Table of Contents
Mediarithmics, a European Customer Data Platform (CDP), provider, supports major clients such as TF1, Prisma Media ou Fnac Darty in activating and managing their marketing data.
With a constantly evolving platform handling massive volumes of sensitive information, maintaining a high level of security and compliance is a top priority.
As part of its ISO 27001 certification, Mediarithmics chose Yogosha’s Pentest-as-a-Service (PtaaS), to secure its assets in a continuous, structured, and collaborative way.
This approach has helped the company identify new vulnerabilities each year, strengthen documentation traceability, and engage its teams in a process of ongoing improvement.
“With Yogosha, we found real value in conducting recurring pentests every year.”
— Joseph Graceffa, CISO, Mediarithmics
The Challenge: Securing a Dynamic Platform in a Demanding Compliance Framework
For nearly five years, Mediarithmics has been engaged in its ISO 27001 certification journey — a process that requires proving the ability to:
- Test applications regularly
- Identify, remediate, and validate vulnerabilities
- Involve teams in a culture of continuous improvement
However, traditional pentests quickly showed their limits:
- Long preparation and launch times
- Reports only delivered at the end of the engagement, leaving critical issues unaddressed for weeks
To keep up with a fast-paced development cycle and maintain compliance, Mediarithmics needed a more agile and continuous approach to security testing.
“We want to anticipate security issues, not endure them.”
— Joseph Graceffa, CISO, Mediarithmics
The Solution: Integrating Pentest-as-a-Service into the Security Strategy
Mediarithmics turned to Yogosha’s Pentest-as-a-Service (PtaaS) to industrialize and modernize its penetration testing process. This model combines on-demand testing, flexibility, and close collaboration between internal teams and vetted security researchers.
With this setup, Mediarithmics can :
- Plan recurring test campaigns aligned with its SDLC
- Streamline vulnerability remediation across DevOps teams
- Collaborate directly with researchers to understand and resolve findings
- Access clear, actionable reports aligned with ISO documentation requirements
- Conduct rapid retests without waiting for future campaigns
“The PtaaS model brings responsiveness, knowledge-sharing, and real value to our internal teams.”
— Joseph Graceffa, CISO, Mediarithmics
The Results: Continuous Improvement and Stronger Trust
Since adopting Yogosha’s PtaaS, Mediarithmics has seen measurable improvements in both its security posture and team engagement:
- New vulnerabilities detected every year, even on an already mature platform
- Validation of the robustness of its attack surface
- Documentation traceability fully aligned with ISO requirements
- Faster reaction times thanks to immediate retests
- Increased trust from clients and partners
- Technical teams more engaged and empowered, viewing each discovery as an opportunity to learn and progress
“Finding a vulnerability isn’t a failure — it’s an opportunity to improve.”
— Joseph Graceffa, CISO, Mediarithmics
Secure Your Applications with Yogosha
Whether you’re a software provider, pursuing ISO certification, or undergoing regular security audits, Pentest-as-a-Service helps you accelerate testing, enhance visibility, and strengthen your security posture — without slowing your teams down.
It’s the most effective way to uncover the vulnerabilities traditional testing can miss.
Contact Yogosha to assess your security testing needs and build a tailored program that fits your organization’s goals.
