Broadvoice operates across four continents. Headquartered in Northridge, California, the company delivers Unified Communications and Contact Center services to businesses worldwide, powered by AI on cloud platforms.
Behind that operation sits a sprawling, fast-changing infrastructure: multiple data centers, extensive AWS environments, and thousands of assets that come and go on demand. A single breach could mean fines of up to €20 million, plus great damage to client relationships built over years.
Pedro Cunha, Information Security Officer and Data Privacy Officer, is the person who makes sure that doesn't happen.
The Three Gaps That Wouldn't Close
Pedro's team is technical, talented, and stretched thin. The challenge wasn't expertise. It was reach.
You always have, independently of experience, limited visibility. If you are focused on some areas, you will be losing some last-minute, last-second issues on the other end.
Three problems compounded each other:
- Visibility. AWS resources spinning up with new public IPs that fell outside Broadvoice's RIPE-registered ranges. Shadow IT. Third-party integrations. Pedro's team couldn't keep a current map of what was exposed.
- Validation. Even where assets were known, the team had no continuous way to prove which vulnerabilities attackers could actually exploit, versus which were noise.
- Velocity. Their environment changed daily. Periodic pentests gave them snapshots. Attackers don't operate on snapshots.
Pedro saw exactly where this leads if it isn't fixed:
We should not be firefighters in the first place. We should be ahead of the curve, as aware as possible of all the vulnerabilities that we have, all the issues, all the possible entry points that some malicious player might come in.
He needed to stop reacting and start staying ahead.
The Turning Point: From Detection to Validated Exploitability
Pedro chose Ethiack to have an adversarial exposure validation platform built for exactly his situation: a cloud-first organization with a fast-moving attack surface and a security team that needed continuous proof of what was exploitable, not another stream of unvalidated findings.
Two capabilities working as one platform:
- Continuous attack surface mapping. Ethiack discovered Broadvoice's entire digital footprint, including volatile AWS resources outside their RIPE ranges, internal infrastructure, third parties, and Shadow IT. Every change, every new deployment, mapped continuously.
- Hackian, the agentic AI pentester. 24/7 autonomous pentesting across every asset Broadvoice owned. Hackian doesn't stop at detection: it chains vulnerabilities, pivots attacks, and exploits findings to prove what attackers could actually leverage. Tests are event-driven, triggered by infrastructure changes or new threat intelligence, so coverage stays continuous without overwhelming production.
You scan and you test the full scope. And the full scope is not only the range of IP addresses that we have signed off with RIPE, but also the bunch of volatile assets that are brought up from Cloud World, from AWS.
Together, the platform supported Broadvoice's move toward Continuous Threat Exposure Management, replacing periodic snapshots with continuous, validated coverage.
The Win: Proof Instead of Promises
Broadvoice's posture shifted from reactive to proactive. The change showed up in three places.
A Clearer Signal
Hackian's exploitation-validated findings cut through the noise. Pedro's team stopped triaging severity scores and started fixing what was actually exploitable with proof, payloads, and mitigation guidance attached.
Ethiack sometimes uncovers something that is very tiny, very hidden. You are spotting something the entire business wasn't even aware of.
The platform surfaced exposures Broadvoice didn't know existed: databases with public IPs, entry points outside the team's current focus areas, and assets that had drifted from inventory.
A More Confident Team
Pedro's engineers no longer carried the weight of being the human filter for every alert. With Hackian testing continuously and prioritizing by exploitability, they shifted their hours from validation work to remediation and deeper security research.
Ethiack gave me peace of mind. It’s great we have an independent pentester easing our job.
A Commercial Advantage
Validated, continuous security became a trust signal Broadvoice could put in front of clients. Pedro's counterparts in sales now answer security questionnaires and prospect objections with proof instead of promises, turning what was once a friction point into a competitive differentiator.
What's Next
Broadvoice operates ahead of attackers now. The firefighting is over. The team focuses on what's actually exploitable, and the business carries that confidence into every client conversation.
For Pedro, that's the win that matters.
About Broadvoice
Broadvoice is a global cloud communications provider delivering UCaaS and CCaaS solutions to businesses across four continents. Learn more at Broadvoice.com.
About Ethiack
Ethiack delivers continuous, autonomous cybersecurity through agentic AI: pentesting agents that think, act, and learn. Operating 24/7, Ethiack discovers, exploits, and validates vulnerabilities across your entire attack surface with near-zero false positives. Continuous visibility, high-speed testing, and actionable, validated risks to keep organizations one step ahead.
Want to see what's actually exploitable across your attack surface?Start your free 30 days trial.
Don’t wait for the attack.
Secure Your Future with Ethiack
If you're still unsure convince yourself with a 30-day free trial. No obligation. Just testing.