top of page

IT SECURITY

Would You Like Me to Personally

Assess Your IT Security Risks and Key Controls That Are

Putting Your Organization at Incredible Risk and

Potentially Costing You Thousands of Dollars Each Year,

And Do All of That

…For Next to Nothing? (Actually, a Net Gain to You)

 

Dear Fellow Business Executive,

I’ve built my business by providing high-level, personalized service to folks just like yourself. 

Periodically, I have a small opening in my schedule.  When that happens, I seek out one of the very rare executives who truly understands and appreciates the incredible risks you face related to IT Security, and how the identification of critical control weaknesses, and the design and implementation of critical internal controls to correct those weaknesses, can protect you and save you money.

If you’re that executive, we should talk. Click on the button below if you’re ready to schedule a brief call.

(Due to overwhelming demand for our services and the need to provide our current clients with our full attention and exceptional service, we are not accepting new clients at this time.  However, if you’re one of those rare, visionary executives who truly understands the value of the services we provide, please email us to be placed on our waitlist.  Periodically we have an opening and we will contact when a spot becomes available.)

There is no cost to you for this introductory call.  In fact, it will likely pay you dividends.

The Problem:  Every day you hear another story about an organization getting hacked and losing data.  This is just the tip of the iceberg.  There are hundreds, even thousands, more organizations that get hacked every year, but don’t publicize it.

But even worse…the vast majority of these businesses don’t have enough security controls in place to even know that they’ve been hacked!

Is your organization’s network and data secured from unauthorized access from both outside, as well as inside, your organization?

Chances are, it’s not.  In fact, studies have shown that it’s highly likely that your organization has significant weaknesses which have already lead to unauthorized data leaks.  Most organizations don’t realize this until it’s too late.

We can help.

So, what exactly do I do?

Should we decide to work together, I will start by personally executing an IT Security Assessment.  This assessment will help identify key controls weaknesses and make recommendations for corrective actions to resolve those weaknesses.  I can also execute the work to implement those corrective actions to resolve those weaknesses.  Specifically, I will:

  • Develop a custom IT Security Assessment based on your needs;

  • Execute that IT Security Assessment;

  • Identify key control weaknesses;

  • Recommend corrective actions;

  • Help lead your organization’s efforts to resolve any issues and implementation corrective actions; and

  • Conduct follow-up review(s) to ensure that corrective actions are effective at resolving all control weaknesses.

What sort of IT Security internal control weaknesses am I talking about?  There are thousands of critical controls that protect an organization.  Some of the general IT Security control areas may include:

  • Management security controls;

  • Operational security controls;

  • Physical security controls;

  • Data security controls; and

  • Technical security controls.

Another way to look at these controls includes:

  • Preventive controls;

  • Detective controls; and

  • Corrective controls.

But let’s take a look at some specific controls. First, here are a couple of key controls, and some recent real-life examples of how those control weaknesses resulted in huge losses for some organizations.

  • Controls to prevent data breaches.
     

    • Weak controls at Equifax led to the exposure of the personal data of 140 million Americans.  Such control weaknesses are commonplace and can devastate any organization.  A class action lawsuit was filed against Equifax and they settled.

  • Controls to prevent ransomware attacks
     

    • Control weaknesses with the city of Atlanta brought the city to its knees when it was the victim of a ransomware attack that could have been prevented.  Is your organization protected against such attacks?

And here are some additional key controls; controls which, if not fully implemented, could result in enormous losses to your organization.

  • Inventory of Authorized and Unauthorized Devices

  • Inventory of Authorized and Unauthorized Software

  • Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

  • Continuous Vulnerability Assessment and Remediation

  • Controlled Use of Administrative Privileges

  • Maintenance, Monitoring, and Analysis of Audit Logs

  • Email and Web Browsing Protections

  • Malware Defenses

  • Limitation and Control of Network Ports, Protocols, and Services

  • Data Recovery Capability

  • Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

  • Boundary Defense

  • Data Protection

  • Controlled Access Based on the Need to Know

  • Wireless Access Control

  • Account Monitoring and Control

  • Security Skills Assessment and Appropriate Training to Fill Gaps

  • Application Software Security

  • Incident Response and Management

  • Penetration Tests and Red Team Exercises

How confident are you that:

  • All of your key IT security controls are in place and operating effectively?  For example:
     

    • Have you ever been hacked?  How would you know?  For many organizations, the truth is they wouldn’t know.
       

    • Do you know every person in your organization who has an administrative account, for what specific purposes, and on what applications and systems?
       

    • Has any employee ever downloaded confidential data?  How would you know?
       

    • Has any terminated employee ever accessed your systems?  Again, how would you know?

  • Your IT staff have the necessary expertise in not only IT Security, but in understanding critical IT Security controls, how to identify any control weaknesses, and how to correct those weaknesses?
     

    • Here’s the reality.  Very, very few of your IT staff likely possess this expertise.  Is ‘less than zero’ a number?
       

    • Here’s another reality.  Your IT staff is likely over-worked and tend to focus on the basics, such as keeping your systems running.  Therefore, they have to prioritize their work, and IT Security is their lowest priority.
       

