analyzer


The Team

Graham Steel

Graham Steel
CEO

   

Clément Jeanjean

Clément Jeanjean
COO

Etienne

Etienne Millon
Senior Engineer

Nathan Rebours

Nathan Rebours
Engineer

bertrand

Bertrand Bonnefoy-Claudet
Engineer

       

Marine Dufour
Business Development Analyst

Riccardo Focardi

Riccardo Focardi
Chief Scientist

blank

You?
We’re hiring

Get in touch!

Follow Cryptosense on Linkedin

Follow Cryptosense on Twitter


Recruitment

Can you help us deliver ground-breaking software or promote our products?

Cryptosense is an equal-opportunities employer and we encourage applications from candidates from all backgrounds. However, you will need the right to work in France (e.g. a Visa or an EU passport).

A few vacancies are listed below, however we are always interested in hearing from people passionate about cryptography and software so don’t hesitate to get in touch if you think you might be a good fit for us.

Vacancy: Software Engineer

As our crypto assurance technology achieves more widespread adoption in SaaS mode, we’re looking for a generalist software engineer with experience of deploying web-based products. You’ll also need a strong motivation to learn about cryptography and the ways it goes wrong, as well as a taste for difficult algorithmic problems and performance engineering challenges. It’s an advantage to have some experience of cryptography or practical information security.

At Cryptosense, we encourage developers to be autonomous and take ownership of problems as well as fostering a culture of team spirit and knowledge sharing. We use various technologies, including OCaml for logical and numerical analysis, AWS, Heroku and Python for our web platform, and a variety of languages to allow us to capture traces of crypto use by applications and network services, including Java, C and Lua. Note that we’re OCaml fans, but knowledge of OCaml is not a prerequisite.

You can find out a little more about the kinds of problems we address on the company blog, or this video where Cryptosense CEO Graham Steel explains the difficulties of secure crypto API design, taken from QCon London 2014.

Our interview process for developers includes an informal chat and a programming test. The first stage can be conducted remotely if necessary, with a possible face-to-face interview to follow, for which we will cover travel.

Vacancy: Software Engineer Intern

You’re looking to complement your studies with an internship where you’ll get real development experience, and not just be asked to make the coffee and do the photocopying. You’re already confident with OCaml, but you’ll also receive training from our top developers and in return you’ll be expected to produce high quality code.

Internships can last from anything from 12 weeks to 12 months. Get in touch for more info.

 

Download Crypto Security Whitepapers

Find out how to find and fix crypto vulnerabilities in Java and PKCS#11 deployments