Security Consulting

Security is a complex and dynamic problem. Far from the good ole days of benevolent students of computing seeking to better understand how computers and networks operate, today’s attackers are frequently full time bad guys, making a living breaking into and utilizing data from commercial systems.

The current state of the “security consulting industry” is similar to the state of the Internet business when it started to take off in 1994. This means that many lack the depth of experience or even the sophistication to effectively serve their clients.

My commitment to remaining skilled as a “hands on” technologist has placed me on the front lines of network and application security threats. Some of my clients are medical data companies, eCommerce companies, security related organizations, and accounting systems. These clients are regularly attacked by serious and geographically diverse threats. One of my clients has been attacked by hundreds of machines, located all over the world, simultaneously. These attacks are not general scans or simple “bots” but carefully orchestrated attacks by very intelligent teams of individuals. This “front line” experience and exposure has permitted me to reach a depth of experience that most have yet to encounter. Since my primary asset is my experience, I bring more to the table, build better solutions, and offer better designs for secure computing and applications environments.

I have developed tools, research and monitoring capabilities, and industry relationships that enable my ability to effectively;

Assess and Manage Risk

  • Perform an enterprise risk assessment
  • Analyze and test software application security
  • Analyze and test website security and attack vulnerabilities
  • Analyze and test email server vulnerabilities
  • Perform database security assessments
  • Perform external vulnerability assessments
  • Perform internal vulnerability assessments
  • Assist with business continuity planning and BCP analysis
  • Perform disaster recovery planning / simulations / testing
  • Develop encryption systems or test existing systems
  • Analyze HIPPA practice / compliance / and train with best methods
  • Perform a security health check / review
  • Perform a wireless security assessment
  • Execute a secure facility penetration / physical site security assessment

Respond to immediate threats

  • Perform Critical Incident Response Team functions like Team Development/ Training / Contacted Services
  • Execute computer forensics

Prevent future problems

  • Assess vulnerability to social engineering techniques and train staff on methods to defeat social engineering techniques
  • Train your staff with secure computing practices
  • Scan and monitor your public websites for errors, omissions, and anomalies from multiple geographical locations
  • Empower your organization with a dynamic and proactive security layer for your networks and applications

 

Leave a Reply