Services


Our services include Assessment and Management of Risk and Vulnerabilities (RMF), Policy and Security Control Implementation, Compliance Assessment and Implementation, Data Protection, Enterprise Security Implementation, Cloud Transition, Cybersecurity Awareness Training, and more.

Here are some samples of work we have done.
Contact us with any questions, comments or for quotes.

Small Business Security Management
Created a plan for a small business to safeguard and backup its data. The plan included current situation assessments and recommendations on the appropriate cost-effective measures of accessing, handling and backing up data. The plan also included implementation and monitoring plans. The plan was approved, and the recommendations implemented. Currently, we monitor for changes, issues that may arise, and growth.
Development of Cyber Threat Intelligence Program
A threat intelligence program was created so that a client’s company could understand the threats that had targeted, would target, or were currently targeting the organization and could defend itself against them. The information collected helped in the preparation of the program itself and provided essential context data to prioritize critical attacks and continuously update the business’ protection measures.
Creation of a Detailed Incident Analysis Guide
To supplement an incident response plan for a client, an incident analysis guide was created outlining a structured process for identifying what happened, how and why it happened, what can be done to reduce the risk of recurrence and make care safer, and what was learned. The incident analysis guide was made to work hand in hand with the incident response plan.

Assessment of Network Defense Policies
Performed an analysis and security recommendations on how a health insurance company can use cryptographic techniques to improve the security of the company’s network. An assessment of their current algorithms, message integrity techniques, symmetric and asymmetric encryption uses, key exchange techniques, Kerberos server, and key and certificate generation and management activities were conducted. The concluding report included threats identified, the presence or lack of controls, relevant laws/regulations/standards, risk vs. cost tradeoffs, etc. and any repercussions if the recommendations are not observed and implemented.
Transitioning Data to the Cloud
At client’s request recommended several commercial file hosting services for backup, accessibility and safe storage. After reviewing the client’s needs, functionality, ease of use, synchronicity, storage size, long/short term use plans, and price were considered in the selection. The client selected a commercial cloud service and after signing for an account the duplication of documents into the cloud was made. A backup schedule was created and implemented, and a staff person was designated at the client’s firm to oversee the backups, assist staff with questions and technical difficulties and manage any issues that could arise.
Planning and Development of an Online Research Platform
A worldwide network of 200+ business centers needed an online international business research platform where their members could interact and exchange business information. The platform needed to be secure and have secure user login and authentication features. The platform also required an area where members could showcase their products and services, post jobs, and interact with other members. The platform was successfully created and implemented.

Recommendation of Cryptographic Security Measures
Performed an analysis and security recommendations on how a health insurance company could use cryptographic techniques to improve the security of its network. The task included identifying the components within the company’s network where hash functions and message authentication codes (MACs) could be used to enforce integrity and other security policies. The concluding report included threats identified, the presence or lack of controls, relevant laws/regulations/standards, risk vs. cost tradeoffs, etc. and any repercussions if the recommendations were not observed and implemented.
Creation of a Forensics Readiness Policy
A Forensics Readiness Policy was created for a business for the appropriate collection and retention of evidence after being affected by a security incident. The policy was created to address the need for an organization to have planned procedures in place to preserve digital evidence and to instigate a forensic investigation. The Policy correlated with the business’ already existent Business Continuity Plan and Incident Response procedures.
Selection of Security Controls
Performed a report for a law firm with recommendations on how to manage their risk considering effectiveness, efficiency, and constraints due to applicable laws, directives, executive orders, policies, etc. The report also included a recommendation on what security controls to implement and a list of all the applicable laws, regulations and standards that the law firm had to observe, follow and comply with for accessing, handling and safeguarding data. The project included the identification of vulnerable areas in the firm’s physical, administrative and technical areas and processes and types of damages the law firm could suffer in case of an attack (when confidentiality, integrity and availability are compromised).
Implementation of a User Authentication Protocol
Prepared a plan to implement a user authentication protocol on a health insurance company’s network. The plan described the need for such server and its uses, particularly, to authenticate users/machines in a network so that the company administrators could have control over who can access it, when and where, and the type of access the user or the machine would have. The plan concluded with a recommendation to the executive team to adopt such protocol to manage user access to their networks.
Creation of a Cloud Based Database
Created and online searchable member database platform for a non-profit organization. The database was custom programmed with the use of an enterprise cloud database and embedded into the organization’s webpage. The development and implementation were successful, and the database achieved a range of 50-150 visitors per day.
Scanning of Network Traffic
The scans performed had the objective of giving the client a visualization of what type of information is transmitted every time there is communication between the client’s devices and an outside network (WAN). The activity also illustrated the process the information goes through to reach the other end securely.
Adversarial Threat Assessment
Performed a business adversarial threat assessment for a corporation in the international trade field. The objective was to identify any individuals, groups, organizations, or states that could seek to exploit the resources of the business in question. The assessment provided the company with a clear illustration of the threats that they face and enabled them to implement a proactive incident management program (Cyber Threat Intelligence Plan) that focused on the threat component of risk. Meetings, surveys, reports and confidential reports were created to address the possible threats and the modes of attack. The report created awareness at the managerial and executive levels and provided them a better perspective of who and what could be out to affect them.
Creation of an Incident Response Plan
Drafted an incident response plan for a client. The plan included steps on how to handle potential incidents in case they happen, how to identify a security incident, how to isolate an affected system to prevent further damage, finding and eliminating the root cause, how to get the affected systems back into the production environment, how to document an incident, and the recovery process.
Whitepaper of Threat Intelligence Capability
The creation of a whitepaper to describe post-mortem effects of two cyber-attacks in recent years was created for the client company to gain an understanding of what it would take to build, staff, resource, and operate a cyber threat intelligence capability to support their cyber operations. Case studies of two well-known international corporations were used for research. The objective was to illustrate how enterprises of any size can be greatly affected by a cyber-attack and create the understanding at the executive levels that cybersecurity is not an expense but a needed investment. Additionally, it was intended to help the leadership team better understand, discuss, and assess the company’s needs for a cyber threat intelligence capability.
Assessment of Risks, Security Controls and Policies
Performed a report for a law firm with recommendations on how to create a framework for managing their risk considering effectiveness, efficiency, and constraints due to applicable laws, directives, executive orders, policies, etc. The framework also included a list of all the applicable laws, regulations and standards that the law firm had to observe, follow and comply with for accessing, handling and safeguarding data. The project included the identification of vulnerable areas in the firm’s physical, administrative and technical areas and processes and types of damages the law firm could suffer in case of an attack (when confidentiality, integrity and/or availability were compromised).

