Services/Cybersecurity

Security programs that hold up under pressure.

Assessments, security engineering, managed detection, and incident response — led by practitioners with intelligence-community and enterprise security backgrounds. Not compliance theater. Operational security for the organizations that need it.

What we do

Six service lines. Integrated delivery.

Security assessments

CyberPosture assessments, Azure and AWS reviews, STRIDE threat modeling, and gap analyses against NIST CSF 2.0, CIS v8, HIPAA, and CMMC.

Security engineering

Identity architecture, email security (Check Point, Proofpoint, Microsoft), network segmentation, endpoint hardening, and cloud security posture engineering.

Managed detection & response

24/7 monitoring, detection engineering, and response playbooks delivered by analysts with intelligence-community and enterprise security backgrounds. Vigil is our managed SOC platform.

Incident response

On-call IR retainers, forensics, containment, and executive communications. Runbooks written for the people actually in the chair at 3am.

GRC & compliance

Framework alignment, policy drafting, evidence collection, and audit preparation. Covered in detail on our Data Governance practice.

Cloud security

Azure, AWS, and Google Cloud reviews and remediation. CSPM tuning, identity hardening, and landing-zone build-outs for regulated workloads.

Framework alignment

Built to the standards that matter.

NIST CSF 2.0

Cybersecurity Framework

CIS Controls v8

Center for Internet Security

HIPAA Security Rule

45 CFR Part 164

CMMC

Cybersecurity Maturity Model

STRIDE

Threat modeling methodology

Supporting platforms

Tools we built from the work.

Vigil

Managed detection & response

Continuous monitoring and response delivered by analysts with intelligence-community and enterprise security backgrounds. Detection engineering, threat hunting, and IR support integrated into one retainer.

Arcana

Threat & data intelligence

Curated threat intelligence contextualized for the decisions your team actually makes. Sector-specific briefings, adversary tracking, and early warning — not raw feeds or dashboard clutter.

Selected engagement

Representative healthcare engagement.

Case · Healthcare

Regional public health plan · cybersecurity maturity & Zero Trust

Scope

Cybersecurity maturity assessment, core policy authoring (IR, VM, insider threat), and Zero Trust implementation at one of the nation's largest publicly operated health plans.

Approach

Executive-level security roadmap, SIEM and EDR modernization, endpoint hardening, tabletop exercises, and Zero Trust access architecture for PHI/PII protection.

Outcome

HIPAA-compliant remote access enabled for 5,000+ staff. Reduced incident response time through IAM/SIEM integration and strengthened SOC operations.

HIPAA Zero Trust Maturity assessment SOC enablement

Security programs that hold up under pressure.

Six service lines. Integrated delivery.

Security assessments

Security engineering

Managed detection & response

Incident response

GRC & compliance

Cloud security

Built to the standards that matter.

Tools we built from the work.

Managed detection & response

Threat & data intelligence

Representative healthcare engagement.

Regional public health plan · cybersecurity maturity & Zero Trust

Security assessment, audit, or incident? Let's scope it.