Services for Cyber Security Professionals and Organization Leaders

Cybersecurity matters, because your business matters. Defending your mission is the moral and right thing to do. The mission of cybersecurity is to enable, sustain, and protect your business.

Our mission is to help you understand the threat and to join organizational priorities with operational capabilities to establish and operate cybersecurity solutions that are effective and right for you.

Most businesses want to be focused on delivering goods and services to their customers. That is what they know, that is why they exist, and that is their priory. Knowing that there are threat actors who are constantly seeking opportunities to interrupt and abuse their work or prey on them or their customers can be daunting. Knowing what to do about it can seem overwhelming. It can be easy to dismiss this threat as not relevant, or too big of a problem to solve; “they won’t target me,” “there’s nothing I can do about it anyway.”

The reality of the professional world, is that the threats are many, they are well resources, they are aggressive, and they expand in scope and scale beyond what individuals are targeted with. Threat actors know that businesses have more resources they can abuse, more information they can gather at once, and a higher likelihood of success by targeting organizations that cannot tolerate disruptions.

In addition to that, many businesses have limited budgets that they have to spread between operating as an organization while adhering to regulated standards so they can deliver their products and services to customers. Reviewing the menu of cybersecurity products and services presented by the industry can itself appear as an overwhelming tax on business priories and finances.

At Practive Security, we have decades of experience helping enterprises understand the threats they face, and building effective cybersecurity programs to counter them. Our focus is on building right-sized solutions that work, tailored specifically to the risks organizations actually face.

We believe the Cybersecurity mission is a noble one, and it is a mission that can be successful. Check out our blog on challenging the mythology of the modern adversary on our Substack page here.

Business Essentials Membership

Our Business Essentials Membership is a $30 / month subscription that provides you access to our library of curated articles, advisories, and other content geared toward professional cyber security contexts. Our goal with this service is to provide you with the ability to learn from our experiences on-demand through written content and presentations. Learn from our 25+ years of experience defending organizations of all sizes from threats of all types.

Advisories
We watch the headlines and information sources to maintain awareness of current threats. When we spot something that we believe needs your attention, we publish advisories in written form that summarize the situation, provide our perspective, and give you practical tips to defend your organization.

In addition, Business Essentials Members receive prioritized booking for custom advisory and consulting engagements, and can submit requests for specific topics or issues to be analyzed and addressed by Practive Security staff. Special requests can include asking for our analysis or interpretation about a threat, a technology, a practice, strategy, or any topic we can provide guidance about based on our expertise.

Strategies
Based on our decades of experience defending businesses and organizations, we publish articles that provide strategic perspectives on all things cybersecurity for professional contexts. Our strategies are meant to empower you with the right mindset to make effective decisions for your organization, and we always provide recommendations from what we have seen actually works, along with warning as to what we have seen doesn’t.

Some examples of our strategic content can be found on our Substack page. We cover topics like best practices for organizational security, how to structure your security team & capabilities, thoughts on cloud security, tips for hiring the right security professionals, guidance on how to develop security policies and plans, and more.

Templates
In addition to providing you with strategic articles that describe how to organize and conduct effective security programs, we provide you with template documents that you can customize to meet your needs. From policy documents, to security organization mission & strategy charters, to incident response plans, and operational playbooks, we have content to get you started.

Lessons Learned
Having decades of enterprise security experience under our belt, we have stories to tell! We hope our lessons learned can save you the pain that we have endured and can enable you to build on a foundation of success.

Threat Intelligence
Understanding your adversary and the threat they pose to your organization is critical to understanding how to prepare to defend against them. Practive Security provides strategic information about specific threats to help you understand what they mean to you.

Trusted Advisor

If you are an individual, head of household, cyber security professional, or business owner and need to consult with Practive Security experts, we offer on-demand advisory support as well as regularly scheduled advisory consultations. We would be honored to advise you on any topic related to Cyber Security that we have expertise in; to let you tap into our experiences, help you think or work through a challenge, or being a trusted partner who can guide you to the right plan or decision. Fill out a contact form and describe your need, and we will scope an engagement accordingly. Check out our About page to learn more about the organizations we have served and the nature of the work we are most experienced in.

Our standard rate for on-demand advisory sessions is $150 / hour. However, special rates are available for non-profit organizations and small businesses.

As long-time practitioners in Cyber Security, we understand the stress. We understand what’s at stake and the pressure to get it right, not only in practice but also with the trust and investments given to you by your stakeholders. One of the major challenges in the Cyber Security industry, is cutting through the noise of product and service marketing to discern what you actually need, what works, and how to optimize use of your investments. We have helped the CISOs of some of the largest Cyber Security companies wrestle through this challenge, and we have worked in parallel with small organizations who truly need to prioritize their every resource and time.

We also know that the big consulting firms are expensive and always want to up-sell. Here’s the good news, we have been consultants to the consultants, so we know their strategies but we have nothing to upsell. Our motivation is to help you succeed.

We would be happy to help you with things like:

• Building or maturing information security programs in full or in part.

• Reviewing a specific scenario or challenge and advising from our experience.

• Answering general questions about information security strategies, tools, and practices.

• Strategic response to a security incident.

• Assessing technology, provider, or service options and helping you choose the best fit.

Consulting Engagements

As a premium service for business customers, we offer a deliverable, project, or time focused consulting service by which customers purchase dedicated support to deliver a specific outcome. Consulting engagements are negotiated on an individual basis and are billed either as a pre-purchased block of hours which can be used on-demand for the duration of the engagement, or billed based on the effort required to produce a particular outcome. Customers needing on-demand consulting may need:

1. Guidance to help build security strategy

2. Help solving specific security problems

3. Tailored threat intelligence and briefings

4. Evaluating and selecting security hardware or software solutions

5. Defining security-related job descriptions, interviewing candidates, and selecting new staff

6. Policy, process, and procedure writing

7. Security training for staff including best practices, investigation methods, IR, threat hunting, and technology optimizations

8. Support in preparing for and conducting regulatory compliance audits or other capability attestations

9. Executive briefings and CISO-level strategic support

10. Organization guidance for security programs

Use the form below to submit a description of your needs and we will work to craft the engagement that works for you.