At the moment we have 35 consultants that we use to staff engagements.
Our consultants average over 21 years of experience in the industry. There is very little that we haven’t seen or dealt with in information security.
Since humans build the applications we use and the underlying infrastructures that run them, humans play a vital role in their protection. From network and application security tools and techniques applied by operators and developers to users being able to recognize scams and fraud. There are a wide range of “wet ware” issues that we in information security have to address.
Information Technology continues to get more complex as the way we use technology evolves. When we started our careers, mobile devices like Tablets, cell phones, smart devices, and “Internet of Things” didn’t exist. Being social meant that you went our with friends or family – not hang out online on Facebook, LinkedIn, Reddit, Fiverr, or Nextdoor.
These devices have introduced many modern conveniences but they’ve also made our jobs more challenging. Now we must have some understanding of mobile device security, mobile device applications, Cloud security (many providers host their entire environments in the cloud).
By the way, the aforementioned social media applications have had the direct consequence of introducing new threat vectors and ways for cybercriminals to defraud the general public. Generally with phishing attacks.
We look at the controls in place and make recommendations to either add or enhance those controls. Specifically, we could be talking about server build “gold standards”, patch and configuration management, endpoint security, desktop security, security awareness training, or even application security. You can see that TVM can be complicated and confusing but we’ve been doing this a very, very long time. We can help!
SCMS is the Secutor Cybersecurity Management System. SCMS is a human-centric cybersecurity-driven service aimed at assessing, reviewing, and identifying client organizations TVM Program. We seek to analyze how threats and vulnerabilities are detected and ultimately mitigated.
SSVM is the Secutor Signature Vulnerability Management System. The Secutor Signature Vulnerability Management (SSVM) system is a comprehensive solution that serves as the solid foundation upon which all other Cybersecurity is built. Successful vulnerability management can automatically, accurately and consistently prioritize vulnerabilities based on multiple criteria, along with its integration into the organization’s daily work process.
TVM is Threat & Vulnerability Management. Specifically, it’s the process of analyzing an organization’s ability to identify, react, and mitigate threats and vulnerabilities. We help our customers by starting with a threat modeling exercise – we sit down and understand the business and how business and therefore technology decisions create weaknesses in the security architecture. We then determine what tools and techniques our clients use to address and mitigate those threats.
The earlier in the Systems Development Life Cycle (SDLC) that we catch a threat or a vulnerability, the less burden and expense it is on an organization. For example, if we can help our clients eliminate an entire class of vulnerabilities by designing mechanisms to prevent SQLi attacks without having to address every single validation point in either a web application or mobile application- that’s a big win.
The reason is that whenever new SQL injection vulnerabilities are found, Software Engineers react and go fix those specific problems. That means that they must write code, peer review it, perform regression testing (ie, make sure it doesn’t break existing functionality), quality assurance test it (make sure it fixes the problem), move the code into staging and then into production.
You can see why it is so important to catch a vulnerability in the early stages. But because most organizations don’t do much threat profiling, we tend to see a lot of issues caused either directly or indirectly by information technology processes like: server build and configuration processes, database implementation, application development, patching, disaster recovery, change management, and “desktop” support.
We are a provider of Threat & Vulnerability Management services. Namely: Vulnerability Management, TVM Program Analysis, VM MSSP, and Patch & Remediation Effectiveness. We also provide proactive work such as Application and Network penetration tests.
We’ve got decades of experience in the areas we focus on in information security. Especially TVM and application security which has been many of our consultant’s focus area for decades of their careers.
At the time Secutor was founded, many organizations had Vulnerability Management programs. We found that many companies did VM well but they did not have a comprehensive approach to TVM – which includes a more broad approach to Threat & Vulnerability Management. Plus, many companies had (and still have) a silo approach to security. Secutor works with our clients to integrate multiple parts of the business together to more effective address data security threats.
Learn more about our consulting services and our how we can be your TVM Managed Security Service Provider.