Teron Labs is an accredited, independent security testing laboratory that puts security products to the test. Recently acquiring their FIPS 140 accreditation, the Canberra Cyber Hub sat down with Anantha Kandiah, co-founder of Teron Labs, to learn about more their start-up story as they grow their presence and expand their offering.
Introducing Teron Labs
Founded by a group of individuals passionate about security certifications, Teron Labs aims to help organisations gain certifications in a timely manner. Established in late 2018, the Canberra-based company has grown from a team of 2, to a team of 11, and has now become Australia's leading Common Criteria testing facility, as well as the only FIPS 140 laboratory in the Southern Hemisphere.
FIPS (Federal Information Processing Standard) 140 is a standard used to assess the security and functionality of cryptography that's implemented in hardware or software products. Any product that implements cryptography and is procured by the US government is required to be FIPS 140 validated.
Teron Labs brings together experts in hardware, software, networking, cryptography and mathematics to provide a one-stop shop for security assurance requirements, providing businesses with a simpler and more personalised approach to certifications.
Congratulations on your recent FIPS 140 accreditation. For those who may not be aware, can you please tell our readers more about the FIPS 140 accreditation and the benefits it provides to your clients?
FIPS 140 accreditation means that our lab is formally recognised as a cryptographic and security testing laboratory by NIST (National Institute of Standards and Technology). Having the FIPS 140 accreditation allows us to provide the testing of cryptographic implementations against this standard. Other governments and industries around the world are using FIPS 140 standard as a benchmark to validate cryptographic implementations in the products they procure. The requirement of FIPS 140 is often tied to other certifications such as Common Criteria. We are also an accredited Common Criteria lab. Having a lab that can carry out both FIPS 140 validations and Common Criteria evaluations allows us to provide a one-stop-shop for vendors' certification requirements.
How did you get into cyber security?
My background is in Software Engineering. I graduated with a degree in Software Engineering and started working for companies that developed cryptographic libraries. This naturally led to a career in the cyber security field.
Could you please provide a short description of the unique products and services you offer?
Our primary services revolve around the security testing of products. We also offer:
- Common Criteria evaluations
- FIPS 140 validations
- Entropy analysis
Our team of experts also implements and advises on the transition to post-quantum cryptography and penetration testing.
What do you see as your customer's biggest pain point, and how do your unique products and services assist them in addressing these issues?
Our customer's biggest pain points are dependability and reliability. Being a privately held, dedicated security testing facility, we avoid many of the pain points caused by the overheads of a large organisation. This allows us to work flexibly within the evolving requirements of our clients.
What potential roles and career pathways are available with Teron Labs?
We are regularly on the lookout for people willing to learn more about cyber security. People who are new to the company often start out as an associate and progress on to more senior roles. We offer a flexible work environment, an opportunity to work with interesting products, an opportunity to attend conferences, to further develop your career through external training, and to take part in our employee share scheme.
What advice do you have for those who wish to pursue a career in the cyber industry?
Learn about the building blocks of computers and networks. An understanding of operating systems, networks and the underpinning hardware allows you to easily keep up to date with evolving technologies.
