Our Blog

SensePost is now an ethical hacking team of Orange Cyberdefense

Reading time ~5 min

From the 1st of August 2020, SensePost will be changing, from the name of our company, to the name of our ethical hacking team and related services. Our company name will change to Orange Cyberdefense and we’ll be a SensePost team within it. We’re excited to be part of Orange Cyberdefense, with a strong cultural overlap both in a commitment to deep hacking and research, but also high quality work and delightful customer service.

The Two Benefits

We think this will improve the depth and breadth of our ability to help our customers with the security challenges they’re facing. There are two ways we’re doing that; the first is by having our SensePost team work with the other Orange Cyberdefense ethical hacking teams, the second is, in South Africa, expanding our service offerings with more managed security services. Let’s go through those in more detail.

1 – More Hackers in More Places

We’ve been working closely with several of the ethical hacking teams in Belgium, the Netherlands, Sweden, France, Norway and more to share ideas and learn from each other. For our customers, this means a better quality of service – better diversity of ideas and ways of working. It’s not often you get to speak frankly with seven of your previous competitors and merge the parts into a greater whole. It also means we have more capacity and a wider geographical reach which will result in shorter lead times and faster travel times. For our people and potential future people, it means we can more easily hire across Europe or give people experiences in other countries.

2 – More Services in South Africa

Onto the second point, we want to broaden our ability to help African customers with security problems. For many years now, SensePost hasn’t been a South African only company, our UK team isn’t a separate team, they’re part of us, and we work as one. A small example of this is “the window”, a permanent video conference between offices on a wall mounted TV, where you could walk into the office and say hello to friends in different cities – Pretoria, London, Cape Town, Maidstone, Birmingham or your house. Additionally, over half our work comes from outside South Africa. So it’s weird talking about South Africa specifically here, but in ZA, we’re going to widen the company’s offerings to include a few additional managed security service offerings from talented teams within the wider group. Truthfully, this isn’t that big a change for us, we’ve been offering managed vulnerability scanning for about as long as SensePost has existed, and more recently some South African customers are using the managed threat detection service Charl (one of our founders) helped build.

The End Bit

We know changes like this always raise questions of “What else will change?” with the hidden question being “What will change for the worse?” I remember saying the same thing when SensePost was first bought in 2007. Our core remains the same, I joined SP a decade ago attracted to that core, I spent the last decade living it, and now I have the honour of leading it. It’s not just me though, we still believe and live Dan Geer’s words “Work like hell, share all you know, abide by your handshake, and have fun.

So here’s to the next 20 years. I hope we have the honour of working with you reading this; by helping keep your company safe, working as a member of our team, or collaborating on open source security research.


  • What’s changing?
    • SensePost the company is rebranding to Orange Cyberdefense. The name of our team and services under the Orange Cyberdefense umbrella will remain SensePost.
    • The legal entities in South Africa and the UK will be renamed.
    • There are no employee or management changes.
  • Are you changing legal entities?
    • The legal entities will change name, but remain the same entities.
  • What will we see changing?
    • We’ll be working more with the other ethical hacking teams in the group to come up with common ways of working, services and commercials.
    • We’ll be offering a wider range of managed security services within Southern Africa.
    • Our primary website and e-mail address domain will change to orangecyberdefense.com.
  • Will you lose your independence and try sell us firewalls instead of giving us a proper assessment?
    • No, our SensePost ethical hacking teams work separate from the managed services teams, and we’ll continue to aggressively find and pursue vulnerabilities without fear or favour.
  • Will you stop engaging in research, or sharing it publicly?
    • No, our approach to research remains the same. Check out our blog for some of our recent published work, or our upcoming BlackHat talks (one, two).
    • In fact, we’re hoping to expand, Orange Cyberdefense thinks research is important and has numerous other groups working on security research.
  • Will our confidential data be shared within the Orange Group.
    • No, your reports and findings will still be limited to the analysts and support teams that need them.
  • When will we see what changes?
    • From 1 Aug we’ll change to the new branding.
  • Will commercial or legal agreements need to change:
    • No, the legal entity is merely changing it’s name and existing contracts remain in effect.
  • Give me a timeline of what’s happened to you in the last 20 years!