Vulnerability Testing

Identify risks with manual and automated testing using industry best practices

• Penetration Testing

• Network-layer Vulnerability Assessments and Scanning – Internal & External

• Cloud Infrastructure Vulnerability Tests: Azure, AWS

• Iterative Vulnerability Testing

• Real-time Change and Vulnerability Detection

• Wireless Vulnerability Testing

• Infiltration and Exfiltration Testing

• Dynamic Application Scanning Testing (DAST)

• Application Vulnerability Testing: Web, iOS, Android

• Application Security Pipeline Creation, Execution, and Management

• Social Engineering: Phishing / Vishing / SMSing

• Integrated DevSecOps Testing

Cloud Services

Elevate your cloud capabilities with comprehensive security, migration, and operational support.

• Cloud Security Posture Review

• Cloud Security Posture Automated Scans

• Cloud Security Architecture Review

• Cloud to Cloud Migration

• On-Prem to Cloud Migration

• Cloud Strategy and Recommendations

• Ad-hoc Cloud Operational Support and Expertise

• Cloud Productivity Suite (e.g. Microsoft365, Google Workspaces) Security Review

• Cloud Productivity Suite Compliance Assessment

• Infrastructure-as-code/DevOps best practices (Terraform, Pulumi, Cloud Formation)

• Single Sign On Authentication and Authorization Design

• Cloud Design Education and Guidance

IT Operations

Get help running your IT and security program and get the information you need

• Fractional IT Director

• Deep & Dark Web Reconnaissance & Monitoring

• Disaster Recovery & Business Continuity Preparedness Audit

• Key Distribution, Stewardship and Support

• IT Budgeting & Strategy

• IT Spend Monitoring & Spend Analysis

• Ticketing & Documentation

• Inventory Management

• Internet Domain Curation

• Domain Name Service Management

• Email Management

• Personnel Onboarding/Role Changes/Offboarding

• Monitoring & Alerting

• Engineering/Design

• Product Infrastructure Engineering

• Information Security Integration

• Vulnerability Management

• Firewall Rule Reviews

Governance & Mitigation

Understand how to manage risk and run your security program based on a framework

• Virtual CISO, Director of Information Security, InfoSec Advisership

• Fractional Privacy Officer

• Policy Review, Improvement, Creation

• Policy Set Management and Curation

• Ad-hoc Security Consulting and Concierge Support

• SOC2 Readiness

• Validated Compliance Self-Assessments: NIST 800-171, NIST CSF, ISO, PCI, HITRUST, HIPAA, Customized, and others

• Operational Security Risk Assessments

• Evidence Collection and Validation

• Third Party Vendor Risk Management

• Gap Remediation Management

• Project Management – cybersecurity and general IT initiatives

• Active Directory Audits

• Encryption Best Practices