Assessments, Guidance, and Planning

Conduct assessments to establish a cybersecurity baseline, update a previous assessment, cover a specific risk/incident, or prepare for an audit or certification. Cylidify assessments are tailored for your business, market, and focus areas. We have add-ons for the following verticals:

  • Healthcare (HIPAA and HITRUST)

  • R&D (ISO27001 for application development or systems integrations)

  • Financial (PCI)

  • Government (FedRAMP)

 

Even though our assessments are tailored, we leverage standard questionnaires such as CSA CAIQ or SFG SIG factoring in privacy requirements such as for HIPAA, CCPA, or GDPR. We also align our reporting and guidance to industry frameworks and risk rating systems such as NIST’s SP 800-171 and NVD.   

 

A Cylidify assessment will cover your business assets including systems, services, data, and intellectual property via the following activities and deliverables:

  • Scoping and due diligence establishing the specific requirements and goals, define the breadth and depth of the assessment, and catalog your assets and known risks. We can scope an assessment to the business, a division, a solution, or something custom to fit your specific needs. 

  • Questionnaires and direct evaluations documenting and verifying existing controls, policies, processes, and practices, across administrative (compliance), technical, and physical categories.

  • Asset catalog review and direct analysis or scans producing a list of risks and issues by area including IT, business, financial, services, R&D, support, operations, etc.  

  • Report development providing a summary and details for all surfaced risks and issues categorized and prioritized aligning to industry standards with expert guidance and prescriptive recommendations for remediation. Includes collaborative delivery session to review, update, and finalize report. 

 

Cylidify engages via a no-cost 30-minute consultation to gather the details of your business and the assessment requirements. Assessments begin with a fixed cost scoping and due diligence phase to develop a proposal for the assessment including estimated scope, timeline, and cost. Given the dynamic nature of an assessment and dependencies on the availability of your staff, we assign a PM and schedule weekly checkpoints of the assessment publishing status and updating estimates.    

 
 

Virtual or Fractional CSO or CISO (a.ka. Executive Advisory)

Expert talent providing or complimenting the cybersecurity leadership for your business...

We have experienced leaders that can be direct resources for your business (includes our founders and principals). These people have a minimum of 15 years working in cybersecurity, privacy, and development with start-ups through enterprises and Fortune 500s. Cylidify resources can engage with a mix of tactical and strategic approaches working top-down and bottom-up to craft a balanced plan (people and processes plus tools and platforms) to meet your business and market needs:

  • Serve as an adviser to your executives for specific security issues or general security and privacy planning and implementations 

  • Provide guidance on security posture (e.g. ransomware defense and response) and operational security (e.g. perimeter, endpoint protection, monitoring, etc.)

  • Represent the security and privacy posture of your business including due diligence through to questionnaires (e.g. CAIQ) or bi-directional assessments for executive leadership, clients, investors, partners, or auditors

  • Create, review, and extend policies and procedures with guidance on implementation and enforcement:

    • Internal and external issue reporting or bounty programs

    • Physical security, data, and IP protection

    • SLAs and incident disclosures

  • Security, privacy, and compliance planning for your market or certifications (e.g. HITRUST/HIPAA, PCI, CCPA or GDPR, ISO 27001, etc.) 

  • Incident response planning leading into business continuity and disaster recovery efforts (BC/DR) 

  • Implementation of procedural dry-runs and adversarial simulations

 

We leverage our templates and experiences as a baseline but the end result is tailored for your business and market.

 

​Are you a CEO, CIO, or CTO? We can checkpoint your existing investments and provide a plan to meet your interim or incident based needs and help you find the right full-time CSO or CISO when that is necessary.

 

Are you a CSO or CISO?  We can provide you with a 2nd opinion, advice, tactical backup, or a means to scale.

 

IT Managed and Fractional Services

Cybersecurity and privacy best practices applied to your IT and business software...

Offering added in late 2020 to meet the remote working and cloud migration needs created by the global pandemic.

Cylidify specializes (public) cloud IT offerings such as Microsoft 365 and Google Workspace. We can engage tactically (by project) or strategically via managed or fractional services to help your business deploy, implement, and administer IT software (email, online meetings, etc.) with a focus on the security and privacy aspects (identity, access management, authentication/MFA, device management, encryption, etc.).

Security Training and Practice Implementations

People are your most important asset (and highest risk) – provide them with fundamentals and training...

Development, implementation, and tuning of cybersecurity policies, processes, and practices that align to your business and market needs: 

  • Threat Modeling training and implementation

  • Architecture, design, and implementation  best practices, remediation, and application/solution hardening 

  • Off-the-shelf or customized training for development, operations, or other technical staff either ad-hoc or periodic

  • Data privacy and de-identification standards and best practices

  • On-demand or subscription-based whitepapers, blogs, and curated content to keep your business current on emerging threats within your market's security and privacy landscape

 

Cylidify can work directly with your development and operational teams as a security and privacy resource and advocate.

 
 

Offensive Security (OffSec)

You never really know until you try...

Move your organization past static analysis to direct, dynamic analysis. Surface issues earlier via consulting, services, or referrals for:

  • Early phases: architecture, design, and development including Threat Modeling

  • Later phases: development, deployment, and operationalization including performance and regression testing contexts

  • Vulnerability and network scanning

  • Penetration testing

  • Adversarial simulations such as red vs. blue, "purple", capture-the-flag, etc.

 

The above activities are related, but very different  and often confused. We can help clarify the differences and provide a plan and approach to meet your specific needs. 

Cylidify can also manage your existing offensive security efforts to help scope, plan, and manage these engagements maximizing the fidelity and value. This can be extended to interpret, respond, or do remediation or mitigation of issues found by other vendors, bounty programs, auditors, or your clients.

Infusing security into your IT and software development life-cycle "baked-in" versus "bolted-on"...

Development, implementation, and tuning of cybersecurity processes and practices integrated with your SDLC and aligned to your development methodology and business needs:

  • Creation and implementation of a Security Development Lifecycle (SDL​) 

  • Direct engagements to assist with security and privacy needs in architecture and design, application development, and operational aspects of SDL practices – including specific issue remediation or mitigation

 

Cylidify has expertise in the architecture, design, and development of applications and services to create secure solutions. We believe that infusing security and privacy into your SDLC leads to long term value. Earlier is always better (i.e. "baked-in" versus "bolted-on") knowing that a business must also be able to respond threats or attacks with agility. 

 

Are we missing something?

Cybersecurity and privacy are dynamic landscapes requiring extreme agility...

At Cylidify, we strive to work with agility and stay on the leading edge of cybersecurity and privacy. If we have missed something in our offerings, please let us know. If what you need (or want) isn't listed, please contact us to discuss how we can assist directly or via referrals and brokering within our partner network.

Confidentiality is a key aspect of our business and we maintain it throughout all engagements in addition to the necessary agreements, contracts, and NDAs. We are here to help and will make productive use your time — all of our interactions begin with active listening and questions versus marketing and sales.

We know our capabilities and the marketplace allowing us to help you to make the right and "right now" decisions. 

Raleigh, NC, USA

  • LinkedIn - Grey Circle
  • Twitter - Grey Circle

©2021 by Cylidify, LLC