We’ve hit a major milestone: Bit Sentinel is officially 10 years old! Is there a better time to look back at the journey we’ve been on, remembering where we started and how far we’ve come? Let’s just say there isn’t, and let’s keep diving into the story!

One of the many things that make this celebration so special is the fact that we still have one of our very first team members with us. Lucian Nitescu joined as a penetration tester and now leads our Red Team. We could even say that his growth is a big part of our own. 

There’s a lot to go through as Lucian’s story unfolds, so stick with us until the very end to get a peek behind the scenes of how we’ve built this together.

Once upon a time @ Bit Sentinel…

I joined Bit Sentinel on July 17, 2017, just one day after my birthday. I couldn’t wait to start – I was eager to gain hands-on experience in penetration testing while building my reputation and exposure at the DefCamp international conference as one of the challenge authors for the DefCamp Capture the Flag (DCTF) competition. 

I still remember the early days – just the two of us (myself and Andrei) in a small office, working tirelessly to deliver top-notch services and earn the trust of our clients and the industry.

I believe Bit Sentinel managed it exceptionally well, especially by gaining trust through the quality and clarity of the work and results presented in the penetration testing engagement report.

Bit Sentinel grew a lot from its early startup days. I’ve witnessed a great deal of changes but there are some milestones that really stood out – at least from my point of view.

A major change that happened was the expansion of our service offerings. Although we were initially focused on penetration testing services, we’ve seen a good opportunity to provide a broader range of services: incident response, security audits, and red teaming. For a smaller team with great expertise, this was a giant leap towards becoming a more strategic partner for businesses looking to enhance their security posture.

Another defining milestone that comes to mind was the decision to be more involved in training and preparing new generations of cybersecurity talent. I think it was our active involvement in DefCamp and the DefCamp Capture the Flag competition that positioned us as a thought leader in the ethical hacking and cybersecurity community.

Additionally, our participation in the ROCSC (Romanian Cyber Security Challenge) and ECSC (European Cyber Security Challenge) and our commitment to organize such a complex cybersecurity education program as UNbreakable Romania made us a main contributor in the development of young cybersecurity talent in Romania, mentoring and guiding participants in their journey toward becoming security professionals. Of course, we’ve established strong partnerships and collaborations with industry leaders and organizations along the way as well.

As you can see, our team has grown a lot – especially when it comes to our organizational culture. But so did our internal structure and processes. The introduction of standardized methodologies – just like the knowledge base I helped develop (you’ll read about it soon enough) – ensured consistency in day-to-day work, while still allowing for innovation. Growth has its perks, but it also brings a lot of responsibility. The good thing is that we’ve managed to maintain our approach to cybersecurity, keeping that startup-driven mindset of adaptability and problem-solving.

Looking back, I have to admit: I find it inspiring how Bit Sentinel has transformed from a small, ambitious team into a well-known and respected cybersecurity company that even today strives to tackle new threats and challenges in a very volatile industry.

Building a career in cybersecurity @ Bit Sentinel

Over the years, my role at Bit Sentinel has evolved significantly. In the beginning, I was looking to build my experience in penetration testing, refine my technical skills, and contribute to infosec challenges for competitions mostly.

In time, the team grew, and I grew along and within it. My responsibilities expanded beyond just executing penetration tests: I started taking ownership of projects, engaging directly with clients, and helping shape their security strategies.

One of the defining moments in my journey was back in 2019 when I built a local knowledge base for vulnerability descriptions and exploitation steps. I’m happy to say that this resource became a valuable tool for both my colleagues at Bit Sentinel at the time and those who would join in the future, providing a structured and standardized approach to executing engagements. At the same time, it allowed room for innovation in identifying vulnerabilities, ensuring that new techniques and insights could still be integrated without disrupting the overall methodology.

Naturally, I’ve been through some tough moments as well: tight deadlines, complex security vulnerabilities, and the ever-evolving threat landscape (which remains a challenge to this day, of course). It took a great deal of effort and patience to overcome those challenges and this only made me more adaptable and reinforced my passion for cybersecurity. 

Obviously, there are a few personal milestones that I’ve reached while working with the team. I’ve been involved in hundreds of projects throughout the years, so it’s difficult to choose just one that stands out as the most special.