    • Here’s yet another reality.  If you ask your IT staff about your IT Security posture, they will likely tell you that all controls are in place and operating effectively; that you have nothing to worry about.  When they tell you this, you should start worrying.

If you are that very rare executive who truly understands and appreciates the incredible risks you face related to IT Security, and how the identification of critical control weaknesses, and the design and implementation of critical internal controls to correct those weaknesses, can protect you and save you money, we should talk.

Here’s how it works.  Simply click on the button below and select one of the available slots on my calendar for an introductory call.  If there are no slots available, you’ll be added to the waiting list and I’ll get back to you on a first come first served basis.  If you’re having trouble accessing my calendar, please use our contact form on the contact page.

During the introductory call, I’ll get to know a little bit more about your situation and whether I think I can help.  I’ll learn about what you’ve got, what you’re doing, and what you want to achieve.

You’ll also get to know a bit more about me, and together we’ll decide if it makes sense to proceed with a meeting at your offices.

When we meet at your offices, whether or not we decide to work together, I’ll provide you with additional insights on how to protect yourself and your organization from critical control weaknesses.

At no cost to you.

(After doing this for over 31 years, I’ve gotten fairly good at not just helping organizations solve large, long-term challenges in this area, but at quickly assessing situations and providing some immediate feedback that you can use right away).

At the end of our meeting in your offices, one of two things will happen:

  1. You will more fully appreciate and understand the risks you face and have some tools and techniques for addressing those risks but decide you can handle them on your own.
     

  2. You will more fully appreciate and understand the risks you face and ask to become my client so I can personally help you and your organization reduce your risks and avoid critical negative outcomes that could paralyze your organization.

If that’s the case, I’m confident we’ll knock it out of the park.

It’s really that simple. No catch.

The worst that can happen is that you have some tools and more information to handle things on your own.  That information, if acted upon, can immediately save you money and reduce your risk.

The best that can happen is we work together to substantially reduce your risks, protect you and the organization from potential negative outcomes, and increase your ROI.  And of course, you receive a raise, a promotion, and go on to negotiate world peace.

And here’s something even bigger to consider.

What does it cost?

My fee for this specific service is generally around a few thousand dollars per month, depending on the scope of the project and services involved.  And that’s usually a drop in the bucket, especially when you consider all of the value that will receive. 

But the reality is that this really doesn’t cost you anything.

Here’s why…

Generally, I save my clients far more money by implementing strategies, processes, and controls, than they pay me in fees. 

Just one, small example - 

When you’re paying me to audit your IT security controls, I will identify multiple control weaknesses for which you are unaware, and help you implement corrective actions to resolve those control weaknesses.  For example, identifying and correcting control weaknesses related to unauthorized disclosure of confidential information.  By doing so, two things happen:

  1. We will prevent future occurrences of issues.  Imagine if your organization had a critical disclosure of confidential data.  How would that impact both yourself and the organization?  What sort of financial impact would that have?  By preventing those occurrences, how much would that be worth both in the short term and the long-term?
     

  2. You will now have the ability to monitor and detect whether you experience any future occurrences.  You see, chances are, if you’re like many organizations I look at, you have no idea whether or not certain issues are occurring because you don’t have the systems and controls in place to monitor for and detect such occurrences.

As I’m sure you can see, my fees are more like an investment, than a cost – an investment that pays dividends, in both the short and long-term.

So, if you are that very rare executive who truly understands and appreciates the incredible risks you face related to IT Security, and how the identification of critical control weaknesses, and the design and implementation of critical internal controls to correct those weaknesses, can protect you and save you money, we should talk.

Simply click on the button below and select one of the available slots on my calendar.  If there are no slots available, you’ll be added to the waiting list.  If you’re having trouble accessing my calendar, please use our contact form on the contact page.

Obviously, this is an extremely limited opportunity, due to the fact that I rarely have openings in my schedule.  You see, I’m already delivering for other clients, and not only do they rarely let my services end, they are so thrilled with the results that they continue to ask me to help them in many other areas.

And if you needed one more reason to schedule a call with me, here you go.  We are a small, specialized firm by design.  It allows me to do something absolutely none of the large consulting firms can ever do – provide you with personalized service.

When you sign up with one of those other firms, you’ll likely start out by dealing with an ‘account manager’; someone with little experience in the actual services being provided.  Their job is to ‘sell’ you on the services.  Once you are ‘sold’, you may never hear from that person again.

Next, they’ll send out one or two junior staff to deliver the services.  By junior staff I mean someone with less than 10 - 15 years’ experience.  Since they lack experience, (and by experience, I mean the kind of experience you get by being in the field for over 30 years), they’ll often take a ‘template’ approach to your situation.  That is, they’ll try to make your situation fit into their template.  It may or may not.

If anyone promises you that they can deliver what you need, without actually sitting down with you and having a detailed discussion, and without the persons present who will actually be doing the work, well…let’s just say that isn’t your ideal situation.

Finally, due to their overhead, their fees tend to be exorbitant.

The bottom line?  I can only work with a few clients at a time, because my clients get me personally.  As much as I might like to work with many other companies, I simply can’t.

So, if you feel like this is right for you and your organization, click on the button below and let’s talk.

 

Let's Talk
bottom of page