Made with FlowPaper - Flipbook Maker
< Previous10 In a nutshell, Alacrinet provides advanced solutions that detect, protect, and remediate attacks. Beyond products themselves, Alacrinet also delivers the services to show customers how to use them in the best practices based on industry guidelines, norms, and standards. As a company focused on enhancing the overall security posture of its clientele, Alacrinet offers a variety of services to its customers helping them secure themselves optimally from preventing breaches to attacks and malicious hacks. Alacrinet enables companies to secure their entire endpoint landscape and protect the business network from outside threats by identifying vulnerabilities and proactively securing the environment. “Our goal is to provide the necessary tools, and implementation of those from vendors to enterprise security. We also manage those security tools and provide the necessary training and guidelines for best practices,” adds Bouchard. Security and Compliance Integrated Alacrinet has a variety of offerings that are primarily focused on the compliance needs of its customers. In addition to performing the PCI compliance test for customers, the company also does penetration tests and assessments. With Alacrinet, organizations can understand their exact compliance requirements. Whereas the penetration test provides them with a sense of how vulnerable they currently are. While penetration testing has traditionally been either Black or White, Alacrinet takes a Grey Box approach that combines Black Box and White Box tactics to give the most comprehensive pentesting. This method goes beyond scripts and automation to deliver better results that help minimize the risk profile. Utilizing this unique approach, Alacrinet provides clients a thorough analysis with automated scans to test the strength of their credentials and manual testing by an expert. From data security to application security, Alacrinet takes care of a client’s complete security requirements. When it comes to application security, the team ensures it with static and dynamic testing across the lifecycle. They will ensure to adapt to new development methodologies and increased application complexity while rapidly testing, detecting, and remediating security vulnerabilities on the web, and in mobile and desktop applications. Alacrinet will also enable controlled access to systems across all devices, provide secure access to resources and manage identities. In addition, the company offers managed services and expert support to its customers. Alacrinet’s managed security services are one of their kind with a highly dedicated team focused on knowing the latest threats, preventing vulnerabilities, and providing value. The company’s wide range of service options meet specific needs and address key elements of securing a client’s business environment. For some, that means full 24x7x365 monitoring, alerting, and response. For others, it’s taking care of administrative tasks and maintaining uptime. Committed to Innovation What makes the company stand out is its innovation lab. The main purpose of the lab is to further develop offensive security research. “Our client base is comprised mostly of the Fortune 1000 and they face unique cybersecurity concerns. Within our portfolio, there is a subset of early adopters, about 15%, who are consistently searching for innovative solutions, even if unproven in the marketplace. These CIOs and CISOs are regularly asking about new technologies and research in cybersecurity. Listening to our clients put us on the path of investing in offensive cybersecurity research and seeking innovative startups in the space to partner with,” points Bouchard. The realization that Alacrinet can be the conduit between established businesses seeking cutting-edge cybersecurity technologies and startups looking for companies interested in testing novel solutions, has created significant value in the marketplace. “Our researchers can vet those new technologies and present them to clients seeking next-generation solutions. This is the magic behind our lab,” adds Mike Pena, VP, Penetration Testing and Research, Alacrinet Consulting Services. In early 2021, Alacrinet Consulting Services acquired Chamber’s Key, a boutique offensive cybersecurity research firm based out of Seattle, Washington. Mike Pena, former CEO of Chamber’s Key and now Vice President of Pentesting Services at Alacrinet leads the newly established innovation lab. “The idea that Alacrinet can leverage its technical expertise and client portfolio to help cybersecurity startups go to market is a game- changer in the industry. Our clients are seeking next-generation cybersecurity solutions and we are committed to finding those emerging technologies,” adds Pena. Mike Pena’s experience in raising venture capital and working with private investment groups has proven vital to the success of the lab. “Collaborating with researchers from the InfoSec community, and bringing their technologies to clients and investors has helped evangelize our lab’s value in the marketplace,” explains Pena. Building An Unbreakable Armor At Alacrinet the work culture is set by their unique and experienced leadership. The company adopts a strategy that puts the client first, no micromanaging, and trusts employees while promoting a level of seamless collaboration. It’s no wonder why Alacrinet has seen growth during the global pandemic when other organizations were forced into remote working. Moreover, the company assembles great technology to create and integrate customized solutions. Cloud, Analytics, Mobile, Social, and Portal offer key solutions for IT infrastructure. “We've put together a strong team of highly knowledgeable folks in cybersecurity who have various career paths. With ongoing training and certifications our team has extensive knowledge in areas such as Development (front end, server-side, and mobile), Administration, Project Management, and UX & UI Design,” explains Bouchard. While some companies struggled