Blog

Cyber Security Advisory Services (YouTube Video)

In this video, Steve Ripper talks about cyber security advisory services including risk assessment, software, firewall services and consulting, security training, and policy requirements.

Hi, my name is Steve Ripper and I’m a Senior Network Engineer with Portsmouth Computer Group. I am also a member of the security services team. Our security services encompass many different things that we offer to companies so that they can get their security posture correct for the environment and the industry that they are in.

Our security services encompass risk assessments, software that will secure the environment, firewall services and consulting on that matter, security training and training aids, as well as reaching policy requirements that a company might need. Our risk assessments will encompass questions via the NIST framework that we will ask. We will do vulnerability and internal vulnerability scanning. We will do reports that kind of let a company know where their posture is at this time and recommendations of where they need to go to reach the level that they would like to be, to be in a more secure posture.

Our software usually encompasses things like EDR, edge detection and response, where we’re going to put software on each computer that needs to be protected or all of them to give them even better protection than standard anti-virus. EDRs will do what’s called a heuristic scan where it will look at behavior. If something is going on with that machine out of the usual or instead of the definitions that are listed on that machine. If it is just doing a process where it is out of the norm of what that computer will should be doing, the system will flag that and give it further protection.

Our training offerings are very much based around either live training or phishing style campaigns, where I will either stand in front of people and train them in what they’re looking for, what they should be watching out for. What the scams are, what the current trends in the industry are, and so what to be aware of. Our phishing campaigns are more automated, where we’re going to send emails out to people that basically replicate what those attacks are attempting to do so that they can get prepared for it. They can have conversations about what that looks like and what their culture should be to fight these types of attacks.

Lastly, our services will attempt to help companies reach maybe a policy requirement that they’re trying to do, whether it’s CMMC Level 3 or maybe work for the Department of Defense, or maybe they just have cyber insurance requirements that they’re trying to meet. We’ll take a look at what those policy requirements are and then make recommendations and help them get to that level, where they can say that they can either get the certificate, whatever they need to be able to say that they have met these requirements and they can now do business in that way.