About Us.

contents 14 / 4
// Founder
  1. F.01Vadim Leviev
// Team
  1. T.01The bench

The founder.

F.01 · Tel Aviv · since 2019

Vadim Leviev

Founder · Cyber72

Twenty-five years building offensive-security and platform engineering. Vadim started Cyber72 to do the part of security that actually moves risk - break it in a lab, prove the fix held - instead of selling fear by the report.

How we work.

A.00 · Who we are

An independent offensive-security firm.

Cyber72 is an independent offensive-security firm based in Tel Aviv, founded in 2019. We run penetration tests, red-team engagements, incident response, and 24/7 managed security for enterprise and government clients.

Nine services, one bench of senior operators - from cloud security and identity to ransomware response, GRC, supply-chain risk and WordPress security. No junior hand-offs, no consultant theatre.

A.01 · Offensive-first

We attack it before they do.

Defense built without an attacker's view is a guess. Every engagement starts from the outside: we map the real attack surface, exploit what's exploitable, and reach the asset that actually matters - the wire-transfer console, the patient record, the OT controller.

Then we help you close it, and we come back to prove the fix held.

A.02

Proof, not fear

EVIDENCE

We don't sell FUD. Deliverables are working reproducers, evidence, and a retest - not a scanner dump or a risk-coloured spreadsheet. If we say it's exploitable, we show you the exploit; if we say it's fixed, we re-prove it.

A.03

Named operators

BENCH

The senior operator who scopes your engagement is the one who runs it. The same bench that runs our enterprise retainers runs every tier - OSCP, OSCE, GREM and GXPN holders, end to end. You always know who is on your account.

A.04

On call, 24/7

RETAINER

Breaches don't keep business hours. Retainer clients get a 60-minute responder commitment and a median time-to-acknowledge under 90 seconds - a real human on the phone, not a ticket in a queue.

Nine services. One bench.

S-01·DEFENSI

Cloud Security.

We secure your cloud environments across AWS, Azure, and Google Cloud - covering misconfiguration detection, Cloud Security Posture Management (CSPM), identity controls, and real-time threat monitoring. Built for organizations running hybrid or multi-cloud operations.

Explore Cloud Security

S-02·DEFENSI

Managed Security Services.

Our Security Operations Center monitors your environment around the clock. We handle threat detection, incident triage, EDR/XDR management, and escalation - so your team can focus on the business while we handle the threats.

Explore Managed Security Services

S-03·DEFENSI

Identity & Access Management.

We design and implement zero trust architectures, enforce least-privilege access, deploy MFA across your organization, and manage non-human identities - APIs, service accounts, and machine credentials. Prevent the #1 attack vector: compromised credentials.

Explore Identity & Access Management

S-04·DEFENSI

Incident Response & Threat Intel.

When a breach happens, speed is everything. We provide rapid incident response retainers, forensic investigation, and recovery planning. Our threat intelligence feeds keep you ahead of emerging attack campaigns targeting your sector.

Explore Incident Response & Threat Intel

S-05·DEFENSI

Ransomware & Endpoint Security.

We deploy and manage endpoint detection and response (EDR) tools, harden your systems against ransomware entry points, implement immutable backup strategies, and test your recovery readiness - ensuring business continuity even under attack.

Explore Ransomware & Endpoint Security

S-06·COMPLIA

Regulatory Compliance & GRC.

We help your organization achieve and maintain compliance with ISO 27001, NIS2, GDPR, SOC 2, and government security standards. We handle gap assessments, policy creation, audit preparation, and ongoing governance.

Explore Regulatory Compliance & GRC

S-07·DEFENSI

Supply Chain & Third-Party Risk.

Supply chain attacks have quadrupled in 5 years. We assess and continuously monitor the security posture of your vendors, contractors, and software dependencies - giving you full visibility into third-party risk before it becomes your breach.

Explore Supply Chain & Third-Party Risk

S-08·OFFENSI

Penetration Testing & Vuln Management.

Our certified ethical hackers perform black-box, grey-box, and white-box penetration tests across web applications, internal networks, APIs, and cloud infrastructure. We deliver actionable remediation reports, not just findings.

Explore Penetration Testing & Vuln Management

S-09·DEFENSI

WordPress Security.

Managed WordPress security on a flat monthly fee: manual penetration testing against your actual build, malware removal, a tuned web application firewall, DDoS mitigation, custom hardening, and 24/7 incident support. Three tiers, same senior operators behind every one - not a plugin and some optimism.

Explore WordPress Security

The bench.

T.01 · Operators

Senior operators, certified, on staff.

Cyber72 runs a bench of 47 operators - not a roster of subcontractors. The certifications behind the work are held in-house: OSCP, OSCE, GREM, GXPN and CEH, among others. The person who finds the bug is the person who writes the reproducer and verifies the fix.

T.02 · By the numbers What the bench has done.
1,247

engagements completed

since 2019

00:01:24

median MTTA across SOC

last 30 days

0

client breaches under retainer

all-time

47

operators on staff

OSCP, OSCE, GREM, GXPN

Operators on call. No consultant theatre.

Start engagement 24/7 IR hotline · +972 3 375-1193
MTTA < 90s · 0 client breaches under retainer, all-time.