We work with you to shape engagements and provision them with the right IANS Faculty experts. Your project will never be staffed with junior level consultants. We do what we say we'll do, on time, at a fixed cost. Our expertise is built from hands-on experience. We staff your project with doers who recommend actions, and then help you take them.
Big name firms that seem like "the safe choice" too often staff your projects with whoever happens to be on the bench. And then they farm the engagement for more work.
Analysts are great for sorting through the vendor landscape, but they're not going to roll-up their sleeves to work for you. Their knowledge is most often theory-based and comes largely from surveys and vendor interviews.
The CSMM is a set of guidelines, not all of which will work for every organization. Organizations should use the model as a starting point and a means to make decisions about how much investment in each category makes sense for their environment.
The CSMM diagnostic assesses the state of your cloud security program against 12 categories over three domains of the CSMM.Learn More
Aligned with the Penetration Testing Execution Standard (PTES), we perform in-depth assessments of internal and external networks, web and mobile applications to identify programming errors, configuration weaknesses, or faulty assumptions about user behavior. Both manual inspection and automated scanning tools are used to identify vulnerabilities. We can test:
Test controls while improving detection and response with attacker, purple team, and threat hunting engagements.
Understand what’s working well and what needs attention with a comprehensive review of technical controls in place, governance, and process along with a roadmap of action.
Increase skills and understanding through tailored, hands-on training of your IT and security staff.
This group of over 60 hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance on achieving fast and successful results.
Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.
Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.
Ken is a dual citizen of the EU (England) and the USA and holds a current U.S. Department of Defense TOP SECRET clearance. In his free time, Ken enjoys travel, cooking, Saints football, and spoiling a couple of basset hounds. He also volunteers his time teaching firearms safety as an NRA certified instructor.
Joff is a Security Analyst and Penetration Testerat Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. He is also an Instructor at the SANS Institute where he primarily teaches the use of Python for information security purposes.
When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.
James is Principal Consultant, Co-Founder, and President of Enclave Security, an information security consulting firm specializing in governance that is based in Venice Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James also serves as a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute.
In his free time, James enjoys the Florida sunshine, spending time outdoors (away from computer screens), running, and exercising.
John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.
In his free time, John enjoys mountain biking, AT Skinning (or Ski Touring) and ranching.
Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.
In his free time, Tim enjoys traveling and watching football.
Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.
Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.
Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis
Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion, a Star Wars charity group.
Bill is a Shareholder at LBMC Information Security,where he is responsible for security assessments, incident response, digital forensics, electronic discovery and overall litigation support. He also serves as an expert witness in federal courts and numerous state courts and has conducted digital forensic investigations and electronic discovery services to support litigation efforts. He is also an active member of the International Society for Forensic Computer Examiners and Board Member in East Tennessee’s InfraGard Chapter.
In his free time, Bill enjoys boating, UT Football, and hanging out with his two sons.
Kevin is the Founder and Principle Consultant of Atlanta-based Principle Logic, LLC, an independent information security company that focuses on vulnerability and penetration testing, security operations reviews, and virtual CISO services. He also serves on the Industry Advisory Board for Computer Engineering at Kennesaw State University – Southern Polytechnic College of Engineering and Engineering Technology. Kevin has served in many information technology and security roles for healthcare, e-commerce, finance, education, and consulting organizations. Kevin is also a prominent writer having written over 1,000 articles on information security.
For fun, Kevin enjoys road racing his Mazda Miata in the Spec Miata class with the Sports Car Club of America (SCCA), riding dirt bikes, and snow skiing.
Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.
In his free time, Arron enjoys restoring 1960's split-window VW buses and arranging and recording vocal music with his brothers and daughters. Aaron has also completed several Condon Bleu culinary education programs and volunteers as a real-time Spanish translator for immigration courts. Additionally, he is an avid traveler who has visited over 75 countries.
Josh is the Owner and President of Eyra Security, an information security and business improvement consulting firm that specializes in helping startups and organizations in transition take advantage of lean and agile methods, open source technology, and varied frameworks used for security, risk management, and compliance. He also serves on the GIAC Advisory Board. Additionally, as an active member in the information security community, Josh is a member of ISSA, Agile Iowa, OWASP, DC612, Central Iowa Area Linux Users Group and Infragard.
In his free time, Josh enjoys reading books from various genres including business, photography, mythology, mythic fiction and natural history. He also enjoys practicing photography, cooking, and other artistic sciences.
Jason is a Principal Security Consultant and CIO at Secure Ideas, a boutique information security consultancy that focuses on penetration testing and training, where he leverages his software design, architecture, and security testing experience. He is also the author of many extensions for Burp Suite and is a contributor to several other projects including SamuraiWTF, MobiSec, and Laudanum.
In his free time, Jason enjoys running, homebrewing, and spending time with his wife and two kids.
Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.
In his free time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).