About Secutor

Secutor provides industry-leading cybersecurity consulting services, uniquely tailored to fit the needs of your specific business.

Who We Are

We’re an entrepreneurial enterprise born of a need in the marketplace: the need for affordable cybersecurity. We looked around the cybersecurity landscape and knew we could do better. We created an innovative business model that taps top-notch talent and protects your bottom line.

Today, Secutor is a team of over 50 Information Security and IT professionals with a wide variety of backgrounds. They’ve got a passion for identifying, containing and eradicating cybersecurity issues. And for serving you.

What We Do

We tackle cybersecurity challenges of virtually every size and any type. Our consultants have a wide range of specialties, including building enterprise-class vulnerability management programs, penetration testing for PCI compliance, network security architecture design, and managed SOC operation.

We also instill trust. As we see it, there is a firewall that actually needs to breached… the wall between you and your cybersecurity experts. We work hard to destroy that wall and keep it down, forever. In its place we form bonds based on transparency, value, and partnership.

Our Mission

Our mission is to deliver on-demand, affordable cybersecurity.
To put people first. To be your swift, expert and honest partners in cybersecurity.

Our Expertise

application-security

Application Security

Secutor’s consultants have in-depth experience across application development and application security. We understand the System Development Life Cycle (SDLC) and engineering processes that introduce vulnerabilities hackers exploit like SQL injection, XSS, and CSRF.

cybersecurity-icon

Cybersecurity

We understand a variety of information security disciplines including PCI, HIPAA, and GDPR compliance, risk management, network security and security architecture.

security-architecture-icon

Security Architecture

Our team understands what it takes to be compliant with regulations like PCI DSS, HIPAA, GLBA, and GDPR like the back of their hand. We can write or revise security policies and standards and enhance data protection programs.

vulnerability-management-icon

Threat & Vulnerability Management

Our experienced cybersecurity professionals are experts in Threat & Vulnerability Management including threat intelligence, vulnerability management programs, and vulnerability scanning.

HOW WE DELIVER

Our Team of
Expert Cybersecurity Consultants

Secutor has a team of over 90 Information Security and IT professionals working to provide the highest quality Threat & Vulnerability Management services possible for our customers. Secutor always puts people first, believing that when employees love working here, they’ll treat customers the same way.

  • Only expert-level consultants, with an average of 22 years of industry experience
  • Compliance expertise in COBIT, FFIEC, FISMA, HIPAA ISO 27001, NIST 800-37, PCI DSS, RMF and 800-53

Meet a few of our
Senior Team Members

Join Our Team

Our work takes great people, and we don’t take their time or talents lightly. We do everything we can to provide them an environment they thrive and excel in.

A FEW OF OUR

Valued Partners

Secutor only uses the most reliable and trustworthy partners to provide services for our clients.

WHY SECUTOR?

We Don't Sell Products. We Solve Problems.

top-cybersecurity-talent-icon

Top
Talent

Top Cybersecurity Talent

You work with only the best and most experienced cybersecurity consultants, averaging 22 years of industry experience.
people-first-icon

People
First

People First

We put you, our customer, first. Before profits. Before products. Above all else. We empower our consultants to do what’s right for you, with your success and bottom line in mind.
proven-methodologies-icon

Proven
Methodologies

Proven Methodologies

Our systems have been built on decades of industry experience, ensuring reliability and efficiency in all of our solutions.

Frequently Asked Questions

At the moment, we have over 50 expert consultants that we use to staff engagements.
Our consultants average over 22 years of experience in the industry. There is very little that we haven’t seen or dealt with in Information Security.
Since humans build the applications we use and the underlying infrastructures that run them, humans play a vital role in their protection. From network and application security tools and techniques applied by operators and developers to users being able to recognize scams and fraud. There are a wide range of “wet ware” issues that we in information security have to address.
Information Technology continues to get more complex as the way we use technology evolves. When we started our careers, mobile devices like tablets, cell phones, smart devices, and “Internet of Things” didn’t exist. Being social meant that you went out with friends or family – not hang out online on Facebook, LinkedIn, Reddit, Fiverr, or Nextdoor.

These devices have introduced many modern conveniences, but they’ve also made our jobs more challenging.
Now we must have some understanding of mobile device security, mobile device applications, Cloud security (many providers host their entire environments in the cloud).

