nerdet.is

What It Is

nerdet.is is a personal/independent cybersecurity and software testing consultancy based in Iceland. Its operator, Gyða, has worked in software testing since 2007 and previously led testing efforts at major Icelandic financial institutions Landsbankinn and Íslandsbanki, covering online banking systems, mobile apps, and multi-platform products. The site indicates a current focus on cybersecurity and penetration testing, while also offering testing, training, and self-developed applications.

Core Capabilities and Protection Types

Based on the site text, nerdet.is is not a traditional security product or managed protection platform, but rather a human-led testing and security assessment service. Its testing scope includes web applications, mobile apps, APIs, accessibility, user experience, and security testing. It emphasizes “finding vulnerabilities before they bite” and provides clear reports with actionable remediation advice. On the security side, it covers lightweight penetration testing, security assessments, and vulnerability research, and mentions collaboration with the Defend Iceland bug bounty program as well as ongoing practice on Hack The Box, PortSwigger, and Try Hack Me.

Deployment, Management, and Integration

The website does not disclose any SaaS, agent-based, on-premises appliance, or cloud platform deployment model, so it should be understood more as project-based consulting delivery. For management and alerting, the only confirmed outputs are clear reports and practical fixes; there is no visible mention of continuous monitoring, real-time alerts, a vulnerability management portal, ticket workflows, or CI/CD integration. Integration capabilities are limited to its ability to test web, mobile, and API environments, with no stated linkage to tools such as SIEM platforms, vulnerability management systems, Jira, or GitHub Actions.

Pricing and Compliance

Pricing information is not provided. The site only offers contact points such as “get in touch” and “book a session,” so pricing is likely discussed per project or training scenario, though this is not explicitly stated. Compliance certifications, industry qualifications, data processing agreements, report templates, SLAs, and similar details are also not disclosed. For heavily regulated customers such as financial institutions, government, or enterprise buyers, it would be necessary to confirm certifications, NDAs, testing authorization procedures, and delivery boundaries before procurement.

Pros, Cons, and Best Fit

Its strengths lie in a solid testing background, coverage across functionality, user experience, accessibility, and security, plus practical experience with banking systems and bug bounty work. It is well suited to small and midsize teams, independent products, pre-launch testing for apps/APIs, and teams looking for approachable security training or upskilling for testers moving into security. The limitations are the lack of information on service scale, delivery methodology, pricing, certifications, and enterprise-grade support, making it unsuitable as a replacement for 24/7 monitoring, dedicated protection appliances, or large-scale compliance-focused managed services.

Access from China, Payment, and Alternatives

Access status from mainland China cannot be determined from the site text and should be marked as unknown. Payment methods are also not disclosed, and cross-border cooperation may require confirmation of language, time zone, contract, and payment arrangements. If localized delivery, MLPS compliance, or Chinese-language reports are required, Chinese security service providers such as DBAPPSecurity, NSFOCUS, Venustech, or QiAnXin may be worth considering. For international bug bounty or independent penetration testing needs, it can be compared with the HackerOne and Bugcrowd ecosystems or other specialized testing consultants.