“This initiative was started to support the cybersecurity work we do and to spark curiosity across our innovative and talented teams. We wanted to invite colleagues to look at our systems with a security mindset and challenge them in a constructive way,” says Augustas Grikšas, Senior Cybersecurity Engineer at Omega 365 Lithuania. 

The Hackathon resulted in a significant number of identified security vulnerabilities, ranging from critical to low severity. Rather than being seen as a source of concern, the findings are considered concrete opportunities for improvement and risk reduction.

“For some, the number of findings might seem high, but I see it as identifying many opportunities to further improve our systems, rather than a negative outcome,” says Grikšas.

Testing systems from an attacker’s perspective

Participants highlighted the value of testing systems they know well, but from an entirely different perspective. This approach helped uncover weaknesses that are often difficult to detect through traditional testing methods.

“I experienced the Hackathon as both educational and engaging. It is a very good way to test security in realistic scenarios, precisely because many participants know the system well and therefore understand where the weaknesses are,” says Jørgen Melhus

Several participants also emphasized the opportunity to work on technically deep challenges outside their usual responsibilities.

“First and foremost, it was a fun and exciting concept that made me want to try, to see if I could get something out of the solution that I should not be able to,” says Aleksander Hansen Birkeland, Solutions Department Manager from Omega 365 Norway.

“The time I spent on it was enjoyable, as it involved more technical tasks than my everyday work has consisted of for the past two to three years.”

A key takeaway from the Hackathon was that valuable security insights do not only come from security specialists. Contributions from a wide range of roles strengthened the overall outcome.

“I like challenges, and it is always fun to succeed at something you are not really supposed to be able to do. I experienced it as a motivating event that has an incredibly positive impact on the Omega 365 product,” says System Engineer and Team lead at Omega 365 Norway Marianne Andersen.

“I am not a developer, so I cannot find the really cool security holes, but we have an incredible number of skilled people, and I am impressed by what they manage to do. It is a win win, so it should definitely be done annually.”