Assessments, Guidance, and Planning

In support of the global pandemic Respond and Recover efforts, we have updated or created baseline assessments specific to virtual office (remote working) scenarios and healthcare verticals. We have streamlined our processes and added resources to allow for rapid engagement including options for helping you deploy virtual/remote office capabilities (see "IT" offering below).

Conduct assessments to establish a baseline, hone an existing plan, cover a specific risk/incident, or prepare for an audit or certification. A Cylidify IT/technology baseline assessment is a great way to start or rekindle a security and privacy program. You get real value and Cylidify gets the opportunity to demonstrate our capabilities and approaches as part of developing a shared understanding of your business and its needs. The baseline will be tailored for your business and market and can include add-ons for verticals like R&D (application development or systems integrations). From a baseline (Cylidify or others), we can help you develop and implement tactical or strategic cybersecurity and privacy plans.

  

The initial consultation is no cost and baseline assessments are typically fixed cost. Cylidify assessments cover your assets including systems, services, data, and intellectual property to provide the following:

  • Due diligence and direct evaluations to discover and catalog your assets and the associated controls (policies, processes, and practices) across administrative/compliance, technical, and physical categories.

  • Review catalog to produce a list of risks and issues by area such as IT, business, financial, services, R&D, support, etc.  

  • Report providing summary and details tailored for your business and market, and aligned to an appropriate framework and scoring/rating system (e.g., NIST, NVD, etc.). Includes your overall security posture and maturity as well as risks and issues categorized and prioritized along with expert guidance and prescriptive recommendations.  

 

Assessments and reporting can be extended from any baseline to meet a variety needs from improving security posture and maturity through to pre-certifications for HITRUST/HIPAA, PCI, CCPA or GDPR, ISO 27001, etc. 

 
 
 

Virtual or "Leased" CSO or CISO (or Executive Advisory)

Expert talent providing or complimenting the cybersecurity leadership for your business...

We have experienced leaders that can be direct resources for your business (includes our founders and principals). These people have a minimum of 15 years working in cybersecurity, privacy, and development with start-ups through enterprises and Fortune 500s. Cylidify resources can engage with a mix of tactical and strategic approaches working top-down and bottom-up to craft a balanced plan (people and processes plus tools and platforms) to meet your business and market needs:

  • Serve as an adviser to your executives for specific security issues or general security and privacy planning and implementations 

  • Provide guidance on security posture (e.g. ransomware defense and response) and operational security (e.g. perimeter, endpoint protection, monitoring, etc.)

  • Represent the security and privacy posture of your business including due diligence through to questionnaires (e.g. SIG) or bi-directional assessments for executive leadership, clients, investors, partners, or auditors

  • Create, review, and extend policies and procedures with guidance on implementation and enforcement:

    • Internal and external issue reporting or bounty programs

    • Physical security, data, and IP protection

    • SLAs and incident disclosures

  • Security, privacy, and compliance planning for your market or certifications (e.g. HITRUST/HIPAA, PCI, CCPA or GDPR, ISO 27001, etc.) 

  • Incident response planning leading into business continuity and disaster recovery efforts (BC/DR) 

  • Implementation of procedural dry-runs and adversarial simulations

 

These engagements leverage our templates and experiences as a baseline but the end result is tailored for your business and market.

 

​Are you a CEO, CIO, or CTO? We can checkpoint your existing investments and provide a plan to meet your interim needs (including incident reponse) and help you find the right full-time CSO or CISO when needed.

 

Are you a CSO or CISO?  We can provide you with a 2nd opinion, advice, tactical backup, or a means to scale.

Offensive Security (OffSec)

You never really know until you try...

Move your organization past static analysis to direct, dynamic analysis. Surface issues earlier via consulting, services, or referrals for:

  • Early phases: architecture, design, and development including Threat Modeling

  • Later phases: development, deployment, and operationalization including performance and regression testing contexts

  • Vulnerability and network scanning

  • Penetration testing

  • Adversarial simulations such as red vs. blue, "purple", capture-the-flag, etc.

 

The above activities are related, but very different  and often confused. We can help clarify the differences and provide a plan and approach to meet your specific needs. 

Cylidify can also manage your existing offensive security efforts to help scope, plan, and manage these engagements maximizing the fidelity and value. This can be extended to interpret, respond, or do remediation or mitigation of issues found by other vendors, bounty programs, auditors, or your clients.

IT Security and Privacy

"Zerotrust" principals applied to your IT and line-of-business software...

Offering added in 2020 to meet the needs created or highlighted by the global pandemic.

This is focused on off-premises, public cloud IT offerings such as Microsoft 365 or Google G Suite. Cylidify can engage tactically to help configure and administrate the security and privacy aspects (authentication, encryption, retention, etc.) or strategically via managed services to help your business deploy, implement, and administrate IT and line-of-business software. 

 
 

Infusing security into your IT and software development life-cycle "baked-in" versus "bolted-on"...

Development, implementation, and tuning of cybersecurity processes and practices integrated with your SDLC and aligned to your development methodology and business needs:

  • Creation and implementation of a Security Development Lifecycle (SDL​) 

  • Direct engagements to assist with security and privacy needs in architecture and design, application development, and operational aspects of SDL practices – including specific issue remediation or mitigation

 

Cylidify has expertise in the architecture, design, and development of applications and services to create secure solutions. We believe that infusing security and privacy into your SDLC leads to long term value. Earlier is always better (i.e. "baked-in" versus "bolted-on") knowing that a business must also be able to respond threats or attacks with agility. We are able to work directly with development and operational teams for security and privacy architecture, design, and implementations.

Security Training and Practice Implementations

People are your most important asset (and highest risk) – provide them with fundamentals and training...

Development, implementation, and tuning of cybersecurity policies, processes, and practices that align to your business and market needs: 

  • Threat Modeling training and implementation

  • Architecture, design, and implementation  best practices, remediation, and application/solution hardening 

  • Off-the-shelf or customized training for development, operations, or other technical staff either ad-hoc or periodic

  • Data privacy and de-identification standards and best practices

  • On-demand or subscription-based whitepapers, blogs, and curated content to keep your business current on emerging threats within your market's security and privacy landscape

 

Cylidify can work directly with your development and operational teams as a security and privacy resource and advocate.

Are we missing something?

Cybersecurity and privacy are dynamic landscapes requiring extreme agility...

At Cylidify, we strive to work with agility and stay on the leading edge of cybersecurity and privacy. If we have missed something in our offerings, please let us know. If what you need (or want) isn't listed, please contact us to discuss how we can assist directly or via referrals and brokering within our partner network.

Confidentiality is a key aspect of our business and we maintain it throughout all engagements in addition to the necessary agreements, contracts, and NDAs. We are here to help and will make productive use your time — all of our interactions begin with active listening and questions versus marketing and sales.

We know our capabilities and the marketplace allowing us to help you to make the right and "right now" decisions. 

 

Raleigh, NC, USA

  • LinkedIn - Grey Circle
  • Twitter - Grey Circle
  • Facebook

©2020 by Cylidify, LLC