in transitioning their workforce remotely and establishing an “online corporate culture” Alacrinet had been doing this for years. “The pandemic forced us to be a more dynamic workforce and I believe our success had everything to do with our culture.” This corporate culture is now part of the Alacrinet lab’s DNA. “Employees who feel empowered to take ownership of their clients' needs and who want to support their respective team members will figure out solutions. Our goal is to provide world- class cybersecurity researchers and business-friendly consultants,” explains Mike Pena. “Over 68% of our clients are repeat customers and it’s because our team of security experts is business-friendly. We’re partners to our clients. We want our clients to feel comfortable with asking tough questions. Beyond the pentest, we’re teaching our clients and their blue teams, to identify potential attack paths the way a real-world threat actor would,” he concludes. Our researchers can vet those new technologies and present them to clients seeking next generation solutions. This is the magic behind our lab13 A-LIGN is a technology-enabled security and compliance partner that helps global organizations take a strategic approach to confidently mitigate cybersecurity risks. Their breadth and depth of expertise and A-SCEND, their proprietary compliance management platform, enable clients assess against the leading cybersecurity compliance frameworks important to their business – with one partner. T hough security systems are still evolving, so are the security threats. Amidst these challenges, the new remote work culture is also making it easier for attackers to breach even the strongest security systems. Moreover, organizations are already overwhelmed with the number of cybersecurity regulations that businesses are to align with. This is why most IT teams rely on cybersecurity consulting service providers who can help businesses resolve their security and compliance requirements as easily as they can be. The IT Security Consulting industry has experienced a proliferation of e-commerce, mobile computing, and the internet that accelerated the industry's rapid growth. Furthermore, several high-profile security attacks on businesses have added fuel to this acceleration. However, there are also several new companies coming up with innovative and cutting-edge solutions and services that could deal with a variety of client requirements. At this juncture, to help businesses deal with the changing cybersecurity landscape and find the right cybersecurity consulting service provider, we’ve created this special edition on Security Consulting Service Providers 2022. The companies listed below are shortlisted by a team of cybersecurity specialists, CTOs, CEOs, and our editorial board. The companies are selected based on their innovative service offerings as well as the strategies that they are adopting to deal with the rising security threats. As a leading cybersecurity and information technology consultant, Alacrinet's goal is to deliver the right services and solutions that meet their clients' IT security strategy. They are a full-service partner with a team of experts who continue to develop their skills, knowledge, and certifications for the benefit of their clients. Scott Price Founder & CEO Management Location Website a-lign.com Tampa, FL Brian Bouchard President & CEO Management Location Website alacrinet.com Palo Alto, CA CONSULTING COMPANIES 2022 TOP SECURITY Aptiva is founded by a team of experienced professionals with a solid base in IT and Management. They are offering advanced solutions in the realms of information technology and consultation, to a host of clients belonging to industry verticals as diverse as telecommunications, finance, insurance and healthcare, besides a number of federal, state and local government agencies across crucial markets. Atlas Cybersecurity is a Managed Security Service provider serving small and mid-sized businesses. They focus on providing world-class cybersecurity services and advanced threat defences for their clients for at a price point that makes business sense. Avancer Corporation is an information security consulting firm founded in 2004. Over the years, it has gained an edge in the field of Identity and Access Governance, IT Security and Big Data Management. Their services ranges from full term project life-cycle implementation to tailor made short-haul projects including software procurement, architectural advisement, design and development through deployment, administration and training. Collective Insights is a management and technology consulting firm whose job is to get clients where they're going. Driven by their core values: Clients, Culture, and Community; Collective Insights plot a course that moves all in the right direction. Their trusted solutions and friendly smiles will make the journey worthwhile. Rao Vemuri CEO Management Location Website aptivacorp.com Somerset, NJ Benjamin Dynkin Co-Founder & CEO Management Location Website atlas-cybersecurity.com Great Neck, NY Arun Mehta Co-Founder & CEO Management Location Website avancercorp.com Cranbury, NJ Cameron Meyer Director Management Location Website collectiveinsights.com Atlanta, GA CONSULTING COMPANIES 2022 TOP SECURITY CRANIUM believe in a world where every trustworthy organization cares about the privacy of people and their data. Moreover, the trustworthy organizations create a culture and environment that is resilient to security attacks. They build an international organization that recruits, develops and retains top consultants and that creates top-notch solutions and services that create real added value to our customers by changing the behavior of people. Backed by two decades of hands-on experience, Synkriom's strong insight on enterprise ecosystem and its dynamics offer complete end-to-end solutions. They automate the recruitment process with intelligent solutions to save enormous time and money. Synkriom leads the industry with experience authentication of