How green space asset management software provider Orkastrate uses OnSecurity to upskill its team, streamline remediation, and build security into its development cycle year on year.
About Orkastrate
Orkastrate delivers green space asset management software to UK local authorities, serving mid-sized town councils and above. With a customer base of over 80 councils and a product history spanning 25 years, Orkastrate has spent the last several years under new ownership, transforming a legacy platform into a modern, security-conscious product.
Peter Hollis, Managing Director, has been at the helm since the 2019 acquisition and oversees the company’s approach to security alongside its ongoing product development.
The Challenge: Beyond the Checkbox
Like many software businesses serving the public sector, Orkastrate first arrived at penetration testing through external pressure. Councils occasionally ask for evidence of security testing as part of their procurement process.
But Peter was quick to distinguish between a tick-box exercise and a genuine security programme.
“Certifications like Cyber Essentials are a useful baseline, but we wanted to go further. When we decided to do a pen test, we wanted it to be a genuine learning exercise – not just evidence for a procurement checklist”
Orkastrate’s goal was to find a provider that would help them understand their vulnerabilities, act on them meaningfully, and not repeat the same mistakes year after year.
Why OnSecurity
Peter’s introduction to OnSecurity came through an aggregator search, but it was the speed of response that sealed the deal.
“Connor called me, it might have been a Friday evening, and his speed to lead blew away everyone else. I might not have spoken to anyone else after that. I just shut the other conversations down.”
Beyond the initial impression, the self-service platform was equally compelling. For a lean team with no dedicated security function, the ability to book, manage, and review a pentest without going through a lengthy enterprise sales cycle was a significant draw.
“The idea of not having to talk to someone, being able to use a platform, crack on, and be relatively self-contained, was a good starting point. It just seemed simple. And why wouldn’t you pick someone who makes it easy?”
The Solution: Annual Pentesting with Jira Integration
Orkastrate conducts annual penetration tests through OnSecurity’s platform, with findings fed directly into their existing Jira workflow via the platform’s native integration.
“The fact that tickets turn up on the other side, in Jira, it’s just little things like that. The remediation is generally good.”
Peter uses the Jira output as a baseline, then breaks findings down further for his development team to action, referencing the original tickets throughout the remediation process.
OnSecurity’s reporting has also shaped how Orkastrate approaches development more broadly. Rather than treating each annual test as a standalone event, the team actively works to close vulnerabilities before the next cycle begins and holds themselves accountable to not failing on the same finding twice.
“We don’t want to fail the same thing two years in a row. It should just be built into day-to-day development. We went: let’s really drill down, read the reports properly, and actually become more rigorous.”
The Impact
Over several years of annual testing, Orkastrate has built a consistent, efficient security rhythm.
Their most recent test returned one major finding and seven minor ones, and Peter set a clear goal: a clean 100% remediation before the retest.
“In previous years, we focused on closing the critical and major findings first. This time, we’re going for a completely clean sheet – full remediation across the board before the retest.”
Key outcomes include:
✅ Consistent annual penetration testing embedded into the development cycle
✅ Jira integration eliminates manual ticket creation from findings and saves hours of manual work
✅ Clear, actionable remediation guidance that improves year on year
✅ A security-literate team that treats testing as a shared responsibility
✅ Efficient self-service booking with no need for an enterprise sales cycle
Confidence in the Team
Part of what keeps Orkastrate returning is confidence in the quality and competency of OnSecurity’s consultants. Peter contrasted his experience with earlier, lower-quality security engagements.
“In the past, I’ve spoken to people and it felt like they were half a page ahead of you. I don’t get that impression with OnSecurity. This is their bread and butter, and they’re good at it.”
That trust, combined with the ease of the platform, means OnSecurity has never faced a competitive review from Orkastrate. They simply book, test, and repeat.
“I haven’t even asked whether we’re paying too much or whether we could go elsewhere. If we’re happy with something, why would you bother? That’s how good I think of it.”
Would Orkastrate Recommend OnSecurity?
“Yes. Ease of use is a good thing, but ultimately, if the end game is to have a more secure product, you want someone who can execute well. I think the execution is good, the testing is good, and I know the team know what they’re doing.”
Start your security partnership with OnSecurity today. Get an instant quote now!
