Contact



    Regulatory Compliances

    We facilitate audits, develop policies, and procedures to ensure full compliance.
    We start with a baseline and a pre-assessment to gather information for a gap analysis. 
    We develop key performance indicator (KPI) to ensure progress and get traction for compliance.

    • PCI DSS

    • ISO 27001

    • SSAE 16 SOC I and II Reporting

      • SOC 1 Type 1: A design of controls report used for evaluating and reporting on the design of controls put into operation as of a specific point in time.
      • SOC 1 Type 2: Includes the design and testing of controls to report on the operational effectiveness of controls over a defined period of time (typically six months).
      • SOC 3: A general use report that falls under the SysTrust and WebTrust seal programs, and does not contain a description of the service auditor’s test work and results.

    Security DevSecOps

    In many organizations today, the DevOps team and the InfoSec team work more closely and innovatively as peers. This is both an advantage and evolution over the traditional requestor/approver relationship between the two groups, allowing security professionals to bring a bigger presence. This new collaborative team has identified itself as DevSecOps, and is the alliance through which operations, engineering, and security are brought together in harmonious productivity.

    DevSecOps allows forward-thinking organizations to align traditionally contradictory teams with disparate goals together. The resulting synergies accelerate security intelligence to keep pace with continuously changing security landscapes. Problems are detected sooner, resolutions are implemented faster, and resources are protected more effectively.

    We provide Host-Based Intrusion Detection Integrations with the features below:

    Black Cat’s Principles

    Confidentiality
    • Ensures that data or an information system is accessed by only an authorized person. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved
    Integrity
    • Integrity assures that the data or information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest. Data encryption and hashing algorithms are key processes in providing integrity.
    Availability
    • Data and information systems are available when required. Hardware maintenance, software patching/upgrading and network optimization ensures availability.

    Risk Management

    A Virtual CISO is flexibly designed to help meet the security requirements within your organization, and does so without the prohibitive costs of a salaried CISO. This is a strategically good approach for small/medium size businesses that simply don’t demand the extensive types of security operations of large enterprises.

    Policy

    A Virtual CISO helps to ensure your organization maintains a thorough and well-defined portfolio of security policies and Disaster Recovery plans, as well as updates those policies as your technology & strategic plans evolve and change.

    Guidelines

    A Virtual CISO can help your organization in developing a wide range of guidelines related to data security, use of information systems, and governance of access controls and rules regarding who, what, and when.

    Standards and Compliance

    As regulatory agencies continuously address new developments in the cybersecurity arena, the regulations for information security can change significantly in a short period of time. A Virtual CISO helps ensure your organization stays current and compliant with the latest requirements.

    Reporting

    Your organization is expected to report regularly on its practices for the management and mitigation of key information security concerns like GLBA or Vendor Management, as part and parcel of compliance efforts. With a Virtual CISO, your organization can work to guarantee that your reporting efforts are always thorough, compliant and reliable.

    Threat Intelligence

    Signature based intrusion detection is one of the most commonly used methodologies of threat intelligence, but it is not effective on all types of threats, weaknesses, and vulnerabilities.

    Accidental data leakage

    This is also called a Data Breach, when sensitive data is transmitted or viewed by an unauthorized individual.

    Malware

    Trojans, ransomware, office-gated malware, worms, viruses, etc.

    Identity Theft

    Falsely using someone else's private information for personal gain.

    Malicious access of data

    An employee's device ( personal devices) has been misplaced or stolen, exposing private data.

    Insider Threat

    Stealing sensitive corporate data for business advantage or personal gain.

    Weak passwords

    Single points of verification like passwords can easily be bypassed by savvy hackers.

    Social engineering

    Hackers manipulate employees into installing malware on their own systems.

    Loss/corruption of data

    The integrity of your data has been compromised somewhere in the writing, reading, storage, transmission, or processing cycle.

    Misconfigured systems

    A web server, app, or plug-in has been misconfigured in a way that inadvertently leaks info or allows hackers an entry point into your business's software or OS.

    Outdated operating system

    Operating systems advance annually to adapt to new security needs.

    Lack of encryption

    Not encrypting your data is the equivalent of leaving your wallet in an unlocked car with the windows down.

    Equipment failures

    Hackers locate a flaw, glitch, or weakness in your business's software or OS and create exploits to target those vulnerabilities.

    Unpatched vulnerabilities

    Vulnerabilities arise with every software addition to your environment.

    Untrained employees

    No security feature can account for human error.

    Security Assessment

    A proper assessment of an organization’s security posture must be performed at the network level and at the OS and application level. Below are some sample questions that are asked and evaluated with a risk profile based from ALE (annual loss expectancy), or consequences as it relates to a (EF) exposure factor with Risk/Breach.  

