Assessments, Guidance, and Planning

Conduct assessments to establish a cybersecurity baseline, update a previous assessment, cover a risk or incident, or prepare for an audit or certification. Cylidify assessments are tailored for your business, market, and focus areas. We have add-ons for the following verticals:

  • Healthcare (HIPAA and HITRUST)

  • R&D (ISO27001 for application development or systems integrations)

  • Manufacturing, automation, and IoT

  • Government (FedRAMP)

 

Even though our assessments are tailored, we leverage standard questionnaires such as CSA CAIQ or SFG SIG factoring in privacy requirements such as for HIPAA, CCPA, or GDPR. We also align our reporting and guidance to industry frameworks and risk rating systems such as NIST’s SP 800-171 and NVD.   

 

A Cylidify assessment will cover your business assets including systems, services, data, and intellectual property - here is what you get:

  • Scoping and due diligence establishing the specific requirements and goals, define the breadth and depth of the assessment, and catalog your assets and known risks. We can scope an assessment to the business, a division, a solution, or something custom to fit your specific needs. 

  • Questionnaires and direct evaluations documenting and verifying existing controls, policies, processes, and practices, across administrative (compliance), technical, and physical categories.

  • Asset catalog review and direct analysis or scans surfacing risks and issues in a register categorized by area such as IT, business, financial, services, R&D, support, operations, etc.  

  • Report development providing a summary and details for the register of risks and issues prioritized aligning to industry standards with expert guidance and prescriptive recommendations for remediation. This includes collaborative delivery sessions to review, update, and finalize report. 

 

Cylidify engages via a no cost initial consultation to gather the details of your business and the assessment requirements. Assessments begin with a fixed cost scoping and due diligence phase to develop a proposal for the assessment including estimated scope, timeline, and cost. Given the dynamic nature of an assessment and dependencies on the availability of your staff, we assign a PM and schedule weekly checkpoints of the assessment with a published status and estimate or timeline updates.    

 
 

Virtual or Fractional CSO or CISO (a.ka. Executive Advisory)

Expert talent providing or complimenting the cybersecurity leadership for your business...

We have experienced leaders that can be direct resources for your business (includes our founders and principals). These people have a minimum of 15 years working in cybersecurity, privacy, and development with start-ups through enterprises and Fortune 100s. Cylidify resources can engage with a mix of tactical and strategic approaches working top-down and bottom-up to craft a balanced plan (people and processes plus tools and platforms) to meet your business and market needs:

  • Serve as an advisor to your executives for specific security issues or general security and privacy planning and implementations 

  • Provide guidance on security posture (e.g., ransomware defense and response) and operational security (e.g., perimeters and VPNs, endpoint protection, network monitoring, etc.)

  • Represent the security and privacy posture of your business including due diligence through to questionnaires (e.g. CAIQ) or bi-directional assessments for executive leadership, clients, investors, partners, or auditors

  • Create, review, and extend policies and procedures with guidance on implementation and enforcement:

    • Internal and external issue reporting or bounty programs

    • Physical security, data, and IP protection

    • SLAs and incident disclosures

  • Security, privacy, and compliance planning for your market or certifications (e.g. HITRUST/HIPAA, PCI, CCPA or GDPR, ISO 27001, etc.) 

  • Incident response planning leading into business continuity and disaster recovery efforts (BC/DR) 

  • Implementation of procedural dry-runs and adversarial simulations

 

We leverage our templates and experiences as a baseline but the end result is tailored for your business and market.

 

​Are you a CEO, CIO, or CTO? We can checkpoint your existing investments and provide a plan to meet your interim or incident based needs and help you find the right full-time CSO or CISO when that is necessary.

 

Are you a CSO or CISO?  We can provide you with a 2nd opinion, advice, tactical backup, or a means to scale.

 

IT Managed and Fractional Services

Cybersecurity and privacy best practices applied to your IT and business software...

Cylidify specializes in public cloud IT offerings such as Microsoft 365 and Google Workspace. We can engage tactically by project or strategically via managed or fractional services to help your business deploy, implement, and administer IT software (email, online meetings, "office", etc.). Our focus is on security and privacy aspects (identity, access management, authentication/MFA, device management, encryption, etc.), but we can also provide standard IT and helpdesk services all tailored for your business and specific needs.  

This offering is under continuous revision to meet the emergent needs of remote working and cloud migration scenarious created by the global pandemic.

Security Training and Practice Implementations

People are your most important asset (and highest risk) – provide them with fundamentals and training...

Development, implementation, and tuning of cybersecurity policies, processes, and practices that align to your business and market needs: 

  • Threat Modeling training and implementation

  • Architecture, design, and implementation  best practices, remediation, and application/solution hardening 

  • Off-the-shelf or customized training for development, operations, or other technical staff either ad-hoc or periodic

  • Data privacy and de-identification standards and best practices

  • On-demand or subscription-based whitepapers, blogs, and curated content to keep your business current on emerging threats within your market's security and privacy landscape

 

Cylidify can work directly with your development and operational teams as a security and privacy resource and advocate.

 
 

Offensive Security (OffSec)

You never really know until you try...

Move your organization past static analysis to direct, dynamic analysis. Surface issues earlier via consulting, services, or referrals for:

  • Early phases: architecture, design, and development including Threat Modeling

  • Later phases: development, deployment, and operationalization including performance and regression testing contexts

  • Vulnerability and network scanning

  • Penetration testing

  • Adversarial simulations such as red vs. blue, "purple", capture-the-flag, etc.

 

The above activities are related, but very different  and often confused. We can help clarify the differences and provide a plan and approach to meet your specific needs. 

Cylidify can also manage your existing offensive security efforts to help scope, plan, and manage these engagements maximizing the fidelity and value. This can be extended to interpret, respond, or do remediation or mitigation of issues found by other vendors, bounty programs, auditors, or your clients.

Infusing security into your IT and software development life-cycle "baked-in" versus "bolted-on"...

Development, implementation, and tuning of cybersecurity processes and practices integrated with your SDLC and aligned to your development methodology and business needs:

  • Creation and implementation of a Security Development Lifecycle (SDL​) 

  • Direct engagements to assist with security and privacy needs in architecture and design, application development, and operational aspects of SDL practices – including specific issue remediation or mitigation

 

Cylidify has expertise in the architecture, design, and development of applications and services to create secure solutions. We believe that infusing security and privacy into your SDLC leads to long term value. Earlier is always better (i.e. "baked-in" versus "bolted-on") knowing that a business must also be able to respond threats or attacks with agility. 

 

Are we missing something?

Cybersecurity and privacy are dynamic landscapes requiring extreme agility...

At Cylidify, we strive to work with agility and stay on the leading edge of cybersecurity and privacy. If we have missed something in our offerings, please let us know. If what you need (or want) isn't listed, please contact us to discuss how we can assist directly or via referrals and brokering within our partner network.

Confidentiality is a key aspect of our business and we maintain it throughout all engagements in addition to the necessary agreements, contracts, and NDAs. We are here to help and will make productive use your time — all of our interactions begin with active listening and questions versus marketing and sales.

We know our capabilities and the marketplace allowing us to help you to make the right and "right now" decisions.