Truth be told, every project is unique in its own way. Each engagement brought its own challenges, environments, and lessons, making every experience valuable from a different perspective.

However, just this once, I will let my hacker mindset take control of this. So: if I had to highlight the most exciting moments, it would be those times when I successfully gained full root access on a well-known, well-established company’s system or core application. There’s a distinct adrenaline rush that comes with breaking through layers of security in a system designed to be impenetrable. It’s not just about the technical challenge – it’s the realization that even the most secure-looking infrastructures (can) have weaknesses.

Moments like these reinforce why offensive security is so important. It actually proves that no system is ever truly secure – it’s a mantra that we’ve repeated lots of times at Bit Sentinel and you’ll probably hear us keep saying that – and that continuous testing and improvement are necessary. And, at the end of the day, being able to demonstrate these vulnerabilities, help organizations strengthen their defenses, and ultimately make the digital world safer is what makes this work so rewarding.

All in all, I take pride in the skills I’ve developed, the projects I’ve contributed to, the colleagues I’ve helped grow, and the reputation I’ve helped build for Bit Sentinel in the industry.

Of course, as the years went by, I also felt that it was time to share some of my pentesting insights. So I took upon myself to mentor junior colleagues, guiding them through security assessments, and helping them improve their technical and reporting skills. 

Fun fact: this was definitely something else.

Shifting from an individual contributor mindset to a leadership role was a learning curve. Suddenly, it wasn’t just about knowing how to break into systems anymore. My job had turned to teaching others, managing expectations, successes and, of course, failures and disappointments alike. Everything for the greater good that is team success. 

Seeing my junior colleagues grow into skilled security professionals was – and still is – perhaps the most rewarding experience. Finding vulnerabilities in systems? Yes, that is great. Reinforcing the value of knowledge sharing and collaboration? Awesome!

So, fast forward to today: I am the Red Team Tech Lead, leading a team that delivers offensive, hands-on penetration testing designed to identify vulnerabilities just as real-world attackers would. Our goal is to simulate advanced threats, assess security defenses, and help organizations strengthen their resilience against cyberattacks. This role has taught me that it is essential to constantly refine our expertise as pentesters, while also developing strong strategies to enhance our red teaming methodologies.

To put it in simpler terms, what I’ve actually learned is that:

• Flexibility is key – every engagement is different, and no challenge has a one-size-fits-all solution, checklist or scanning tool. A true leader sees every challenge as a chance to innovate, grow, and strengthen their team.
• Continuous learning is essential – cybersecurity is always evolving, and staying ahead requires ongoing research and skill development. Attackers evolve and improve their techniques every day and so should we.
• Teamwork and mentorship matter – success is not just about personal achievements. It is also about lifting others and contributing to a strong mindset and culture. 
• Effective communication is critical – whether working with clients, team members, or executives, clear and concise communication makes a huge difference in cybersecurity engagements. Pro tip: this might require constant improvement.

Shaping ethical hacker mindsets @ Bit Sentinel

The team culture is one of the (many other) things that I like about Bit Sentinel, because it is built on continuous learning, collaboration, and a shared passion for cybersecurity. From the very beginning, it was clear to me that this wasn’t just another cybersecurity company. Bit Sentinel was created as – and is, to this day – a place where innovation, knowledge-sharing, and hands-on experience are valued over rigid hierarchies.

One of the most defining aspects of our culture is the drive to improve – both individually and as a team. Everyone is encouraged to challenge themselves, explore new attack vectors, and push the limits of what they know. This mindset has significantly influenced my own growth, pushing me to keep getting better and constantly refine my skills.

My time with Bit Sentinel taught me that given enough time, anything can be hacked. As I’ve mentioned before, no system is truly invulnerable. When you have the right resources, enough patience, and plenty of ingenuity, vulnerabilities are just too easily found. This is a fundamental truth of cybersecurity.

Take this for example: a blue team has to be lucky every time; a red team, only once. Defenders must continuously anticipate, detect, and block attacks, while attackers only need a single successful exploit to breach a system. However, in red teaming, we don’t just rely on luck – we reinforce it with knowledge. Our advantage comes from experience, creativity, and a deep understanding of security mechanisms, allowing us to think like adversaries and uncover the weaknesses that matter most.

