Project at a glance

SECWATCH conducts around 200 penetration tests and security assessments each year, managing highly sensitive information throughout every engagement. While the company had long relied on Tresorit’s Secure Cloud platform for encrypted file exchange, project communication and collaboration were still spread across multiple channels.

After considering building its own system, SECWATCH chose Tresorit Engage to centralize project management allowing onboarding, communication, documentation and reporting to take place in one secure environment. The result was greater efficiency, improved auditability and a stronger competitive position built on structured, trust-based project management. With Engage, the company reduced client onboarding time from around one hour to just ten minutes — a significant operational gain across hundreds of projects each year.

“If you’re doing hundreds of penetration tests a year, one breach — and it’s end of game. You can’t recover from that.” explained Henk-Jan Angerman, SECWATCH founder and Chief Visionary Officer, when talking about the company’s decision to go for Engage.

About the company

Founded in 2005, SECWATCH is a cybersecurity consultancy specializing in cyber risk management, security assessments, and digital forensic investigations. Over the years, the company evolved from implementing antivirus and firewall solutions into a focused consultancy dedicated to validating whether security controls truly work as intended.

Today, SECWATCH supports both highly mature organizations with established InfoSec teams and companies that require hands-on guidance throughout the entire testing process. “We don’t just deliver a report and disappear. We want to become a real partner and take the customer along on the journey.” explains SECWATCH co-founder Henk-Jan Angerman.

The challenge

Penetration testing is inherently project-based and highly sensitive. Each engagement involves secure scoping, legal agreements, credential exchange, technical testing, reporting, potential retesting and ultimately data retention and destruction. Close collaboration with clients is essential.

Although SECWATCH had already adopted Tresorit’s Secure Cloud to eliminate insecure email attachments and outdated workflows, project management itself remained fragmented. Clients often relied on their own collaboration tools, and sensitive information occasionally resurfaced in email threads.

Over time, client feedback made it clear that while the technical delivery was strong, communication and project management were areas where the overall experience could be further improved.

“Emailing a security report is an absolute no-go” says Henk-Jan Angerman and goes on to explain, that the leadership team considered developing an internal project management solution tailored to their needs. However, building and securing such a system — and ensuring it would meet audit and compliance expectations — would require significant investment and distract from their core expertise.

“We break things. We don’t build things. Building something secure — and auditing it — that’s a very expensive show” explains Henk-Jan Angerman. Therefore, when Tresorit introduced Engage, SECWATCH immediately joined the early adopter phase as they recognized that it addressed precisely the gap they had been trying to solve.

The requirements

SECWATCH needed more than a platform for secure collaboration. The company was looking for a secure, centralized environment that could support the entire client lifecycle and serve as a single source of truth throughout the project — from the first conversation to final reporting and controlled data deletion.

The solution had to make onboarding structured and transparent, allow task-based collaboration, provide clear audit logs for document access, and remain simple enough for both technical and non-technical clients. Above all, it needed to reinforce trust. “If there’s no trust, there’s basically no project. We see and hear almost everything from our customers” says Henk-Jan Angerman.

With hundreds of sensitive reports generated each year, SECWATCH also needed assurance that document delivery could be verified. With Engage, they can see in the audit log that the customer downloaded the report.

The implementation

SECWATCH joined Tresorit Engage as an early adopter and first tested it with a range of customers — from highly tech-savvy users to those less comfortable with digital tools. Adoption proved smooth across the board, often requiring little to no support.

“When I saw Engage, I immediately recognized the use case and decided to move forward with it. I tested it with a few trusted customers, some very tech-savvy and others who barely want to use a computer. Most of them had no issues at all — maybe one needed minor help getting started. That was the moment I realized how easy it really is to use.” explained Henk-Jan Angerman.

Once onboarded, clients could collaborate within a secure, structured workspace where documents, key project information and tasks were clearly organized. SECWATCH maintained full control over access rights and benefited from detailed audit logs, including confirmation when reports were downloaded — an important safeguard for both operational clarity and legal assurance.

After the initial testing and positive feedback from its customers, the company quickly integrated Engage across its security assessment projects.

“When you handle hundreds of penetration tests each year, secure collaboration is not optional - it is critical to maintaining trust with our clients. Engage allows us to manage every project in a structured and auditable way without compromising security.” Henk-Jan Angerman.

The process now begins during the sales phase. As soon as a serious lead emerges, SECWATCH creates a dedicated Engage room. Quotes, scope definitions and procedures are shared transparently from the outset. If the opportunity does not convert, the workspace is deleted.

If a client is onboarded, the same secure, branded environment supports intake and execution. Sensitive information is exchanged within the data room, and tasks are assigned directly to clients when required input is needed. Project updates are shared transparently, ensuring both sides remain aligned throughout the testing phase.

Reporting and evidence distribution are also handled inside Engage. Penetration testing produces extensive documentation, including detailed reports, scripts, logs and reproducible evidence. These materials are delivered securely within the data room, and audit logs confirm when documents are accessed or downloaded. If retesting is required, the same data room remains active. When a project concludes, access is revoked after defined timeframes and data is securely destroyed according to policy.

“I don’t want 200 security reports sitting somewhere on a dusty server. Data has a lifecycle.” explains Henk-Jan Angerman.

The results

From a business perspective, the impact was immediate. Onboarding processes that previously required extensive coordination were significantly simplified — even less technical customers were able to onboard with minimal assistance.

“Onboarding could take an hour before but now, with Engage, it takes ten minutes — that’s efficiency.” Says Henk-Jan Angerman.

Communication became more structured and transparent, allowing both SECWATCH and its clients to prepare more effectively for report discussions and remediation planning. This reduced follow-up meetings and improved overall clarity.

Email usage for sensitive exchanges has been eliminated with important documentation taking now in place within Pages — a feature that allows project participants to take notes directly in the Engage room.

Beyond efficiency gains, Engage strengthened SECWATCH’s differentiation in a competitive market. While security assessments are widely accessible, structured communication, auditability and client guidance are not. For SECWATCH, the differentiator now is secure, efficient, and transparent project management thanks to Engage.

Conclusion

By adopting Tresorit Engage, SECWATCH now manages sales, onboarding, collaboration, reporting and data lifecycle control within one secure portal. The result is not only greater efficiency and reduced risk, but a stronger foundation of trust with clients.