PIVOT Security

The firm. Est. 2022

A research practice that ships.

PIVOT Security is a research-led offensive security firm. Not a reseller, not a staffing shop. We build the tradecraft, publish the research, and then operate it inside customer environments.

Our people close the gap between offense and defense by being fluent in both, actively hunting the same adversaries that blue teams react to.

Research & DevelopmentThreat HuntingAttack-surface Management
PIVOT Security

PIVOT · Identity

Record

A short record of what we’ve built.

No slogans. A chronological note of the research we’ve published and the platforms we’ve shipped.

  1. 2022

    Foundation

    P.I.V.O.T is founded. We debut the top-rated Cyber Warfare course , the practice’s first public artefact.

  2. 2023

    BYOR , a new attack surface

    Our research surfaces an unreported adversary technique we named Bring Your Own Reputation (BYOR). The whitepaper is public and cited by red-team practitioners.

  3. Jul 2024

    First platform shipped

    PHISH-E ships , multi-channel phishing simulation with native SOC automation, built for enterprises that had outgrown compliance-checkbox platforms.

  4. Sep 2024

    Security education platform

    PHISH-E LMS follows. AI-driven, context-aware, tailored to local threat realism rather than generic compliance modules.

  5. Apr 2025

    ENFORCE ships

    ENFORCE goes live , a browser-based plugin that hardens the browser perimeter and blocks live threats against a curated threat-intelligence pool of 1L+ rulesets. Zero-trust controls for BYOD and unmanaged workforces, without forcing a new browser on anyone.

Our position

“We don’t wait for threats to emerge.
We hunt them, continuously,
with tradecraft that matches the adversary.”

The Pivot Practice

Leadership

The people who
ship the research.

Founders who still run engagements. Practitioners first; the management layer came later, not the other way around.

Nikhil Srivastava · CEO & Co-Founder

CEO & Co-Founder

Nikhil Srivastava

Microsoft Blue Hat Asia 2024

OSCPMCRTA
Raju Gautam · CTO & Co-Founder

CTO & Co-Founder

Raju Gautam

Offensive security product engineering · Rust edge

How we work

Research. Tailor.
Operate.

A three-phase practice model , the same model for a single engagement or a three-year retainer. Scope changes; the discipline doesn’t.

01

Research

Every engagement starts in the lab , emerging CVEs, fresh tradecraft, new detection bypasses. Research is the product, not the byproduct.

02

Tailor

We model your environment, your auditors, and your attackers. The delivery is shaped to your stack , not reused slide decks.

03

Operate

Findings turn into scored kill-chains, evals, and SOC playbooks you can re-run every quarter. The work compounds.

Accreditations

Credentials that
survive scrutiny.

The firm is certified against the frameworks auditors care about , and the people are certified against the ones attackers care about. Both sides matter.

Firm-level

ISO/IEC 27001:2022

ISO/IEC 27001:2022

Information Security Management

ISO 9001:2015

ISO 9001:2015

Quality Management

ISO 22301:2019

ISO 22301:2019

Business Continuity

Startup India

Startup India

DPIIT recognised

Team-level

OSCPOSEPCREST CRTCEHCISMCISACRTPeWPTeJPTGPENMicrosoft MVR

Every engagement is staffed by at least one consultant with an offensive-security certification held for more than three years.

Trusted by Industry Leaders

We're proud to partner with innovative organizations across various industries, helping them secure their digital infrastructure and protect their valuable assets.

Join these industry leaders in securing your digital future