Our mission is to help companies establish a modern, mature security program to be effective with companies operational objectives, with a step by step approach.
Defense in Depth a Layer Approach to your mission critical assets
Our Leadership Team
David King
| Virtual DPO
Security Business Consulting:
David King is head of the Firm’s Privacy & Compliance practice and advises on all aspects of privacy and data protection law and regulation.
Privacy Compliance:
- CCPA Compliance
- CPRA Compliance
Privacy Background:
He has more than 10 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management. Prior to joining, David worked at two Unicorn startups, served as a senior consultant for a leading global consulting firm, and led complex projects with the Department of Defense. As a Certified Information Privacy Professional (CIPP/US) and licensed attorney, David assists clients with complying with the matrix of laws governing privacy, security, and management of data. This includes advising on compliance questions involving the California Consumer Privacy Act (CCPA/CPRA), the Health Insurance Portability and Accounting Act (HIPAA), the EU’s General Data Protection Regulation (GDPR) and other emerging privacy laws With his extensive knowledge of US and Global privacy laws, he can help clients navigate the complex landscape of privacy regulations to ensure their business operations are not only compliant but also privacy-centric. Under his leadership, we assist clients in drafting and implementing privacy policies, developing data protection
Eric Holtzclaw
| Virtual CISO
Security Business Consulting:
- Virtual CICO at http://www.consultoursource.com/about/
- Virtual CISO at https://www.lightspeedsys.com/company/about/
Security Product Consulting:
- Security Advisor at Wazuh http://www.wazuh.com/professional-services/
- Security Advisor at Armis http://www.armistech.com
Technical Background:
Primary role audits passed two PCI’s (level 1 PCI) two SAE 16 (SOC1 reports) and was lead on ISO2007.2013.
Security Architecture design, Service Design with SaaS and Customers security management, Developed Security Awareness programs for OSWASP Coding and PCI DSS.
Developed all Security Policies and Procedures for all security process with Audits and Operations Teams.
ELK champion and Integration for Applications and Security for a custom SIEM. System Integration Multi-site.
Multi-site firewall/IDS designs, Imperva Firewalls, F5, RSA 2FA and Radius, Cisco SourceFire IDS, Cisco ASA, Cisco UCS,End Point Security and IdM integrations, Centrify for OS X, AD in Azure, Sophos AV and Web root.Threat and Vulnerability tools, Nessus, Open-SCEP, BurpSuite, Harding Images with Linux and Windows.
Penetration Testing Red Team exercises and HSM Encryption Administration.
Larry Suto
| Penetration Tester
20 years experience in the IT industry ranging from networking, systems administration and software development. For the better part of 15 years he has focused his skills in production information technology and offensive security. He has done security architecture design, penetration testing, vulnerability analysis, code review, and security event management/analytics. He is comfortable working with Linux or Windows security. Larry has produced industry recognized research on web application security test tools as well as web application firewalls. He has done work for dozens of corporations and businesses both large and small.
Currently he has a CISSP and is in pursuit of OCSP certification.
Security Business Consulting:
- Cisco Systems in security engineering
- Verizon Business Consulting
- California Community college system
- Kaiser Permanente code review of .Net and Java enterprise applications.
- Wells Fargo Bank network and application security engineering.
- UC Irvine Health application and security testing and architecture
Technical Background:
Security code review of banking applications – expertise with Java, .Net, PHP and Javascript.
Penetration testing and web application security review and reporting with SMB and corporate environments.
Integration of Bro IDS, Azure Sentinel, ELK, and Splunk Integration for Applications and Security for a custom SIEM. System Integration Multi-site.