Skip to content
in7ruder

Independent security practice, Switzerland

Prepare your organization for attacks that begin with trust.

Practical social engineering training and focused penetration testing for organizations that need people and controls to perform under pressure.

Human risk

The first control an attacker tests is often a person.

An urgent payment request, a familiar voice or a routine login prompt can create the opening that technical controls were meant to prevent.

Readiness comes from realistic practice, clear verification habits and a reporting path people can use when a decision feels urgent.

Engagements

Focused security work with a defined outcome.

Two focused offers cover the human and technical sides of exposure. Scope, delivery and the decision that follows are made explicit before the work begins.

Working principles

Clear boundaries.Direct responsibility.Useful evidence.

Scope before activity

Objectives, assets, participants, exclusions and decision criteria are explicit before testing or training begins.

Authorization without ambiguity

Sensitive exercises require written authority, agreed contacts and a clear escalation path.

Direct specialist involvement

The person who scopes the engagement remains involved in delivery, analysis and the final readout.

Outputs built for action

Management receives clarity. Technical teams receive enough context and evidence to move forward.

Matias Vanarelli, founder of in7ruder

About the practice

Direct access to the person responsible for the work.

in7ruder is a founder-led security practice built around careful scoping, direct communication and personal responsibility for delivery.

My background combines building web applications with studying how attackers abuse people, identity and technical weaknesses. That perspective keeps human behavior and technical controls connected in every engagement.

Work stays intentionally focused. If a broader team is ever needed, that is made clear before the engagement begins.

Matias Vanarelli, Founder

View background on LinkedIn

Common questions

Before we speak.

Training can be designed for the wider organization or adapted to roles with greater exposure, including finance, executive support, IT, customer service and operations.

Yes. The engagement begins with context. Scenarios are selected around relevant workflows, communication channels and threat patterns without exposing sensitive internal information unnecessarily.

The purpose, authorization, data collected, reporting level and retention period are agreed before delivery. The default approach favors aggregated learning and practical improvement over individual blame.

The proposal defines the exact assets, methods, exclusions, testing window, reporting format and retest conditions. Findings include enough context and evidence for teams to reproduce, prioritize and remediate them.

Yes. A workshop or tightly scoped assessment is often the right way to establish priorities and working fit before committing to a broader program.

Start with context

A useful first conversation.

Twenty minutes is enough to understand the situation, establish whether there is a fit and identify the next sensible step. I reply within one business day.