Information Security Consulting and Virtual CISO Services

Welcome to Virtual Security! We offer comprehensive Information Security consulting and virtual CISO services, with a special focus on PCI Compliance and Cloud Security.

We provide custom IT Security and Compliance solutions for small and medium size businesses (SMBs) and startups. SMBs and startups are the most vulnerable to security breaches, because their focus is on business growth, which can often leave security behind.

The proliferation of cloud environments has blurred the lines between development and systems operations, hence the new term of devops. A good devops team requires an extra set of skills, including a good understanding of software programming. If you add information security into the mix, you get to the next level – devsecops.

What about PCI compliance? An organization that takes credit card payments has to be PCI compliant. Depending on the number of transactions performed, and given the sheer size of the PCI DSS Standard, with hundreds of security controls and requirements, compliance can quickly become overwhelming.

If at the beginning a “security committee” can do a good job, competing priorities with their primary job functions can take them away from this added task. When is it time to hire a security team, and how much would it cost to have a good security team? All these are questions every startup CEO or CTO should ask themselves.

We are proposing a “Security-as-a-Service” model, where a team of experts would take care of all your information security needs – therefore, if you are running in the cloud, or looking into moving your infrastructure to the cloud, you came to the right place!

Contact us for an assessment. You may be surprised what you find in terms of risks to your business.

Our services at a glance

If you are a small business or a startup and don’t have the budget for a dedicated IT Security team, our security consulting and virtual CISO services are a cost effective alternative.

We start with a comprehensive gap assessment to give you an overview of your IT related risks. After that, we can deliver a custom statement of work, addressing your security remediation needs.

We can also work with your auditors and help you navigate seamlessly through PCI, HIPAA or privacy requirements.

We can install and manage our recommended stack of security tools, tried and tested in the field, but we can also work with what you have in place and leverage your investments.

Here are some of our typical engagements:

  • Cloud security assessments – we review your cloud infrastructure setup and provide a report on best practices that you may be missing
  • PCI, SOC, GDPR or HIPAA gap analysis – we review your security posture against these regulations and standards and provide a gap analysis report and advice on remediation
  • PCI compliance management – we manage your daily PCI compliance tasks
  • Information security engineering – help implement a vast array of information security tools

Here are the specific topics we can help with:

  • Policy and standards development: we can write or revamp your information security policies, standards, processes and procedures to blend compliance requirements with existing business practices
  • Implement and manage a comprehensive set of security tools for compliance (e.g. vulnerability scanners, application security testing tools, single sign-on, security logging, monitoring and alerting (SIEM), anti-malware and data loss prevention solutions etc)
  • Develop training and awareness programs for your staff
  • Interact with your auditors, regulators etc and help remediate any non-compliance issues
  • Perform application and systems architecture reviews to ensure no new risks are introduced in the environment
  • Provide continuous feedback on your security posture and advise on a roadmap to continuous improvement, meeting your business requirements and risk profile

Technologies supported/recommended:

  • Vulnerability scanners: Tenable Nessus, Orca
  • Application security testing: Checkmarx, WhiteHat
  • Web application firewalls (WAF): Cloudflare, Incapsula, Signal Sciences
  • Network firewalls: Palo Alto Networks, Sophos
  • SIEM: Sumo Logic, Splunk, Alienvault
  • IAM/SSO: Okta, JumpCloud, Active Directory, WatchGuard
  • Cloud access security brokers (CASB): Aperture, Cloudlock
  • Cloud workload security: Threatstack, Lacework
  • HIDS: OSSEC
  • Anti-malware/EDR: Bitdefender, Sophos, CrowdStrike, Red Canary
  • DLP: Zscaler
  • VPN: Twingate (implementation consulting services provided upon request)

In depth cloud security expertise with the Amazon AWS and Microsoft Azure clouds.

We guarantee our work, and will provide full support until we meet your expectations and you pass your audits with flying colors. We can also ensure you stay compliant between audits, so you are not faced with a heavy workload when the time comes for re-certification.

Compliance is tricky and failure to comply can be very damaging, especially for a small business. Let our experts take this burden off your shoulders!

About

Our company mission

We are a boutique firm with over seven years of experience in the field, specializing in Information Security consulting, working as your virtual CISO or Head of Information Security. We are committed to delivering excellent work through continuous self improvement.

Our customers

To date, we helped several prestigious startups achieve challenging Information Security goals, starting from scratch. Many of them have been acquired by much larger firms or received large capital investments, their security maturity playing an important role in the process.

Here are a few examples:

  • Flow Commerce – managed their Level 1 PCI compliance program since day 1. They were recently acquired by Global-E, a world leading e-commerce platform
  • Touchpeak Software – managed their Level 1 PCI compliance program; they were acquired by Shiji Group, a global payment solution provider
  • Regalii – rebranded as Arcus FI – managed their Level 1 PCI and SOC compliance programs; after they got acquired by MasterCard we helped with their integration within the MasterCard family
  • Paxos – a regulated blockchain infrastructure platform – we provided security engineering services
  • WrapBook – an innovative payroll provider for the entertainment industry – we helped them get their SOC certification during the pandemic
  • Apprentice – we jumpstarted their Information Security program, while being excited about their contribution to the Covid vaccine development

Our team

We are a seasoned team of CISSP certified security consultants with vast experience in several industries, such as financial, healthcare and e-commerce. We can tackle an extensive array of topics – from high level policies and standards all the way down to the technology bits and bytes.

Our services

Here are some of the services we provide. We can design a customized set according to your needs:

  • Governance – we write or review your high level security policies, capturing your way of doing business
  • Network and systems security – we implement standards and tools to configure, harden and monitor your networks and systems security posture
  • Application security – we perform architecture and code reviews to highlight potential security and compliance issues
  • Devops – through our trusted partners
  • Training – we train your personnel on security topics via a customized set of CBTs
  • We manage your security audits and facilitate remediation work
  • We act as your trusted adviser and help you focus on growing your business

Blog

Contact

Contact us at [email protected] for a risk assessment! It may be an eye opener.