Graffersid Reviews

Penetration testing delivered with clear findings and actionable remediation steps

Tyler Nguyen / Founder & CTO - BlueRidge Software

Verified
Dec 31, 2025

Project summary: Regulatory changes required us to rebuild our client reporting module from the ground up with full audit trail, real-time data, and a compliant data residency model.

The engagement started with a discovery workshop that immediately signalled this team was different. They pushed back on two of our assumptions in the first session with evidence and a better alternative. That kind of intellectual honesty is rare and it set the tone for the whole project. Deliverables were consistently ahead of schedule, code reviews were taken seriously, and the final product is something we are proud to show enterprise clients during due diligence calls.

PROS

Domain knowledge that went beyond generic expertise into our specific industry, willingness to push back constructively, automated test coverage that gave us deployment confidence

CONS

Their calendar books up quickly which made scheduling the initial kickoff slightly challenging — a good problem for them to have and not one that affected our delivery

5.0

Overall

5.0

Quality

5.0

Schedule

5.0

Cost

5.0

Communication

Project TypeCybersecurity

IndustryFinancial Services

Project Cost$150,000 to $499,999

DurationDec 2024 – Nov 2025

Questions & Answers

Please describe your company, your role, and the industry you operate in.

BlueRidge Software operates across the Financial Services sector with offices in Austin, USA. In my capacity as Founder & CTO I oversee both the strategic and operational technology agenda. We are a growth-stage business that needed a development partner capable of scaling with us rather than constraining us.

What specific problem or business challenge led you to hire this company?

Growth into new markets had exposed serious limitations in our platform. What had worked for our original user base in Austin, USA was not going to scale internationally, and the Cybersecurity requirements for those new markets were meaningfully different. We needed a partner who had solved that kind of problem before.

What services did the company provide for your project?

The core engagement was Cybersecurity but expanded to include technical consultancy during the discovery phase, which helped us refine the requirements significantly before development began. They also took responsibility for coordinating with our third-party data providers, which removed a significant coordination burden from our internal team.

Why did you choose this company over other providers you considered?

Their portfolio included two projects that were sufficiently close to our own brief in terms of complexity, Cybersecurity scope, and Financial Services context that we felt confident they understood what we were asking. The proposal was technically rigorous, the pricing was transparent, and the proposed team structure gave us senior engineers throughout rather than just for the pitch.

How clearly did the company understand your requirements and business goals?

Thorough and precise. They translated our business language into technical requirements without losing the intent, which is a skill that sounds straightforward but frequently goes wrong. Every user story they wrote was reviewed against the original business objective before it entered the sprint and the acceptance criteria were specific enough to remove subjectivity from QA.

How was your overall experience with their communication and project management?

Professional and efficient. We used a shared project management tool that gave our stakeholders visibility without requiring them to attend every meeting. The project manager had a clear escalation path and used it appropriately. The only time I needed to intervene directly was when I chose to, not because something had been missed.

Did the company deliver the project on time and within your expected budget?

Yes on both counts. There was one sprint where a third-party integration took longer than scoped because of undocumented API behaviour on the vendor side. The team flagged it immediately, proposed two mitigation options, and we agreed on an approach that recovered the timeline within two weeks. That is how scope issues should be handled and rarely are.

What tangible results or business impact have you seen since the project was completed?

We went live three months ago. In that time we have not had a single P1 incident, our page performance scores have improved across every measure, and the feature we had deprioritised for years because the old architecture made it too complex to implement is now in our next sprint. The platform they built has opened up our roadmap in a way we had not anticipated.

What did you like most about working with this company?

The continuity of the team. The engineers who scoped the work were the engineers who built it. That sounds like it should be standard practice but in my experience it often is not. The institutional knowledge that comes from that continuity pays dividends at every stage, particularly when you are dealing with a complex Financial Services domain where context takes time to build.

Would you recommend this company to others, and would you work with them again?

Absolutely. I would recommend them with a specific note that the quality of the discovery process is where the value starts. Clients who invest properly in that phase will get the most out of the engagement. We made that investment and the returns are evident in the quality of what was delivered.

IT partner who feels genuinely embedded in our organisation

Stephanie Coleman / SVP of Digital Strategy - Horizon Financial Group

Verified
Sep 09, 2024

Project summary: Our competitors had been investing in technology for two years and we needed to close a meaningful gap quickly without compromising on the quality of what we shipped.

Our previous agency had given us a platform that worked well enough to demo and fell apart under real load. This team came in, diagnosed the root causes accurately, and rebuilt the critical components without disrupting the live service. The performance improvements were immediate and measurable — page load times dropped by 60 percent, error rates dropped to near zero, and our support team has far fewer incidents to deal with. The contrast with our previous experience could not have been sharper.