candidates. TrustedSec is an information security consulting team at the forefront of attack simulations with a focus on strategic risk- management. Their goal is to help organizations defend against threats of all kinds and change the security industry for the better. With a team handpicked not only for expertise and technical skill, but for ethical character and dedication, TrustedSec is committed to increasing the security posture of organizations around the world. Impact Makers makes a lasting impact on their clients and communities through business and technology consulting solutions. Their teams successfully combine technical depth with strong business understanding to deliver holistic consulting across data, cloud, cybersecurity, and enterprise agility. Impact Makers consultants are trusted advisors to clients, ensuring that solutions align to the client’s goals and strategy to create real business value. Patrik Ferwerda CEO Management Location Website craniumusa.com Zaventem, België Michael Pirron Founder & CEO Management Location Website impactmakers.com Richmond, VA Komal Dangi Founder & CEO Management Location Website synkriom.com Piscataway, NJ David Kennedy Founder & CEO Management Location Website trustedsec.com Fairlawn, OH CONSULTING COMPANIES 2022 TOP SECURITY CONSULTING COMPANIES 2022 TOP SECURITY Cybersecurity Compliance and Audit Services S mall and medium-sized enterprises may find cybersecurity to be a frightening issue. In addition to the expense and technical knowledge necessary to implement adequate safeguards, ensuring that a company's data and security policies comply with industry requirements may be difficult. A-LIGN, a Tampa-based firm, seeks to fill that need. A-LIGN is a cybersecurity firm that conducts audits of small and medium- sized organizations to discover vulnerabilities in their systems and ensure that they satisfy the industry's basic data security criteria. A-LIGN collaborates with businesses to provide them with the different types of audits they require while minimizing downtime. More than 2,500 worldwide enterprises trust A-LIGN as a technology-enabled security and compliance partner to manage cybersecurity threats. A-LIGN was established in 2009 to assist businesses in navigating the intricacies of cybersecurity and compliance by providing bespoke solutions that are tailored to each company's individual goals and objectives. The A-SCEND compliance management solution combines user-friendly software with years of multi-framework audit knowledge into a single SaaS application that guides a firm through the whole audit process, from preparedness to reporting. Scott Price, Founder and CEO at A-LIGN, says, "Cyber threats have only become more prevalent in recent years, and it's extremely rewarding to be on the front lines helping businesses to build more secure environments and to successfully meet their industries' unique compliance and cybersecurity challenges." The A-LIGN HITRUST CSF is a comprehensive, modular, and certifiable security framework that is utilized by enterprises in a variety of sectors to efficiently handle regulatory compliance and risk management. HITRUST delivers a full, certifiable security and privacy standard by drawing on important pre-existing frameworks and engaging with enterprises to better understand their needs. Customers can have trust in the security of their data and personal information thanks to this standard. The A-OSEE, LIGN's OSCE, and OSCP Certified Penetration Testers will apply the most up- to-date cybersecurity techniques to ensure that the company's sensitive data is safe. Their skilled team uses automatic and manual methodologies to detect flaws in servers, end-user workstations, wireless networks, and web-based applications, as well as evaluate security awareness, human-layer controls, and physical facility controls. A-LIGN delivers trusted security compliance through a variety of A-LIGN Scott Price, Founder, CEO17 services such as SOC assessments, ISO certifications, healthcare assessments, federal assessments, and cybersecurity. The A-SCEND compliance management solution brings together user-friendly software and years of multi-framework audit experience into a single SaaS application designed to bring you through the entire audit experience – from readiness to report. Built by a team of auditing experts, and inspired by clients, A-SCEND platform is used during all audits to streamline the audit process by centralizing evidence collection, standardize compliance requests across multiple security frameworks, consolidate audits to minimize expenses and improve productivity and automate SOC 2 Readiness Assessment. To ensure excellent quality throughout the audit lifecycle, from preparation to report, A-LIGN focuses on people and technology. Their basic principles show commitment to their clients, which is demonstrated in their enthusiasm, devotion, and outcomes. The SOC 2 Readiness Assessment from A-SCEND is meant to make a firm’s SOC 2 project easier by automating it so that the firm can assess the readiness before the audit begins. With the SaaS SOC 2 Readiness Assessment, a firm can not only save half the time it takes to get ready but can also get the help of professional SOC 2 auditors from the world's leading SOC 2 issuer. The independent cybersecurity audits and assessments performed by A-LIGN enable businesses to reassure their clients that sensitive data is secured and mission-critical activities are carried out safely. A-LIGN's success is due in large part to its customer-centric strategy, which involves partnering with clients and employing innovative technology to help them enhance security and achieve meaningful commercial goals. A-LIGN's capacity to adapt during various challenges has fueled both operational and revenue growth. With its breadth and depth of knowledge, unique compliance management platform, A-SCEND, and years of expertise deployed across the compliance process, A-LIGN now serves over 2,500 worldwide enterprises, ensuring superior service to its