Vulnerability Assessment Scan
Performed vulnerability scanning on systems to identify, rank, and report vulnerabilities that, if exploited, may result in an intentional or unintentional compromise of the systems. Reported on potential risks posed by known vulnerabilities, ranked in accordance with NVD/CVSS base scores associated with each vulnerability, and cross checked with CVE numbers associated with identified vulnerabilities to suggest remediation or security controls. In addition, associated risks were identified and to mitigate them security controls were selected according to the risks’ levels of impact.

Assessment of Network Defense Policies
Performed an analysis and security recommendations on how a health insurance company can use cryptographic techniques to improve the security of the company’s network. An assessment of their current algorithms, message integrity techniques, symmetric and asymmetric encryption uses, key exchange techniques, Kerberos server, and key and certificate generation and management activities were conducted. The concluding report included threats identified, the presence or lack of controls, relevant laws/regulations/standards, risk vs. cost tradeoffs, etc. and any repercussions if the recommendations are not observed and implemented.
Implementation of a User Authentication Protocol
Prepared a plan to implement a user authentication protocol on a health insurance company’s network. The plan described the need for such server and its uses, particularly, to authenticate users/machines in a network so that the company administrators could have control over who can access it, when and where, and the type of access the user or the machine would have. The plan concluded with a recommendation to the executive team to adopt such protocol to manage user access to their networks.
Selection of Security Controls
Performed a report for a law firm with recommendations on how to manage their risk considering effectiveness, efficiency, and constraints due to applicable laws, directives, executive orders, policies, etc. The report also included a recommendation on what security controls to implement and a list of all the applicable laws, regulations and standards that the law firm had to observe, follow and comply with for accessing, handling and safeguarding data. The project included the identification of vulnerable areas in the firm’s physical, administrative and technical areas and processes and types of damages the law firm could suffer in case of an attack (when confidentiality, integrity and availability are compromised).
Creation of an Incident Response Plan
Drafted an incident response plan for a client. The plan included steps on how to handle potential incidents in case they happen, how to identify a security incident, how to isolate an affected system to prevent further damage, finding and eliminating the root cause, how to get the affected systems back into the production environment, how to document an incident, and the recovery process.
Creation of a Detailed Incident Analysis Guide
To supplement an incident response plan for a client, an incident analysis guide was created outlining a structured process for identifying what happened, how and why it happened, what can be done to reduce the risk of recurrence and make care safer, and what was learned. The incident analysis guide was made to work hand in hand with the incident response plan.
Creation of a Forensics Readiness Policy
A Forensics Readiness Policy was created for a business for the appropriate collection and retention of evidence after being affected by a security incident. The policy was created to address the need for an organization to have planned procedures in place to preserve digital evidence and to instigate a forensic investigation. The Policy correlated with the business’ already existent Business Continuity Plan and Incident Response procedures.
Adversarial Threat Assessment
Performed a business adversarial threat assessment for a corporation in the international trade field. The objective was to identify any individuals, groups, organizations, or states that could seek to exploit the resources of the business in question. The assessment provided the company with a clear illustration of the threats that they face and enabled them to implement a proactive incident management program (Cyber Threat Intelligence Plan) that focused on the threat component of risk. Meetings, surveys, reports and confidential reports were created to address the possible threats and the modes of attack. The report created awareness at the managerial and executive levels and provided them a better perspective of who and what could be out to affect them.
Development of a Cyber Threat Intelligence Program
A threat intelligence program was created so that a client’s company could understand the threats that had targeted, would target, or were currently targeting the organization and could defend itself against them. The information collected helped in the preparation of the program itself and provided essential context data to prioritize critical attacks and continuously update the business’ protection measures.
