Services

Architecture as a Service, or vArchitect

• Simple approach - what is the problem we are trying to solve? And how are we going to solve it? Designs should never be full of theory. If the justifications for design decisions are important, they can be included in an appendix.
• SABSA based design without the endless theory of SABSA.
• Security capabilities covered: Threat and Vulnerability Management, SIEM, Trust (firewalls, trust boundary controls), Business Resilience Management (BRM), Identity Management, and Cryptography and Key Management (CKM).

Security Services for Small/Medium Businesses (SMBs)

• Simple, low foot-print, and cheap.
• To help SMBs requires strong foundational (IT experience + attack mindset) skills in infosec, a gift which very few in this sector possess. Large organisations can spend more than SMBs, and also can afford to not see any benefit from their investment in infosec. Poor security advice can co-exist with business almost seamlessly. SMBs however - it's a different story.
• Max of one permanent security resource is required - not a team of Big 3 consultants.
• A typical engagement - half day workshop to understand the environment and challenges. If is deemed useful to proceed, then a short (a few days) architecture engagement at market rates, and then there may be some engineering days, also at market rates.
• Six security capabilities are assessed, depending on the network size: Vulnerability Management, Logging, Crypto and Key Management, Business Resilience, Trust, and Identity Management.
• It is likely an economy of scales model could be proposed based on usage of a trustworthy and highly skilled Managed Service Provider.

Cloud Migration - Engineering and Architecture

• Architecture - see above.
• Engineering - TVM, SIEM, IDAM.
• Platforms: AWS, Google Cloud Platform, Azure.
• Integration of security capabilities with existing devops processes and technologies.

SIEM

• Splunk, Alienvault, open source architectures with Rsyslog.
• Splunk "clean-up" - assistance with excessive logging scenarios.
• We only work with clients who are interested in development of use cases for the purpose of alerting - i.e. seeing some benefit for their investment.
• Strategic and tactical Development of Security Operations functions, and incident response.

Threat and Vulnerability Management

• Infrastructure Penetration Testing.
• Application Security - "blind" OWASP testing.
• Designing capabilities for TVM - people, process, and technology - how does the organisation respond to an identified vulnerability?

Software Development

• Splunk apps.
• Python, Django, BASH, Ruby.
• Types of engagement:
• Bridging gaps between product functionality and required functionality.
• Development of scripts for automation.
• Debugging existing automation.