The aforementioned social media applications have had the direct consequence of introducing new threat vectors and ways for cybercriminals to defraud the general public. Generally with phishing attacks.
We look at the controls in place and make recommendations to either add or enhance those controls. Specifically, we could be talking about server build “gold standards”, patch and configuration management, endpoint security, desktop security, security awareness training, or even application security. You can see that TVM can be complicated and confusing but we’ve been doing this a very, very long time. We can help!
SCAS is the Secutor Cybersecurity Assessment System. SCAS is a human-centric cybersecurity-driven service aimed at assessing, reviewing, and identifying client organizations TVM Program. We seek to analyze how threats and vulnerabilities are detected and ultimately mitigated.
SSVM is the Secutor Signature Vulnerability Management System. The Secutor Signature Vulnerability Management (SSVM) system is a comprehensive solution that serves as the solid foundation upon which all other Cybersecurity is built. Successful vulnerability management can automatically, accurately and consistently prioritize vulnerabilities based on multiple criteria, along with its integration into the organization’s daily work process.
TVM is Threat & Vulnerability Management. Specifically, it’s the process of analyzing an organization’s ability to identify, react, and mitigate threats and vulnerabilities. We help our customers by starting with a threat modeling exercise – we sit down and understand the business and how business and therefore technology decisions create weaknesses in the security architecture. We then determine what tools and techniques our clients use to address and mitigate those threats.
The earlier in the Systems Development Life Cycle (SDLC) that we catch a threat or a vulnerability, the less burden and expense it is on an organization. For example, if we can help our clients eliminate an entire class of vulnerabilities by designing mechanisms to prevent SQLi attacks without having to address every single validation point in either a web application or mobile application- that’s a big win.

The reason is that whenever new SQL injection vulnerabilities are found, Software Engineers react and go fix those specific problems. That means that they must write code, peer review it, perform regression testing (ie, make sure it doesn’t break existing functionality), quality assurance test it (make sure it fixes the problem), move the code into staging and then into production.

You can see why it is so important to catch a vulnerability in the early stages. But because most organizations don’t do much threat profiling, we tend to see a lot of issues caused either directly or indirectly by information technology processes like: server build and configuration processes, database implementation, application development, patching, disaster recovery, change management, and “desktop” support.
We are a provider of Threat & Vulnerability Management services. Namely: Vulnerability Management, TVM Program Analysis, VM MSSP, and Patch & Remediation Effectiveness. We also provide proactive work such as Application and Network penetration tests.
We have decades of experience in the areas we focus on in information security, and where other cybersecurity consultants outsource their work to cheaper, less experienced talent, we use the same experts from client in-take to the end of the engagement.
At the time Secutor was founded, many organizations had Vulnerability Management programs. We found that many companies did VM well but they did not have a comprehensive approach to TVM – which includes a more broad approach to Threat & Vulnerability Management. Plus, many companies had (and still have) a silo approach to security. Secutor works with our clients to integrate multiple parts of the business together to more effective address data security threats.

What Our Client's Say:

Scroll to Top
kelly-hammons-headshot

Kelly Hammons

CEO & VP of Customer Success

Kelly Hammons, CISSP, is the CEO and VP of Customer Success for Secutor Consulting. Kelly has been in IT and cybersecurity for 24 years, and created the Secutor Signature Vulnerability Management system which places special emphasis on using network security architecture to identify critical attack vectors and prioritize vulnerability remediation.

Kelly has assisted many large companies in building, expanding, and improving their Vulnerability Management programs.

JP Hill

Virtual CISO, ISC2 Chapter President

JP is an experienced executive with a combination of information technology, information assurance, start-ups and business development background, with a resilient emphasis on achieving customer satisfaction. He has a strategic ability to achieve results through the proper application of technology to business challenges. He has also been successful in the management of multi-million dollar projects and recovery of failing programs through completing tasks on time and under budget.

JP has experience with Information Assurance/Network Security Management, technology, privacy, audit, architecture, regulatory compliance, and governance. He is also experienced in compliance and auditing tasks performed for NIST, FISMA, NIACAP, DIACAP, DCID 6/3, SOX and ICD 503 Certification and Accreditation exercises, and is knowledgeable in COBIT, PCI and HIPPA compliance.

ADDITIONAL SKILLS

  • Guidance to Capability Maturity Model Integration (CMMI) Level 2 and preparation for Level 3 achievement.
  • Certified Six Sigma Specialist with a strong foundation for process improvement
  • Veteran with an active TS/SCI with CI Poly
  • Program/Project Management
  • Certification & Accreditation
  • Incident Response
  • Governance/Risk/Compliance (GRC)
  • Continuity/Disaster Recovery Planning
  • Vulnerability Management/Assessment
  • Business Development
  • Information Systems (IS) Audit
  • Virtualization/Cloud Computing
  • Security Assessment and Authorization
  • Configuration Management
  • Enterprise Architecture
  • Access Control
  • Malware Analysis

Brian Clinkenbeard

Expert Data Scientist

TRANSFORM, MODEL, and VISUALIZE. Advanced infrastructure security planning, design, oversight, assessments, testing and monitoring for businesses and entities who prefer to remain confidential.

