I help organisations manage information security risks by protecting data, process and technologies, in-line with industry and regulatory compliance requirements and best practices. I also help strengthen security governance and intellectual frameworks. Each organisation will be dealing with unique IT security threats, so the day-to-day tasks can vary greatly. As an information security consultant I am prepared to:

  • Determine the most effective way to protect computers, networks, software, data and information systems against any possible attacks
  • Interview staff and heads of departments to determine specific issues
  • Perform vulnerability testing, risk analyses and security assessments
  • Research security standards, security systems and authentication protocols
  • Prepare cost estimates and identify integration issues for IT project managers
  • Plan, research and design robust security architectures for IT projects
  • Test security solutions using industry standard analysis criteria
  • Deliver technical reports and formal papers on test findings
  • Provide technical supervision for (and guidance to) a security team
  • Define, implement and maintain corporate security policies
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Update and upgrade security systems as needed
  • A lot of these responsibilities will depend on the terms of the consulting contract. For example, some companies may expect a consulting firm to monitor and maintain any security plan that is implemented.

In a large organisation, the information security consultant will typically collaborate with IT Project Managers and/or a Security Manager. In my role as an expert consultant, I will design and implement the best security solutions for your organisation’s needs.

Before you receive that notice or your site falls prey to a cyber attack, contact me to begin your assessments.

Cloud

As a technologist with over 20 years experience, I am passionate about using my services to help organisations leverage technology to the fullest extent. I enjoy transforming vision into reality through the effective use of cloud-based services that are affordable and easy to maintain.

Software as a service (SaaS) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet.

Focus on building your business with secure, straightforward, cost-effective SaaS productivity tools. I can help mitigate risk to your critical information. You don't need to buy or maintain servers and everything can be managed from a single interface.

Network Assessment

Your business must operate in a constant stream of information: software updates, patches, security advisories, threat bulletins, etc. Understanding and managing vulnerabilities have become a continuous activity, requiring significant time, attention, and resources.

Many cyber attacks take advantage of basic, often unnoticed security vulnerabilities, such as poor patch management procedures, weak passwords, Web-based personal email services, and the lack of end-user education and sound security policies. This makes an effective assessment a critical first step in the effort to protect data.

Regularly scheduled network vulnerability assessments can help an organisation identify weaknesses in their network security before hackers an attack. The goal of conducting internal or external vulnerability assessments is to identify devices and server on your network that are open to known vulnerabilities without actually compromising your systems.

Network Vulnerability Assessment starts with Asset Discovery which involves doing a network mapping and is essential to provide visibility into your network. Network mapping also helps target the range of IPs for the vulnerability scan. Once I have mapped out your network I can work to granularly define the vulnerability scan to specific network segments and assets of interests.

Using a framework of several open source tools (OpenVAS, NMAP, SQLMap) I perform a comprehensive assessment that can detect security issues in your servers and network devices and provide a security remediation action report.

> Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a “map” of the network. ~ Wikipedia OpenVAS (Open Vulnerability Assessment System, is a framework of several services and tools offering a vulnerability scanning and management solution. ~ Wikipedia

Website Security Assessments

I can scan your Web Site, Virtual Host and Web Server for known security vulnerabilities and misconfigurations. My web server scanning service includes testing a website for thousands of possible security problems, including SSL weaknesses, dangerous files, misconfigured services, vulnerable scripts and other issues.

Compliance

Too often the focus of security is on protecting the IT systems that process and store the vast majority of information, rather than on the information itself. However, given the various threats facing businesses and organisations, this approach is too narrow to accomplish the level of integration, process assurance and overall protection that is required.

My focus is on the strategic alignment of information security with business strategy to support organisational governance objectives, the use of risk management by executing appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to an acceptable level and optimising information security investments in support of organisational objectives.