Vaadata, a French Company Specialising in Offensive Security

For over 10 years, we have been helping organisations assess and strengthen the security of their information systems.

Our teams work across all technical and organisational areas: web and mobile applications, network infrastructure, cloud environments, connected devices (IoT), as well as the human and organisational aspects of information systems. Our approach covers both complex architectures and specific high-stakes environments.

Vaadata is ISO 27001 and ISO 27701 certified across its entire scope. Our information security and privacy management system guarantees the confidentiality, integrity and availability of the data entrusted to us by our clients. We are also PASSI and CREST accredited. These certifications attest to our compliance with industry best practices and our commitment to meeting the most demanding standards in cybersecurity.

Proven expertise in offensive security

Our offensive security experts hold numerous recognised certifications, and we continually invest in training and developing our teams’ skills.

An Independent Company with an International Reach

Vaadata is an independent company, wholly owned by its two managing partners. This independence ensures a long-term vision, strategic stability and complete freedom in our technological and methodological choices.

We currently support over 800 clients, ranging from start-ups to large corporations, across a variety of sectors: finance, healthcare, manufacturing, retail, services and new technologies.

Our offensive security services are provided to organisations based in France and internationally, primarily in Europe and North America. Between 15% and 20% of our turnover comes from exports, and we have a clear ambition to accelerate our international expansion in the coming years.

Key figures

Clients

Collaborateurs

Indépendante

Nouvelles certifications obtenues par an

Founders

Anne-Fleur SCHOCH - CEO & Co-founder

With over 15 years’ experience in new technologies, Anne-Fleur drives Vaadata’s strategic vision at the intersection of business, technical and HR challenges in cybersecurity. A member of several professional organisations, she plays an active role in the company’s development in France and internationally.

Nicolas BONNEFOUS - COO & Co-founder

With over 15 years’ experience in technical and organisational roles, Nicolas supports senior stakeholders on strategic projects. As a CISSP, ISSMP and CCSP certified professional, he plays a key role in structuring internal processes and overseeing the security management system.

A team of experts at the heart of our expertise

The quality of our services rests above all on the expertise and commitment of our staff. We continually invest in developing our teams’ skills through ongoing training, preparation for recognised technical certifications, constant monitoring of new vulnerabilities, and participation in cybersecurity research and development.

This culture of learning and knowledge-sharing enables our experts to remain at the forefront of attack and defence techniques, so that we can provide our clients with relevant, realistic analyses tailored to current threats.

Our CSR Commitments

Corporate social responsibility (CSR) is central to our development strategy. Our ambition is to embed our offensive security activities within a framework of rigorous, concrete and measurable commitments, in line with the challenges of our industry.

Since Vaadata was founded in 2014, we have placed security, ethics, and social and environmental issues at the heart of our development. Our growth is based on key principles:

Financial independence, to preserve our strategic freedom and remain in control of our direction.
Respect for our employees, to offer meaningful work and conditions that foster professional fulfilment.
Respect for our clients, by guaranteeing high-quality services and rigorous protection of their data, including personal data.
Balance and a friendly atmosphere, to maintain a healthy and sustainable working environment.
Contributing to our ecosystem, through support for non-profit initiatives in the fields of cybersecurity and environmental protection.

A Strategy Structured Around Four Key Areas

Our CSR action plan is built around four pillars, aligned with the themes of the ISO 26000 standard:

Commitment at the heart of our development: responsible governance, local roots and contribution to the local ecosystem.
Ethics at the heart of our relationships: working conditions, respect for fundamental rights, business ethics and the quality of customer relations.
Security at the heart of our business: enhanced standards regarding data protection, confidentiality and risk management, both for our customers and within our internal processes.
The environment at the heart of our concerns: reducing our environmental footprint and the gradual integration of responsible practices into our activities.

A Network of Partners that Complements Our Expertise in Offensive Security

Compliance

Compliance with standards such as ISO 27001, SOC 2, NIS 2, DORA and PCI-DSS is a strategic asset for many organisations. We work in collaboration with experts specialising in these standards to support our clients in their compliance efforts. In this context, we contribute within our area of expertise: conducting penetration tests and resilience assessments to objectively determine the actual level of security.

DevSecOps support

Application security does not rely solely on one-off tests. It requires the continuous integration of security into the development cycle. We therefore offer support that combines application penetration testing with the establishment of DevSecOps practices, in order to embed security for the long term and gradually raise the level of maturity of technical teams.

Attack Surface Management

Managing the attack surface exposed on the internet has become a major challenge. We offer an external attack surface management service that combines industry-leading technological tools with the expert analysis of our auditors. This hybrid approach enables continuous monitoring enhanced by human expertise, going beyond a simple automated scan.

Cybersecurity consultancy for start-ups and small and medium-sized enterprises

Start-ups and SMEs face specific challenges when it comes to cybersecurity. We draw on a network of experts who can provide support in both governance (maturity assessments, information security policies, business continuity plans) and technical aspects, notably through penetration tests tailored to their specific context and risk profile.

Part-time CISO

For organisations without dedicated in-house resources, we help connect them with part-time CISOs who can develop and oversee a cybersecurity roadmap. We work alongside them on the operational aspects of offensive security.

Cyber insurance

We also work with a broker specialising in cyber insurance to help our clients manage the financial risks associated with cyber attacks.

Business Partnerships

Partnering with Vaadata means working with a recognised specialist in offensive security on the French and European markets. We develop partnerships in various forms (business referrals, white-label subcontracting, or the integration of penetration testing and red team services into an existing portfolio) with a view to building long-term, balanced relationships.

On the commercial side, we work closely with our partners’ teams to build offers tailored to their clients’ profiles and to facilitate the understanding and sale of offensive security services.

On the technical side, all our projects are carried out exclusively by our in-house teams, with no outsourcing. We operate both in France and internationally, with the ability to travel when projects require an on-site presence.

About Vaadata