Assessments, Guidance, and Planning

Awareness and understanding is the first step to preparedness...

Conduct assessments to establish a baseline, hone an existing plan, cover a specific risk or incident, or prepare for an audit or certification. To start, we recommend a tactical, baseline assessment tailored for your market and specific business needs. This will provide you with real value and gives Cylidify the opportunity to demonstrate our capabilities and approaches as part of developing a shared understanding of your business and its needs. From a baseline, we can do additional engagements covering specialized functions (e.g. application development and deployment, or systems and services integrations) or market verticals (e.g. healthcare and IoT). Initial consultation is no cost while baseline assessments are bounded to time or cost. Our assessments cover your assets including systems, services, data, and intellectual property to provide the following:

  • Due diligence and direct evaluations to discover, diagram, and catalog assets and their associated controls including policies, processes, and practices

  • Review and analysis of that catalog and evidence of controls and compliance

  • Detailed reports that surface risks and issues, provide expert guidance and prescriptive recommendations tailored for your business and markets but aligned to a recognized frameworks and rating systems (e.g., NIST and NVD)

 

Assessments can be extended from any baseline strategically to meet a variety needs from overall risk posture and "security maturity" through to pre-certifications for HITRUST/HIPAA, PCI, CCPA or GDPR, ISO 27001, etc. 

Security Training and Practice Implementation

People are your most important asset (and highest risk) – provide them with fundamentals and training...

Development, implementation, and tuning of cybersecurity policies, processes, and practices that align to your business and market needs: 

  • Threat Modeling training and implementations

  • Security and privacy architecture and design

  • Off-the-shelf or customized training for development, operations, or other staff either ad-hoc or part of a yearly requirements

  • On-demand or subscription-based whitepapers, blogs, and curated content to keep your business current on emerging threats within your market's security and privacy landscape

  • Data privacy and de-identification standards and best practices

  • Architecture, design, and solution hardening standards and best practices 

 

Cylidify can work directly with your development and operational teams as a security and privacy resource and advocate.

Virtual or "Leased" CSO or CISO (or Executive Advisory)

Expert talent providing or complimenting the cybersecurity leadership for your business...

We have experienced leaders that can be direct resources for your business – including our founders and principals. These people have a minimum of 15 years working in cybersecurity, privacy, and development with start-ups through enterprises and Fortune 500s. Cylidify resources can engage with a mix of tactical and strategic approaches working top-down and bottom-up to craft a balanced plan (people and processes plus tools and platforms) to meet your business and market needs:

  • Serve as an adviser to your executives for specific security issues or general security and privacy planning and implementations 

  • Provide guidance on security posture (e.g. ransomware defense and response) and operational security (e.g. perimeter, endpoint protection, monitoring, etc.)

  • Represent the security and privacy posture of your business including due diligence through to questionnaires (e.g. SIG) or bi-directional assessments for executive leadership, clients, investors, partners, or auditors

  • Create, review, and extend policies and procedures with guidance on implementation and enforcement:

    • Internal and external issue reporting or bounty programs

    • Physical security, data, and IP protection

    • SLAs and incident disclosures

  • Security, privacy, and compliance planning for your market or certifications (e.g. HITRUST/HIPAA, PCI, CCPA or GDPR, ISO 27001, etc.) 

  • Incident response planning leading into business continuity and disaster recovery efforts (BC/DR) 

  • Implementation of procedural dry-runs and adversarial simulations

 

These engagements leverage our templates and experiences as a baseline but the end result is tailored for your business and market.

 

​Are you a CEO, CIO, or CTO? We can checkpoint your existing investments and provide a plan to meet your interim needs (including incident reponse) and help you find the right full-time CSO or CISO as needed.

 

Are you a CSO or CISO?  We can provide you with a 2nd opinion, advice, tactical backup, or a means to scale.

If there are specific issues or incidents you would like to discuss, please email or call to ensure confidentiality.

Offensive Security (OffSec)

You never really know until you try...

Move your organization past static analysis to direct, dynamic analysis. Surface issues earlier via consulting, services, or referrals for:

  • Early phases  architecture, design, and development including Threat Modeling

  • Later phases  development, deployment, and operationalization including performance and regression testing contexts

  • Adversarial simulations such as red vs. blue, purple, capture-the-flag, etc.

  • Vulnerability scanning

 

The above are related, but very different activities that are often confused. We can help clarify the difference and provide a plan and approach to meet your specific needs. 

Cylidify can also manage your existing offensive security efforts to help scope, plan, and manage these engagements maximizing the fidelity and value. This can be extended to interpret, respond, or do remediation or mitigation of issues found by other vendors, bounty programs, auditors, or your clients.

Are we missing something?

Cybersecurity and privacy are dynamic landscapes requiring extreme agility...

At Cylidify, we strive to work with agility and stay on the leading edge of cybersecurity and privacy. If we have missed something in our offerings, please let us know. If what you need (or want) isn't listed, please contact us to discuss how we can assist directly or via referrals and brokering within our partner network.

Confidentiality is a key aspect of our business and we maintain it throughout all engagements in addition to the necessary agreements, contracts, and NDAs. We are here to help and will make productive use your time — all of our interactions begin with active listening and questions versus marketing and sales.

We know our capabilities and the marketplace allowing us to help you to make the right and "right now" decisions. 

 

Security Development Lifecycle Development and Implementation

Infusing security into your software development life cycle "baked-in" versus "bolted-on"...

Development, implementation, and tuning of cybersecurity processes and practices integrated with your SDLC and aligned to your development methodology and business needs:

  • Creation and implementation of a Security Development Lifecycle (SDL​) 

  • Direct engagements to assist with security and privacy needs in architecture and design, application development, and operational aspects of SDL practices – including specific issue remediation or mitigation

 

Cylidify has expertise in the architecture, design, and development of applications and services to create solutions. We believe that infusing security and privacy into your SDLC leads to long term value. Earlier is always better (i.e. "baked-in" versus "bolted-on") knowing that a business must also be able to respond threats or attacks with agility. We have the expertise and technical depth to work directly with development and operational teams for security and privacy architecture, design, and implementations.

 
 
 
 

Raleigh, NC, USA

  • Twitter - Grey Circle
  • LinkedIn - Grey Circle

©2020 by Cylidify, LLC