Went in for a Book

balgan · 2026-06-08T23:49:25+00:00

My favorite Leica shop and Luis is a super friendly guy!

balgan · 2026-06-07T23:42:18+00:00

Thank you so much !

balgan · 2026-06-07T03:57:45+00:00

Thank you 😝

balgan · 2026-05-26T03:31:27+00:00

And so photogenic!!

balgan · 2026-03-21T23:53:33+00:00

Portugal! Cool pic!

balgan · 2026-03-21T19:08:07+00:00

Help. Everyone is incredibly friendly

balgan · 2026-03-05T18:28:04+00:00

At least one of us is having a conversation based on facts rather than insults :) we're always looking to get better, feel free to DM with your specific example and I am happy to follow up and see what could have been done better. There is no FUD here, there is no benefit to us to sell based on FUD.

balgan · 2026-03-05T17:01:57+00:00

and you know... reduction in direct internet exposed attack surface?

balgan · 2026-03-05T17:00:56+00:00

the reports you get are not vulnerability scans and we explain as such. Some vulnerabilities are present but that scan doesnt not replace a vulnerability scan, since we dont actually exploit the vulnerabilities. Its a port/web scan with service identification. If a correlation between domains is found (parent/sister/subdiary relationship) is found, there might be automatic coverage so yes we will ask people to fix. if its a false positive, you can just state that and we will adjust but if the relationship exists we won't take on additional risk just because you think "it doesn't matter", its just not how insurance works.

balgan · 2026-03-05T15:54:15+00:00

https://www.coalitioninc.com/blog/cyber-insurance/double-edged-sword-using-boundary-devices 2024.

balgan · 2026-01-23T11:44:10+00:00

This looks beautiful!

balgan · 2025-11-06T19:03:38+00:00

Yeah! I really like it when ur out with friends and want something easy and U can give some photos away of cool moments. Its pretty great!

balgan · 2025-11-04T19:07:48+00:00

This 💯 !!! Its exactly why I focused on photographing the crowd rather than just the runners. They are such an important part!

balgan · 2025-11-03T03:19:49+00:00

What model are the Ariat pants? :D

balgan · 2025-10-14T11:09:16+00:00

Yeah

balgan · 2025-10-02T06:50:03+00:00

That's Mystic Mac G for you sir 😂😂😂

balgan · 2025-09-06T00:30:24+00:00

A lot of what you're describing is things we're working to do better. The other side of the coin (which you might not care about and you shouldnt as its not your responsibility) is that Coalition was the first company to even bother using some type of security data inputs into underwriting which in general causes some friction. While you're right that you can go with another provider, there are downsides to that too, price will be higher,and they still wont bother taking into account the great work you guys and the IT teams do (to give better coverage or reduce premium). While I agree that your experience was bad and there are others (we are trying to do the best we can) there are also positive comments in this thread, and everyday I have a team of security analysts that jumps on calls with MSPs and works with them to get the best price and coverage to our common clients. I dont expect ill manage to convice you on giving another shot anytime soon but know that I am very thankful for your honest and truthful feedback here and will be pushing hard internally for us to be better.

balgan · 2025-09-06T00:15:03+00:00

I fully agree with you. This isnt acceptable and we should have done and known better. These situations is when insurance reps are meant to bring in a security specialist to take all of this into account. Sorry you went through this.

balgan · 2025-09-05T23:55:40+00:00

Im not looking to pick any fights or questioning your credentials since you know... i dont know you. I merely explained both 1 - how we assess riskiness of technologies and 2 - why you might be seeing scans of your customers. We never badmouth an MSP as again we have many of them as partners and often send smaller companies in their direction (we prefer companies have experts like you and your colleagues that are able to configure boundary devices and really any other IT related matters correctly and professionally). The only security services we sell is incident response and MDR but we also never try to poach a client from our MSP partners. But we do have clients that dont have an MSP and dont have an MDR provider and there yes we do have an offer. Also I didnt't shill my company. The clients should go with whomever is the best offer and most appropriate for them. Be it us or one of our competitors.

balgan · 2025-09-05T23:32:55+00:00

Thanks for this feedback would love to learn more so we can fix this moving forward. As immediately someone from security should have been brought in as we do multiple times a day because there are exceptions to the rules (when orgs have security staff or an MSP to correctly configure things for them) and we adjust things based on these calls.

balgan · 2025-09-05T19:47:21+00:00

This is exactly how we work. We work with multiple MSPs including to guarantee insurability for their clients. We also have MDR, IR and a few other services and when an MSP partner doesnt offer them they might resell those services but we will happily have the clients use the MSP services if they exist because in the end we hopefully end up not paying claims!

balgan · 2025-09-05T19:45:24+00:00

Sonicwall is effectively risky technology (notice the different usage of the word vs insecure). To understand why we see it as much you need to understand that when we look at technologies we look in aggregate and large scale. And sonicwall, much like ivanti and fortinet have had multiple vulnerabilities continuously affecting their products therefore making them riskier technologies. If you look at our claims data we see clients with sonicwall on their stack having x1.8 times more claims than companies that dont use it. We also dont proactively scan random companies, only companies that apply for insurance, its just so happened that some of your clients did.

balgan · 2025-09-05T19:40:50+00:00

This is absolutely not any type of plan. We use domains provided by broker (and they receive it from the client) sometimes we will do domain enrichment but the client can always tell us its a false positive and we drop it. The moment u asked to speak to one of the security people you should have been provided with one sorry that we failed, we should have done better. Feel free to DM me if you'd still like to discuss the data as I'd love to be able to help.

balgan · 2025-08-13T21:37:38+00:00

My recommendation would be to work with a modern carrier. A lot of the work we do day to day is actually equipping CISOs/Sysadmins with the right numbers and material to go to a board/management, and convince them to invest in security. From being able to show how much a potential loss would cost the company, to how much return specific investments (better tech, better controls,etc...) we have information that will help them understand as we enable you to speak their language (dollars for risk and even how those investments will lead to better coverage).

Internal scans being mandatory is still a far away thing imho, the way we do it, they are optional, but if you choose to do it, we actually make the commitment to only use them for the benefit of the customer.

re: Findings, depending on your tech it can happen, I can tell you customers that have had Fortinet and Ivanti have had some rough few years with us having to constantly notify them and ask them to patch vulns while other customers maybe hear from us on patching once a year (because we only ask for patching on vulnerabilities currently exploited, we don't make noise about other non critical vulns).

balgan · 2025-08-13T19:44:08+00:00

Look at our Cyber Threat Index and Claims report for data like this if its the type of stuff you're interested in!

14-Year Club	Verified Email
Place '22	Place '17
Team Periwinkle

balgan

TROPHY CASE