    A countermeasure is a security control that is strategically designed to eliminate a vulnerability or at least reduce the likelihood of a vulnerability being exploited. The value of implementing countermeasures is the mitigation of potential risks. The costs of countermeasures involve more than just monetary allocations. There are several areas that need to be assessed and evaluated regarding countermeasure implementations, such as:

    We start with assessment for device management and inventory system based on:

    Configuration Management Database (CMDB)

    A Configuration Management Database (CMDB) is a repository that acts as a data warehouse for Information Technology (IT) installations. It holds data mapped to a collection of IT assets commonly referred to as Configuration Items (CI), as well as to descriptive relationships between the assets.

    CIS Critical Security Controls (CIS Controls)

    The CIS Critical Security Controls (CIS Controls) are a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyber attacks. The CIS Controls are developed, refined, and validated by a community of leading experts from around the world. Organizations that apply just the first five CIS Controls can reduce their risk of cyberattack by around 85 percent. Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.

    The CIS Controls embrace the Pareto 80/20 Principle, the idea that taking just a small portion of all the security actions you could possibly take, yields a very large percentage of the benefit of taking all those possible actions:

    Security Assessment

    Column content
    A proper assessment of an organization’s security posture must be performed at the network level and at the OS and application level. Below are some sample questions that are asked and evaluated with a risk profile based from ALE (annual loss expectancy), or consequences as it relates to a (EF) exposure factor with Risk/Breach.


    A countermeasure is a security control that is strategically designed to eliminate a vulnerability or at least reduce the likelihood of a vulnerability being exploited. The value of implementing countermeasures is the mitigation of potential risks. The costs of countermeasures involve more than just monetary allocations. There are several areas that need to be assessed and evaluated regarding countermeasure implementations, such as:

    • Network Level Security

    • Cloud-based

    • Hosted-Based and OS

    • Application layer

    A Configuration Management Database (CMDB) is a repository that acts as a data warehouse for Information Technology (IT) installations. It holds data mapped to a collection of IT assets commonly referred to as Configuration Items (CI), as well as to descriptive relationships between the assets.

    * Can you create some diagram to visualize this process? Even hand drawing will work. I can make the graph in PowerPoint or something.


    Mission & Our Team

    Our mission is to help companies establish a modern, mature security program to be effective with companies operational objectives, with a step by step approach.

     

    Defense in Depth a Layer Approach to your mission critical assets

     

    Our Leadership Team

    Eric Holtzclaw

    | CISO

    Security Business Consulting:

    Security Product Consulting:

    Technical Background:

    Primary role audits passed two PCI’s (level 1 PCI) two SAE 16 (SOC1 reports) and was lead on ISO2007.2013.
    Security Architecture design, Service Design with SaaS and Customers security management, Developed Security Awareness programs for OSWASP Coding and PCI DSS.
    Developed all Security Policies and Procedures for all security process with Audits and Operations Teams.
    ELK champion and Integration for Applications and Security for a custom SIEM. System Integration Multi-site.
    Multi-site firewall/IDS designs, Imperva Firewalls, F5, RSA 2FA and Radius, Cisco SourceFire IDS, Cisco ASA, Cisco UCS,End Point Security and IdM integrations, Centrify for OS X, AD in Azure, Sophos AV and Web root.Threat and Vulnerability tools, Nessus, Open-SCEP, BurpSuite, Harding Images with Linux and Windows.
    Penetration Testing Red Team exercises and HSM Encryption Administration.

     

    Larry Suto

    | CTO

    20 years experience in the IT industry ranging from networking, systems administration and software development. For the better part of 15 years he has focused his skills in production information technology and offensive security. He has done security architecture design, penetration testing, vulnerability analysis, code review, and security event management/analytics.  He is comfortable working with Linux or Windows security. Larry has produced industry recognized research on web application security test tools as well as web application firewalls. He has done work for dozens of corporations and businesses both large and small.

    Currently he has a CISSP and is in pursuit of OCSP certification.

    Security Business Consulting:

    • Cisco Systems in security engineering
    • Verizon Business Consulting
    • California Community college system
    • Kaiser Permanente code review of .Net and Java enterprise applications.
    • Wells Fargo Bank network and application security engineering.
    • UC Irvine Health application and security testing and architecture

    Technical Background:

    Security code review of banking applications – expertise with Java, .Net, PHP and Javascript.
    Penetration testing and web application security review and reporting with SMB and corporate environments.
    Integration of Bro IDS with ELK and Splunk Integration for Applications and Security for a custom SIEM. System Integration Multi-site.