Working @ Bit Sentinel. Or: advice I wish I had on day 1

Avoid doing just the bare minimum. Cybersecurity thrives on innovation, creativity, and pushing boundaries. Whether it’s a new attack technique, a tool you built, or a unique method to solve a problem, always aim to build a valuable skill that sets you apart. 

Keep in mind that, over the last decade, the cybersecurity industry has undergone huge transformations: we’ve seen technology, threats and regulations evolve at an unprecedented pace. Looking ahead, the next ten years will likely be shaped by even more complex and unpredictable challenges. To name a few:

• AI as the new battleground: Artificial Intelligence has become both a weapon and a defense in cybersecurity. Attackers are leveraging AI for automated hacking, exploit development, vulnerability fingerprint, and adaptive malware, while defenders use AI-powered security solutions for threat detection, anomaly analysis, and automated response.
• the rise of Ransomware and Cybercrime-as-a-Service: ransomware has evolved into a multi-billion-dollar industry, with sophisticated actors offering ransomware-as-a-service (RaaS) and targeting critical infrastructures. The scale and frequency of these attacks have forced governments and enterprises to treat cybersecurity as a top priority. It even forced the Bit Sentinel team to adapt and identify weaknesses that may aid an attacker to leverage any ransom or financial loss on a client.
• cloud & remote work security challenges: the rapid shift to cloud computing and remote work has expanded the attack surface, making Zero Trust Architecture (ZTA) a necessity. Organizations have had to rethink security beyond traditional perimeter defenses, leading to the rise of identity-based security models. And we as a red team are also happy to challenge the idea that there is no real zero trust architecture.

This field isn’t easy, and you’ll constantly face challenges that seem impossible at first. Instead of backing away, embrace them. If you get stuck on an exploit, a report, or a research topic, dare to go deeper, research more, test again – or how we like it to say: Try harder! The best cybersecurity professionals aren’t the ones who know everything but the ones who refuse to quit until they figure it out.

Cybersecurity is full of debates, differing opinions, and people who might doubt your approach or conclusions. If you’ve done your research and you’re confident in your findings, stand by them. Challenge conventional thinking, defend your perspective, and let the results speak for themselves. Even if you’re wrong, you’ll learn something valuable from the experience.

A look towards the future @ Bit Sentinel

What excites me the most about the future of – and at – Bit Sentinel is the technical potential that I want to tap into from a cybersecurity perspective. The projects, the services, the evolving attack surfaces – each and every one of these provide endless opportunities for me and my team to explore, innovate, and push offensive security to new limits.

One of the things that keeps me motivated is that Bit Sentinel has not yet reached completion. There’s always room for improvement, for refining methodologies, for building better offensive strategies and, of course, for shaping the next generation of cybersecurity leaders. The company’s growth mindset and openness to innovation mean that anyone with the drive to contribute can make an impact.

As for me, the most exciting part is being part of that evolution, whether it’s enhancing red teaming capabilities, exploring new cybersecurity domains, or mentoring the next wave of ethical hackers. 

To put it shortly, the future isn’t just about scaling; it’s about raising the bar in cybersecurity. And that’s a challenge I’m looking forward to.

Having Lucian with us since the early days means more than any project or client ever could. He’s been by our side through every high and low, and that kind of loyalty is rare. 

After all, this story isn’t just about climbing the ranks. Lucian’s story is about passion, hard work, and always pushing the limits of what’s possible in cybersecurity. We’re lucky to have him!

Lucian has helped shape the way we do things, mentored others, and made a real impact on our team. His journey embodies what Bit Sentinel is all about: growing together, learning every day, and creating a space where people can become the best at what they do.

As we celebrate 10 incredible years, having Lucian with us isn’t just something we’re proud of – it’s one of the things we’re most grateful for. His journey is proof that when the right people come together with passion and purpose, they don’t just do great work – they build something extraordinary. And if the past decade is any indication of what’s to come, the future looks incredibly exciting – for Lucian, for our team, and for everything we’re building together.