Healthcare: We developed a comprehensive information security program for a regional hospital, designed to ensure readiness for HIPAA, PCI, and NIST 800-171 audits. Our holistic approach included the implementation of a managed Security Operations Center, a robust Vulnerability Management program, and an effective Third-Party Risk program. Additionally, we established a suite of Information Security Policies and a dynamic Security Awareness Training program to fortify the hospital’s defenses against evolving cyber threats. This strategic initiative includes ongoing virtual CISO services and enhances the hospital’s security program.
Biotechnology: Have worked with several biotech firms including a company focusing on research and development of novel therapeutics to treat cancer, and a gene editing company focused on developing CRISPR medicines. Overhaul of the infrastructure and lab environments to make them adaptive but secure. Compliance with Sarbanes-Oxley and NIST 800-171.
Construction: Virtual CISO services for an international construction company which needs to comply with US and EU laws. Security Awareness training and penetration testing.
Education: We assist several colleges and universities in building and maintaining an information security program and compliance with FERPA, GDPR, GLBA, and NIST 800-171.
High-Tech: Assist several global SaaS providers of ERP, Finance, and Governance, Risk, and Compliance software in need of a robust program to ensure compliance with SOC2 Type 2, ISO 27001, HIPAA/HITECH, GDPR, TISAX, and more. Built information security policies and a security awareness program, created and validated procedures for global data centers.
Government: Assist several US states with their cybersecurity programs to comply with NIST 800-53 and ensure the safety of constituent data. Led pre-audits for Social Security Administration and HHS.
Small Business: NIST CSF, Information Security and privacy policies, Vulnerability Management, staff augmentation.
Telecommunications: Assist several internet service providers with creating/enhancing their security program and ongoing virtual CISO services.