About us


Who is Radical Security?


We believe in aggressive and real-world approaches to security assessments. Radical Security has grown its unique technology offerings and consulting services based on evolving cyber-threats and our own security research.

Our advisory services are based on our understanding of the threat landscape to your organization. While there are common threats faced by many organizations, we believe that each organization has unique challenges and adversarial threats which require a pragmatic approach when designing and managing a security program

Industry Leading Team


A concentration on purely offensive techniques and technologies distinguishes Radical Security from other security consultancies who attempt to address both offensive and defensive security postures in their services. Radical Security employees are motivated by a desire to develop and understand new penetration technologies including exploits, implants, and evasion techniques. Our partners have an average of 25 years of technology and security experience ranging from technology startups to Fortune 500 companies.

Meet Our Partners

Paul Poh, CISSP, CISM, CRISC is Managing Partner at Radical Security. Paul has over 25 years of technology and information security experience.

Prior to Radical Security, Paul was Chief Technology Officer for a leading security ratings platform where he led multiple technology teams in building and scaling a platform that could instantaneously rate the cybersecurity posture of any company world-wide.

With a background in both large Fortune 500 organizations and small successful startups, Paul was also head of information security and software architecture at the largest separately managed account processor in North America where he was responsible for the protection of over a trillion dollars in assets. He joined the account processor with the acquisition of a small highly successful provider of advanced wealth management trading tools where he designed the company’s software as a service offering.

An early innovator, Paul was co-founder for a managed security services provider. He fondly recalls those years where he designed a proprietary client-server solution for remote management of an intrusion detection appliance while simultaneously implementing the 24×7 operations plan.

As a regular contributor to the third-party community, Paul is a recognized leader in the educational development of third-party risk assessors. He also provides advisory CISO services for several public and private companies.

Marcello Duarte, OSCP, CEH is Managing Partner and leads offensive security research at Radical Security. He oversees all penetration testing activities for our clients and has developed the tactics, techniques, and procedures used in Radical Security offensive operations. Marcello also leads custom exploit development for Radical Security.

Marcello has 17 years of technology and information security experience. He started his career as a security engineer for a managed service provider where he evaluated and reviewed the security posture of clients, including compliance to PCI standards.

As a seasoned software engineer, Marcello has developed cutting-edge security solutions including leading the engineering and development of a popular public cyber threat intelligence analysis service. Marcello has also built large scale dark-web marketplace aggregation solutions. As Director of Security Research for a leading security ratings platform, he developed innovative new methods to discover security issues using non-intrusive techniques for any company world-wide.

Most recently, Marcello led penetration testing and red-team efforts for a leading online ordering platform which powers over 200 restaurant brands.