I'm interested in the "lets make security better" part
One thing that instantly makes me red-hot mad is when a prospective customer comes to me and says "Well, the last company who performed an assessment generated 1,000 pages of output, plopped it my desk and basically said 'Your security stinks. Good bye, and good luck!'"
That in and of itself is maddening enough, but what really burns is that now this company will essentially pay a second time to create a remediation plan for their security gaps - when that should have been done right the first time!
Lets make your security better together
When you partner with me on a project, the work and deliverables will be heavily focused on remediation. Please notice I said partner. My job isn't to parachute in, point out all your security issues and run away. I want to work with you to make a plan for what the next 30, 60, 90 days - and beyond - look like for your security program. And I also want you to feel like you are empowered to accomplish your security goals.
Where do we start?
As far as methodologies and frameworks, there are many excellent ones to choose from (see the Wikipedia article on frameworks). Personally, I absolutely love the CIS Controls as they are "a prioritized set of actions that protect your critical systems and data from the most pervasive cyber attacks."
First five Critical Security Controls
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software
- Continuous Vulnerability Assessment and Remediation
- Controlled Use of Administrative Privileges
These five controls alone provide critical first steps into securing your organizations data, systems and reputation.
But the most important thing is to pick a methodology and start following it as you build out your security program.
I'd love the opportunity to discuss this with you further. Contact me and lets chat.