In a world where companies release software faster than ever, security often struggles to keep pace. CyStack, a cybersecurity startup from Vietnam, was founded to close that widening gap. Led by Nguyen Huu Trung, a veteran of more than a decade in exploit development, cloud security, and government forensics consulting, CyStack is redefining how organizations test, monitor, and secure their code.
Cystack was one of the 40 companies that chosen for K-Startup Grand Challenge (KSGC) 2025 Phase 2, Korea’s premier government-backed accelerator connecting global innovators with Asia’s technology ecosystem.
And in our exclusive interview, Trung explains how CyStack is pioneering AI-assisted, human-validated security testing—and why Korea represents the next frontier for its growth.
Closing the Gap Between Development Speed and Security Reality with CyStack
Q1. What motivated you to start this company, and what core problem were you trying to solve?
Modern companies ship software daily, but security testing still runs on outdated, manual cycles. We founded CyStack because we kept encountering the same contradiction: businesses have fully embraced cloud infrastructure, CI/CD pipelines, and continuous deployment, yet their security practices remain stuck in the past.
Traditional penetration tests are still performed manually by small teams, often resulting in PDF reports that arrive weeks or months later—sometimes after the vulnerabilities have already been patched or replaced. Meanwhile, automated scanners and public bug bounties generate countless low-value alerts while missing the deep flaws that truly matter.
CyStack was created to fix this imbalance. Our mission is to deliver continuous, AI-assisted, human-validated security testing that keeps up with modern software velocity. By combining automation, expert intelligence, and integrated workflows, we help companies secure products at the same speed they build them.
Why Korea Became a Strategic Security Frontier
Q2. What opportunity or unmet need did you identify in the Korean market, and what early signals convinced you that your solution could gain real traction here?
Korea ranks among the most digitally advanced economies in the world, yet high-level offensive-security expertise remains concentrated in a few large enterprises. Mid-market and fast-growing tech companies face two persistent challenges: limited access to senior pentesting talent and long turnaround times from traditional vendors that move far slower than their agile development teams.
Through dozens of conversations with Korean CISOs and CTOs, we heard the same frustration: they needed deeper, faster, and more reliable testing, but existing solutions were too slow, too expensive, or too shallow. The urgency grew after several high-profile breaches in 2025, which made continuous testing a board-level priority.
Our Pentest-as-a-Service (PTaaS) model directly answers this demand. We combine AI-driven automation for repetitive checks with a curated network of over 4,000 security experts, guided by our in-house team. This gives Korean companies access to Big-Four-level penetration testing—without the cost of maintaining large internal teams.
The strongest validation came from the market itself. Within three months, we signed two Korean IT service partners and co-submitted proposals for managed-security packages and a pentest pilot with a major e-commerce firm. For a market where we started with zero local references, such traction proved that CyStack’s model fits Korea’s fast-moving digital landscape.
The Insight That Changed Our Strategy
Q3. During KSGC, were there any mentors, partners, or specific insights that significantly influenced your product or strategy?
The biggest turning point came from realizing how Korea’s enterprise ecosystem truly works. When we arrived, our instinct was to sell directly to clients. But through KSGC mentors and partners, we learned that local IT service providers and system integrators are the real gatekeepers of enterprise trust and procurement—especially in cybersecurity.
That insight reshaped our entire market-entry plan. Instead of building a local sales force immediately, we focused on empowering Korean partners. We created localized pitch decks, detailed service playbooks, technical questionnaires, and co-branded proposal templates—all in Korean—so partners could confidently introduce CyStack within their networks.
We also refined our product lineup: adding clear, entry-level pentest offerings that partners could position as low-risk pilots, with a smooth upgrade path toward subscription-based PTaaS and managed-security models. KSGC taught us that long-term success in Korea comes not from working around local partners—but by growing with them.
CyStack at KSGC 2025: From Zero Footprint to Live Korean Pipeline
Q4. After joining KSGC, what has been the most meaningful change for your company and what evidence supports this growth?
KSGC transformed us from a company merely exploring Korea into one actively operating within it. Before the program, we had no presence.
Now, we have:
- Two signed Korean IT service partners with established client bases.
- A localized portfolio focused on private pentests and PTaaS as entry services.
- A complete Korean-language toolkit—sales decks, technical briefs, and proposal templates—for partner use.
- A live pipeline including:
• one-off pentest proposals,
• an end-to-end managed-security package under review, and
• a pilot pentest for a Korean e-commerce ticketing platform.
Internally, we appointed our COO as dedicated Korea lead and aligned our product team to local requirements—adjusting workflows, reporting, and interfaces.
It’s still early for major revenue numbers, but the shift from zero market presence to active partners, localized materials, and live enterprise engagements marks measurable, strategic progress—driven directly by KSGC.
Building Asia’s Continuous Security Layer
Q5. Looking ahead, what is the most important vision or long-term goal your company aims to achieve, and what steps are you taking to move toward it?
Our long-term vision is to become Asia’s default AI-assisted, expert-validated security layer—a system that continuously monitors what companies build, finds real vulnerabilities in real time, and helps them fix issues fast, unconstrained by local talent shortages.
To get there, we are pursuing three key directions:
- Deepen our hybrid Pentest-as-a-Service platform.
We continue refining our AI scanner and Command Center to automate routine testing, allowing human experts to focus on complex, high-impact threats. - Grow and specialize our WhiteHub community.
With over 4,000 active researchers, our WhiteHub community is expanding through structured university programs that will train and integrate Korean security researchers. - Scale through trusted local partners.
We’re standardizing joint offerings and co-selling frameworks with Korean IT service providers, ensuring collaboration—not competition—with existing channels.
Once executed well, these steps will make CyStack the region’s first affordable, always-on “security immune system”—one that evolves as fast as the technology it protects.
Through the K-Startup Grand Challenge 2025, CyStack demonstrates how Vietnam’s cybersecurity innovation can meet Korea’s enterprise precision—proving that scalable, continuous protection is not just possible but essential in the AI-driven era of software development.
“KSGC taught us a critical lesson: sustainable growth in Korea means growing with local partners, not around them. The program helped us go from zero presence to signed partnerships, localized assets, and an active enterprise pipeline.”
About This Series
This article is part of the “K-Startup Grand Challenge 2025 Interview Series,” featuring 40 global startups from Phase 2 of Korea’s leading accelerator program. The series highlights how international founders are scaling innovation through Korea’s startup ecosystem.
Read more stories from the K-Startup Grand Challenge 2025 Interview Series on KoreaTechDesk.
– Stay Ahead in Korea’s Startup Scene –
Get real-time insights, funding updates, and policy shifts shaping Korea’s innovation ecosystem.
➡️ Follow KoreaTechDesk on LinkedIn, X (Twitter), Threads, Bluesky, Telegram, Facebook, and WhatsApp Channel.
