Petar Vojinovic
Published on: July 9, 2025
In this exclusive interview, we speak with Abdul Basit, Senior Penetration Tester at PlutoSec—a cybersecurity firm with roots as bold as its expertise. Founded by former blackhat hackers turned ethical professionals, PlutoSec has grown into a trusted name in Canada’s digital defense landscape. Abdul shares the story behind the company’s transformation, its hands-on approach to training the next generation of security experts, and how tailored, industry-specific solutions are helping Canadian organizations stay ahead of cyber threats.
How did PlutoSec begin, and how has the company evolved since its founding?
PlutoSec was founded in 2019 by former blackhat hackers who were active from 2012 to 2016. During that time, the founders successfully compromised the NICs (Network Information Centers) of multiple countries, allowing them to hijack DNS records and gain access to major companies including Google, AOL, Yahoo, Microsoft, Audi, and others. That real-world experience with high-level infrastructure exploitation laid the foundation for the deep expertise PlutoSec is known for today.
Since transitioning to the legal side of cybersecurity, PlutoSec has evolved into a trusted security firm—providing advanced penetration testing, vulnerability assessments, and full-spectrum security services to businesses across Canada.
What inspired the creation of your Cybersecurity Career Program, and how does it support both beginners and seasoned professionals?
The Cybersecurity Career Program was inspired by our founders’ own unconventional journey—from blackhat backgrounds to becoming trusted professionals. We saw firsthand how hard it was to access practical, hands-on learning and decided to build something better.
For beginners, the program offers solid foundational training, mentorship, and optional certification paths (like CompTIA Security+), helping them gain real-world skills early on. For experienced professionals, we provide advanced red and blue team scenarios, exposure to real client systems, and environments designed to sharpen their technical edge. It’s about building talent through experience—not just theory.
How does PlutoSec tailor its penetration testing and security services to different industries across Canada?
We don’t believe in one-size-fits-all security. Every industry has its own challenges and threat landscape, so we tailor each engagement accordingly.
In finance, we focus on secure APIs, transactional integrity, and PCI-DSS compliance. In healthcare, we work with organizations to protect patient data and meet HIPAA-like standards. For e-commerce, we simulate real-world attacks on payment flows, customer data, and third-party integrations. In the public sector, we align with national security protocols. And in energy or telecom, we prioritize operational resilience and infrastructure safety.
Our team works closely with each client to understand their systems, risks, and regulatory environment—so our testing reflects the reality they operate in.
Can you explain how your “independent trust zones” approach enhances the integrity and resilience of client systems?
Our “independent trust zones” approach involves breaking a system into separate, isolated segments based on how sensitive or critical each part is. Instead of treating the network as one big open space, we separate areas that don’t need to talk to each other.
If one zone is compromised, the attacker can’t easily move laterally into others. This setup limits damage, makes monitoring easier, and speeds up incident response. It also reinforces access control—only specific roles or services can move between zones. It’s a practical, proven way to build resilience into complex environments.
What future innovations or service expansions can we expect from PlutoSec in strengthening Canadian cybersecurity?
We’re actively expanding our capabilities to stay ahead of evolving threats. Some of the upcoming areas we’re focusing on include:
- AI-powered threat detection to catch anomalies and new attack patterns in real time.
- Cloud-native security solutions tailored for platforms like AWS, Azure, and GCP.
- OT and IoT security, especially for industries like energy, manufacturing, and logistics.
- Zero Trust Architecture to reduce internal attack surfaces.
- Practical cybersecurity training labs that simulate real attack/defense scenarios.
On top of this, we’re preparing to expand beyond Canada—starting with the UK market, and likely other regions as well. This will let us bring our offensive security expertise and defensive strategies to a global client base while continuing to invest in building a more secure digital future.
