Q&A With Gábor Pék – Avatao

Aviva Zacks Aviva Zacks

Safety Detectives: Please share your company background, how you got started, and your mission.

Avatao: We launched Avatao back in 2014. Before that, it existed only as a loose concept of ideas. That was the year we took one step further towards our goal of teaching cybersecurity in a highly scalable and practical way. Mark, Levente, and I founded Avatao as a side project at CrySyS Lab from the Budapest University of Technology and Economics. We are all cybersecurity professionals who were teaching at the university at that time. Our initial focus was on creating Capture the Flag challenges. But we soon discovered an overarching problem: developers, while great at creating and using software, lacked proper security knowledge and skills. Over the next several years, the platform received more and more popularity and was eventually released to the public. As its success bloomed, our first investments and rounds of fundings allowed us to move into a new office and expand our reach abroad. We currently operate with a team of more than 20 people, focusing on improving our product every day and boosting our international growth.

Our mission is to teach cybersecurity in a highly scalable and practical way and to spread a sustainable security mindset across organizations. Secure coding is not just a useful skill, but an essential one when it comes to building software. We contribute by teaching developers secure coding fundamentals in a fun and engaging way.

SD: What is the main service your company offers?

Avatao: Avatao is an online, secure coding training platform created for developers. Security awareness is a must-have for developers, and it is one of our biggest goals. We believe that both software engineers and security teams benefit from continuous learning while improving the quality of the product overall. By gaining and strengthening security skills, developers can become better at their work.

  • Interactive training: Our gamified exercises are based on real-life scenarios, making the process more engaging
  • Learn by doing: In our tutorials and challenges, developers can learn secure coding in a container-based environment. You can run and test your code, execute OS commands, and also crash & fix real applications
  • Collection: We have a large library of more than 650 exercises focusing on key security topics. With exercises available in more than 8 programming languages, we provide continuous learning for various skill levels and roles
  • Customization: In addition to the default training modules, admins can create their own customized modules that can be assigned to the relevant teams. They can also follow up on their teams’ progress through comprehensive reports and statistics.

SD: What is something unique that helps you stay ahead of your competition? 

Avatao: Every day, more and more companies are offering secure coding training services. The term “training” covers several methods that are used by our competition. We want to provide something unique and useful to our users that can easily be put into practice. What makes us unique is that our training takes place in an environment where users can run and test their codes. All the exercises are based on real-life breaches and events, and every piece is put into context. Hands-on learning like this is much more effective than watching tutorials or reading guides.

SD: What do you think are the worst cyberthreats today?

Avatao: One of the worst cyberthreats today is the belief that powerful automated tools will protect our systems when in the end, attackers will use the same technology against them. In a way, using automated AI tools and similar solutions only solves problems on the surface. There is no understanding of where our systems stand, or how we could change our processes, mentality, and attitude within an organization. 

Another known threat is the increasing complexity organizations are implementing to secure their systems. As complexity grows, it accelerates our exposure and attracts more and more complex attacks. Essentially, more complexity is simply throwing more fuel on the fire. 

About the Author
Aviva Zacks
Aviva Zacks
Cybersecurity Expert and Writer

About the Author

Aviva Zacks is a content manager, writer, editor, and really good baker. When she's not working, she enjoys reading on her porch swing with a cup of decaf.