clients. By being deliberate in their actions and adaptable in their approach, A-LIGN assists in solving the particular compliance and cybersecurity difficulties a firm may encounter. Price concludes, "We don't want A-LIGN to just grow, we want A-LIGN to grow in the right way." We don't want A-LIGN to just grow, we want A-LIGN to grow in the right way18 IS MORE THAN JUST RULES AND BEST PRACTICES DATA GOVERNANCE By Rajeev Peshawaria, CEO, Stewardship Asia Centre T he Covid-19 pandemic has accelerated the adoption of online business, and companies are collecting and harvesting more data than ever. For consumers, it has become inconceivable to live without the internet. While ethical companies will be transparent about how they collect and use the data, some others do so without the consumer’s permission and even awareness. According to a PwC Consumer Intelligence Series survey, 76 per cent of global consumers think that “sharing my personal information with companies is a necessary evil,” and 60 per cent expect the companies with whom they do business to suffer a data breach someday. In the same survey, 55 per cent of businesses feel that consumer trust in their technology is growing. However, only 21 per cent of consumers report such growing trust. As users’ digital footprint expands, more are demanding better protection and privacy of their data. The dilemma for business leaders is that data security and privacy cost money but are largely invisible to the consumer. However, with an increasing number of interconnected systems, a data breach is potentially catastrophic. Lawmakers and governments are doing their part. Worldwide, there has been a proliferation of legal frameworks and policies to ensure appropriate controls on collecting, processing, and storing of personal data. But regulatory pressure alone has not prevented violations because, in some cases, companies are seen satisfying the 19 minimum regulatory requirements. Some will risk ignoring the rules because of cost. While rules, regulations, reporting and disclosure requirements, and even hiring data officers, are ways to mitigate such risks, these measures are more effective when underpinned by genuine stewardship leadership. In other words, businesses need to be responsible stewards of data. But what is steward leadership? Steward Leadership in business is the genuine desire and persistence to create a collective better future. Actions driven by steward leadership result in long-term value creation because they address the needs of a wide range of stakeholders, not just shareholders. Steward Leadership is guided by four principles: interdependence, ownership mentality, long- term view and creative resilience. Business leaders who adopt this mindset and practice are steward leaders, and they are intrinsically motivated to do well by doing good. So, what are the essence of the four principles mentioned above in the context of data stewardship? Steward leadership and data (Cyber) security Interdependence: Steward leaders see the world as an integrated and interconnected web in which the success of each constituent is coupled with that of other constituents. They understand that any data breach will lead to potential harm for consumers and the loss of credibility and reputation for the company. So they take it upon themselves to address the needs of all related stakeholders and do what is needed to protect data. The duty of care extends beyond that of box-ticking efforts. In fact, research by Boston Globe Consulting stated that data misuse – defined as the use of data outside the original purpose for which it was gathered – can cause consumers to cut their spending with a company by about a third. Ownership mentality: Operating with an ownership mentality requires business leaders to be transparent about their data collection, usage and management practices. Leaders need to put themselves in the shoes of a consumer and exercise caution and ownership to ensure they treat and guard stakeholder data responsibly to prevent a trust deficit. They must understand what counter-parties expect and implement it. Training, insurance, server redundancy, and many other items, unseen but essential, need to be acquired. Long-term thinking: Consumers’ attitudes are changing. Countries and governments worldwide are also responding with stronger laws that emphasise data privacy and protection. Steward leaders go beyond short- term gains and superficial adherence to regulations to delivering durable and safe products and services that provide value over the long term. They also proactively build trust with their customers to ensure the long-term viability of their business models. Creative resilience: Steward leaders understand that they need a blueprint for data security that matches today’s challenges. The status quo may not be good enough. If this means re-engineering the entire existing IT infrastructure at great cost to shareholders to improve customer data security materially, so be it. Steward leaders manage the tough decisions. A steward leader would not think of doing the regulatory minimum. Instead, he or she would ask, “Have I protected customers to a degree that is adequate?” So how should a business put these values into practice? Three steps: 1) Integrate the four stewardship values with your organisational and personal values 2) Based on these values, articulate your business stewardship purpose to create a collective better future for all your stakeholders 3) Consistently use the stewardship values to guide all actions and decisions. The four values and purpose together form a company’s Steward Leadership Compass. This compass will guide and govern all actions taken by management and employees. But simply developing the Compass and printing colourful posters will not do the job. Steward leaders must make the Compass a way of life (step 3). This is hard work, but in today’s transparent world, it is perhaps the only way to safeguard long-term success. Rajeev Peshawaria, Chief Executive OfficerNext >