Whitepaper on Threat Intelligence Capability
The creation of a whitepaper to describe post-mortem effects of two cyber-attacks in recent years was created for the client company to gain an understanding of what it would take to build, staff, resource, and operate a cyber threat intelligence capability to support their cyber operations. Case studies of two well-known international corporations were used for research. The objective was to illustrate how enterprises of any size can be greatly affected by a cyber-attack and create the understanding at the executive levels that cybersecurity is not an expense but a needed investment. Additionally, it was intended to help the leadership team better understand, discuss, and assess the company’s needs for a cyber threat intelligence capability.
Recommendation of Cryptographic Security Measures
Performed an analysis and security recommendations on how a health insurance company could use cryptographic techniques to improve the security of its network. The task included identifying the components within the company’s network where hash functions and message authentication codes (MACs) could be used to enforce integrity and other security policies. The concluding report included threats identified, the presence or lack of controls, relevant laws/regulations/standards, risk vs. cost tradeoffs, etc. and any repercussions if the recommendations were not observed and implemented.
Small Business Security Management
Created a plan for a small business to safeguard and backup its data. The plan included current situation assessments and recommendations on the appropriate cost-effective measures of accessing, handling and backing up data. The plan also included implementation and monitoring plans. The plan was approved, and the recommendations implemented. Currently, we monitor for changes, issues that may arise, and growth.
Vulnerability Assessment Scan
Performed vulnerability scanning on systems to identify, rank, and report vulnerabilities that, if exploited, may result in an intentional or unintentional compromise of the systems. Reported on potential risks posed by known vulnerabilities, ranked in accordance with NVD/CVSS base scores associated with each vulnerability, and cross checked with CVE numbers associated with identified vulnerabilities to suggest remediation or security controls. In addition, associated risks were identified and to mitigate them security controls were selected according to the risks’ levels of impact.
Assessment of Risks, Security Controls and Policies
Performed a report for a law firm with recommendations on how to create a framework for managing their risk considering effectiveness, efficiency, and constraints due to applicable laws, directives, executive orders, policies, etc. The framework also included a list of all the applicable laws, regulations and standards that the law firm had to observe, follow and comply with for accessing, handling and safeguarding data. The project included the identification of vulnerable areas in the firm’s physical, administrative and technical areas and processes and types of damages the law firm could suffer in case of an attack (when confidentiality, integrity and/or availability were compromised).
Transitioning Data to the Cloud
At client’s request recommended several commercial file hosting services for backup, accessibility and safe storage. After reviewing the client’s needs, functionality, ease of use, synchronicity, storage size, long/short term use plans, and price were considered in the selection. The client selected a commercial cloud service and after signing for an account the duplication of documents into the cloud was made. A backup schedule was created and implemented, and a staff person was designated at the client’s firm to oversee the backups, assist staff with questions and technical difficulties and manage any issues that could arise.
Creation of a Cloud Based Database
Created and online searchable member database platform for a non-profit organization. The database was custom programmed with the use of an enterprise cloud database and embedded into the organization’s webpage. The development and implementation were successful, and the database achieved a range of 50-150 visitors per day.
Planning and Development of an Online Research Platform
A worldwide network of 200+ business centers needed an online international business research platform where their members could interact and exchange business information. The platform needed to be secure and have secure user login and authentication features. The platform also required an area where members could showcase their products and services, post jobs, and interact with other members. The platform was successfully created and implemented.
Scanning of Network Traffic
The scans performed had the objective of giving the client a visualization of what type of information is transmitted every time there is communication between the client’s devices and an outside network (WAN). The activity also illustrated the process the information goes through to reach the other end securely.