  • Incident Response – the main service: containment and eradication
  • Advisory Distribution – issues advisories in regard to new vulnerabilities and how to mitigate same
  • Vulnerability Assessment – performs penetration testing and other assessment techniques to find vulnerabilities and how they may be exploited
  • Intrusion Detection – detects possible compromising events
  • Education and Awareness – bulletins, online boards, workshops, seminars, posters, etc.
  • Technology Watch – keeps abreast of new technologies and explores the feasibility of same
  • Patch Management – keeps software and hardware updated with the latest versions of revisions
  • Forensics – full forensics capabilities

Leon Cook

CYBERSECURITY LEADER, ISC2 CHAPTER BOARD CHAIR

Leon is a highly skilled cybersecurity leader with experience in multiple roles throughout the private, public, and government sector including network, infrastructure, architect, cybersecurity leadership, auditor, consultant and strategist. This allows him to provide a unique perspective on formulating business objectives to secure, purpose driven solutions. He is a forward thinker, while providing a pragmatic approach to deliver secure solutions for the most painful issues. He has also been successful in the management of multi-million-dollar projects for government, intelligence community, and international customers.

Leon has Global level experience in developing and maturing cybersecurity programs including Threat and Vulnerability Management, Threat Intelligence, Threat Hunting, Penetration Testing, Secure Software Development, Security Operations, Incident Response and Management, Governance, and Risk Management.  He also has considerable experience in consulting on privacy, audit, architecture, regulatory compliance, and governance. In addition, he is also experienced in compliance and auditing tasks performed for NIST, FISMA, NIACAP, DIACAP, DCID 6/3, SOX and ICD 503 Certification and Accreditation exercises, and is knowledgeable in PCI, GDPR, and HIPPA compliance.

Jim Deerman

IT Security Consultant III

Jim is a well organized, result oriented professional with extensive experience in a diverse range of information technologies and the knowledge to apply those technologies to meet company’s business goals. He has hands on experience in end-to-end project delivery based on business drivers, including requirements definition; architecture definition, technology evaluation and selection; implementation; and acceptance. Jim has been involved in working closely with operations teams, engineering teams, third party vendors, and upper management in implementing complex systems. Jim is skilled in hardware and software product design; solving complex system and network problems; defining strategic product direction based on long term vision; consulting; and providing technical leadership. He is also effective at explaining complex issues to management and technical staff.

Experience includes:
– Network and security related architecture & design.
– Extensive experience with start-up companies in the role of system architect.
– Virtualization
– Product definition and design.
– Strategic Technology Evaluation.

Specialties:
Jim has worked in the areas of network & system design and architecture for over 30 years. He has extensive experience in the areas of data network technologies, security (both host based and network based), Ethernet switching, routing, and Voice over IP. Jim has done not only network design and architecture, but also network product architecture, system architecture and system software design and development. He has also worked as the technical liaison between Marketing and Development.

Skills

  • End-to-end project delivery
  • Company start-up experience
  • Planning and design of the enterprise network infrastructure
  • Security architecture definition
  • Security and Networking Technology evaluation and selection
  • Defining strategic product direction based on long term vision
  • Strategic Technology Evaluation
  • Technical Requirements Definition
  • Enhanced DataCenter security technologies
  • VoIP service definition
  • Network Management architecture
  • Enterprise firewall traversal technologies for VoIP
  • VoIP policy gateway product deployment
  • Software Development Life-Cycle (SDLC)
  • Malware Research
  • Security Policy evaluation
  • Virtualization, including Software Defined Networks
  • Cloud-based data center evaluation
  • Utilization of Cisco’s UCS system and Nexus switches
  • VMware design and setup
  • VoIP/Mobile security
  • 20+ years of commercial experience
  • 10+ DoD and National Intelligence experience

Steve Blanding

CISO Consultant

CISSP, CISA, CGEIT, CRISC

Steve is an IT management consultant living in Dallas, TX. Steve has over 35 years of experience in executive IT leadership, IT governance, risk and compliance (GRC), systems auditing, quality assurance, information security, and business resumption planning for large corporations in the Big-4 professional services, financial services, manufacturing, retail electronics, and defense contract industries. He has extensive experience with industry best practices for adopting and implementing new technologies, IT service management frameworks, and GRC solutions that have dramatically improved customer satisfaction while reducing cost.