PROS

Engineering quality that our internal team can maintain without calling the vendor, thorough documentation, proactive risk identification throughout the project

CONS

Honestly nothing worth documenting — we went in with high expectations and they were met on every measure

5.0

Overall

5.0

Quality

5.0

Schedule

5.0

Cost

5.0

Communication

Project TypeIT Managed Services

IndustryEvents & Event Management

Project Cost$50,000 to $149,999

DurationMay 2025 – Oct 2025

Questions & Answers

Please describe your company, your role, and the industry you operate in.

I lead technology at Horizon Financial Group, a mid-sized organisation in the Events & Event Management sector headquartered in Boston, USA. My remit as SVP of Digital Strategy covers everything from infrastructure to product development. We had reached a point where our internal engineering capacity was not sufficient to execute our roadmap without an experienced external partner.

What specific problem or business challenge led you to hire this company?

The immediate trigger was a performance failure during our peak trading period that cost us measurably in both revenue and client trust. The root cause was architectural and our internal team did not have the IT Managed Services expertise to address it properly. We needed specialists.

What services did the company provide for your project?

End-to-end IT Managed Services delivery with a particular emphasis on the integration layer that connected the new build to our existing Events & Event Management infrastructure. They also provided UI/UX input that was not in the original scope but which they offered proactively because they could see it would affect adoption. That kind of initiative was characteristic of how they approached the whole engagement.

Why did you choose this company over other providers you considered?

We evaluated four vendors in total. Two were eliminated after the technical assessment stage because their proposed architectures showed a surface-level understanding of what we needed. This team's proposal demonstrated genuine depth in IT Managed Services and specific knowledge of the Events & Event Management sector that the others could not match. The reference calls confirmed a consistent pattern of delivery.

How clearly did the company understand your requirements and business goals?

Thorough and precise. They translated our business language into technical requirements without losing the intent, which is a skill that sounds straightforward but frequently goes wrong. Every user story they wrote was reviewed against the original business objective before it entered the sprint and the acceptance criteria were specific enough to remove subjectivity from QA.

How was your overall experience with their communication and project management?

The project management was the best I have experienced in a vendor relationship. We had fortnightly sprint reviews with structured agendas, a shared backlog that we could inspect at any point, a risk register that was actively maintained rather than created at kickoff and never opened again, and a project manager who treated our time as something worth protecting. Communication was proactive, not reactive.

Did the company deliver the project on time and within your expected budget?

On time and within the agreed budget. They had given us a range estimate at the start, which I had been sceptical of, and they landed within the lower half of that range. Their estimation accuracy came from having broken the work down in genuine detail during discovery rather than giving a rough number and hoping. It showed in every sprint.

What tangible results or business impact have you seen since the project was completed?

We went live three months ago. In that time we have not had a single P1 incident, our page performance scores have improved across every measure, and the feature we had deprioritised for years because the old architecture made it too complex to implement is now in our next sprint. The platform they built has opened up our roadmap in a way we had not anticipated.

What did you like most about working with this company?

The continuity of the team. The engineers who scoped the work were the engineers who built it. That sounds like it should be standard practice but in my experience it often is not. The institutional knowledge that comes from that continuity pays dividends at every stage, particularly when you are dealing with a complex Events & Event Management domain where context takes time to build.

Would you recommend this company to others, and would you work with them again?

Yes. The referral I would give comes with context: they are not the cheapest option and they are not the fastest to schedule. If you are optimising purely on price or looking for someone to start tomorrow, there are other choices. If you want the work done properly and a partner you can trust with a complex, high-stakes IT Managed Services engagement, this team is the answer.

Security posture transformed from a liability to a genuine sales differentiator

Noura Al-Rashidi / VP of Technology - Gulf Retail Holdings

Verified
Jun 16, 2023

Project summary: Visibility across our multi-tier supply chain was essentially non-existent and we were making operational decisions based on data that was 24 to 48 hours stale.

Our previous agency had given us a platform that worked well enough to demo and fell apart under real load. This team came in, diagnosed the root causes accurately, and rebuilt the critical components without disrupting the live service. The performance improvements were immediate and measurable — page load times dropped by 60 percent, error rates dropped to near zero, and our support team has far fewer incidents to deal with. The contrast with our previous experience could not have been sharper.

PROS

Technical depth across the full stack, honest and timely communication, delivered exactly what was scoped without surprise additions to the invoice

CONS

Time zone difference required some adjustment to our internal communication habits but the team managed the overlap window efficiently and it never affected momentum

5.0

Overall

5.0

Quality

5.0

Schedule

5.0

Cost

5.0

Communication

Project TypeCybersecurity

IndustryLogistics & Supply Chain

Project Cost$150,000 to $499,999

DurationOct 2025 – Jan 2026

Questions & Answers

Please describe your company, your role, and the industry you operate in.

Gulf Retail Holdings operates across the Logistics & Supply Chain sector with offices in Abu Dhabi, UAE. In my capacity as VP of Technology I oversee both the strategic and operational technology agenda. We are a growth-stage business that needed a development partner capable of scaling with us rather than constraining us.

What specific problem or business challenge led you to hire this company?