Industry Experience

  • State Government: 5 years
  • Retail: 5 years
  • Defense Contract: 5 years
  • Manufacturing: 2 years
  • Health Care: 2 years
  • Local Government: 2 years
  • Public Accounting (Big 4): 7 years
  • Insurance: 3 years
  • Financial Services: 5 years

Key Career Accomplishments

  • Conducted a full-scale ISO27000 audit 4 times over the past 6 years.  Also, conducted a “light” ISO27000 review of a small Dallas-based company in 2007.
  • Developed and authored a comprehensive IT security policy manual, incident response plans, training programs, security contingency plans and configuration management plans for FedRAMP regulatory compliance.
  • Conducted multiple DR and operational backup and recovery IT risk assessments of critical business systems on mainframe, LAN, and distributed system networks located across North America.
  • Conducted data centers audits for Tyco Corporation (Brussels, 2005 and Denver, 2006), Farmers Insurance (Los Angeles, 2006), Zurich Financial Services (Chicago, Kansas City, and Grand Rapids, 2006), and Convergys Corporation (Dallas, 2010, 2011, and 2012).
  • Led a project to remediate segregation of duties and streamline user access system security and HIPAA compliance administration across 5 regions in North America, resulting in cost savings of $700,000 per year (Kaiser Permanente).
  • Implemented Sarbanes-Oxley Section 302 and 404 IT general and application controls, reducing security administration costs and improving operational performance by 50% or $500,000 annually (Tyco Corporation).
  • Led the global SAP business-IT alignment, process re-design implementation initiative for financial accounting, materials management, production planning, quality management, sales and distribution, warehouse management, and plant maintenance, which resulted in creating $2,000,000 in cost savings.
  • Engaged by Arthur Andersen in Houston to transform the local IT organization and then direct 3 organizational mergers/consolidations, which resulted in a 25% reduction in operating costs, or $3,250,000, while improving customer satisfaction by 30%, and improving employee morale, technology availability and the quality of IT infrastructure and service delivery.
  • Assigned by Arthur Andersen global leadership to lead global project teams responsible for data center and customer support call center consolidation, which resulted in annual operational cost savings of 45% or $4,000,000.
  • Implemented ITIL service management practices for problem management, incident management, help desk, project management, and operations management.
  • Conducted SOX 404 audits at Duke Energy (6 months), Red Hat (3 months), Tyco (9 months), Zeon Chemicals (4 months), and Convergys (2 months). Experience includes control design/documentation and effectiveness testing.

Publications:

Author, various articles in EDPACS and Auerbach’s IT Audit Portfolio Series, 1981 – 2001

Author, various articles in the Handbook of Information Security Management, 1993 – 1995

Editor, Auerbach’s Enterprise Operations Management, 2002

Editor, Auerbach’s IT Audit Portfolio Series, 2000 – 2002

Consulting Editor, Auerbach’s EOM Portfolio Series, 1998 -2001

Mark Watjen

Implementation Consultant

Mark is an experienced Implementation Consultant in business operations and IT implementation services including business analysis, data analysis and process improvement. He has numerous successful software implementations in the healthcare and life sciences verticals. He is highly adept at diplomatically facilitating discussions and negotiations with internal and external project stakeholders and cross functional teams. Mark is also well practiced in clarifying business requirements, trouble shooting and performing gap analysis between goals and existing procedures/skill sets, designing process and system improvements to increase productivity and reduce costs.

ADDITIONAL SKILLS

  • Project Management
  • Business and Data Analysis
  • End to End Software Implementation
  • Practiced in Scrum Agile and SDLC/Waterfall methodologies

Richard Eaton

CDPSE, Cisco SAEXS
with a focus on data privacy, and Endpoint Detection and Remediation

Richard is a charismatic, data driven cybersecurity leader with proven success in leading lean, high-performance teams and multimillion dollar production and data science workloads while maintaining security posture. He excels at designing, implementing, and securing distributed cloud environments, DevOps, SecOps, and micro services architectures. Areas of expertise include, security, research and development, SIEM/SOC, IDS, attack surface profiling, governance risk and compliance as it relates to internal audit controls, HITRUST, HIPPA, PCI, SOX, and vendor assessment (SIG), data science environments dealing in Hadoop, kubernetes services, data lakes, data factories, data bricks, data warehouse, ETL logic and the development of heuristics systems and logic engines. Outstanding project and program leader with a track-record of working with both agile teams to quickly drive value faster than competitors, and executives to obtain funding that directly ties with production and security risk mitigation to deliver positive and measurable business outcomes.

OTHER AREAS OF FOCUS:

  • Email security and privacy – O365
  • Vulnerability remediation 
  • Firewall / switch reviews, audits, and config backup
  • Remote management and monitoring
  • Active Directory Group Policy, AzureAD Intune policy

With over 15 years of system administration experience and an added 10 years of Cybersecurity engineering totaling 25 years of experience, Richard can develop a solution that is flexible for everyone. Security should never impede operations and operations should be able to function under the guidelines of security and company policy.

Introducing:
Secutor Insider Direct

Discover a new era in cybersecurity purchasing. No markups, no hidden fees. Just the right tools at the right price, tailored to your needs, with expert advice from our seasoned cybersecurity professionals.

Ready to Find Your Solution?

Use the form to schedule a consultation, and we’ll reach out within 48 hours to confirm the appointment.

Considering this delay, please only select meeting dates 48 hours or more in advance. Your information will only be used to facilitate a meeting.