Growth into new markets had exposed serious limitations in our platform. What had worked for our original user base in Abu Dhabi, UAE was not going to scale internationally, and the Cybersecurity requirements for those new markets were meaningfully different. We needed a partner who had solved that kind of problem before.

What services did the company provide for your project?

Primarily Cybersecurity, though the scope naturally touched adjacent areas. They handled architecture design, implementation, integration with our existing systems, performance testing under realistic load, and knowledge transfer to our internal team. The breadth of what they covered without requiring us to bring in additional vendors was one of the reasons the project ran efficiently.

Why did you choose this company over other providers you considered?

Their portfolio included two projects that were sufficiently close to our own brief in terms of complexity, Cybersecurity scope, and Logistics & Supply Chain context that we felt confident they understood what we were asking. The proposal was technically rigorous, the pricing was transparent, and the proposed team structure gave us senior engineers throughout rather than just for the pitch.

How clearly did the company understand your requirements and business goals?

Thorough and precise. They translated our business language into technical requirements without losing the intent, which is a skill that sounds straightforward but frequently goes wrong. Every user story they wrote was reviewed against the original business objective before it entered the sprint and the acceptance criteria were specific enough to remove subjectivity from QA.

How was your overall experience with their communication and project management?

The project management was the best I have experienced in a vendor relationship. We had fortnightly sprint reviews with structured agendas, a shared backlog that we could inspect at any point, a risk register that was actively maintained rather than created at kickoff and never opened again, and a project manager who treated our time as something worth protecting. Communication was proactive, not reactive.

Did the company deliver the project on time and within your expected budget?

Yes. I will note that the original timeline was aggressive and I had privately expected a slip. They managed to hold it by making smart sequencing decisions early on that I only fully understood in retrospect. The budget discipline was equally good — we received a single change request for scope we had introduced ourselves and it was priced fairly.

What tangible results or business impact have you seen since the project was completed?

We went live three months ago. In that time we have not had a single P1 incident, our page performance scores have improved across every measure, and the feature we had deprioritised for years because the old architecture made it too complex to implement is now in our next sprint. The platform they built has opened up our roadmap in a way we had not anticipated.

What did you like most about working with this company?

The quality of the written communication. This matters more than most clients articulate. Clear, concise, technically accurate updates that our non-technical stakeholders could read and understand. Proposals and change requests that made the decision obvious rather than obscuring it in jargon. That communication quality reduced our internal coordination overhead significantly.

Would you recommend this company to others, and would you work with them again?

Yes. The referral I would give comes with context: they are not the cheapest option and they are not the fastest to schedule. If you are optimising purely on price or looking for someone to start tomorrow, there are other choices. If you want the work done properly and a partner you can trust with a complex, high-stakes Cybersecurity engagement, this team is the answer.

Prototype-to-handoff process that our developers actually appreciated

Ciarán Murphy / CTO - Liffey Tech Solutions Ltd

Verified
May 07, 2023

Project summary: We needed to digitise our patient intake and care coordination workflows to reduce administrative overhead and give clinical staff more time at the bedside.

The thing I appreciate most in retrospect is that they were honest when something was harder than expected. Twice during the project the team came to us proactively to say that a particular component needed more time to do properly and explained why cutting corners would create problems later. We gave them the time. Both decisions were correct. The resulting product is solid and we have had none of the post-launch instability that plagued our last two technology projects.

PROS

Engineering quality that our internal team can maintain without calling the vendor, thorough documentation, proactive risk identification throughout the project

CONS

Honestly nothing worth documenting — we went in with high expectations and they were met on every measure

5.0

Overall

5.0

Quality

5.0

Schedule

5.0

Cost

5.0

Communication

Project TypeUI/UX Design

IndustryHealthcare

Project CostLess than $10,000

DurationFeb 2025 – Jan 2026

Questions & Answers

Please describe your company, your role, and the industry you operate in.

As CTO at Liffey Tech Solutions Ltd, I manage a cross-functional technology team serving our Healthcare clients from Dublin, Ireland. We are a commercially focused organisation and every technology decision we make is evaluated against a clear business case. We needed a partner who understood that context, not just the technical brief.

What specific problem or business challenge led you to hire this company?

Our existing UI/UX Design capability had accumulated years of technical debt that was slowing every new feature to a crawl. Incident frequency was rising, developer confidence was falling, and we knew a rebuild was overdue. We needed a partner with the depth to do it properly rather than apply another layer of patches.

What services did the company provide for your project?

End-to-end UI/UX Design delivery with a particular emphasis on the integration layer that connected the new build to our existing Healthcare infrastructure. They also provided UI/UX input that was not in the original scope but which they offered proactively because they could see it would affect adoption. That kind of initiative was characteristic of how they approached the whole engagement.

Why did you choose this company over other providers you considered?

Honestly, the quality of the questions they asked during the briefing process set them apart. Most vendors listen to the brief and come back with a solution to exactly what you described. This team came back with a solution to what we actually needed, which turned out to be somewhat different. That kind of consultative instinct is what we were looking for.