Deliver results

If you need ongoing support or even an interim CISO, we can become an extension of your team to ensure you meet your business goals. We offer a variety of services from penetration testing and simulations to third-party risk management and employee education.

Fractional, Virtual or Interim CISO

What it is:

While we advocate for dedicated in-house leadership, we realize there may be times when businesses may need external supplementation both for the short or long term. We provide services that allow you to engage as much, or as little as you want/need. This allows you to scale to your needs and as your program requires.

What to expect:

We will meet with you to determine the “right” CISO offering for your specific needs. This could include:

  • CISO advisory – such as strategic help, coaching, or assistance standing up and overseeing your program
  • Intermittent direction and leadership for a part-time staff or to fill a CISO leadership gap for a short time.  We work with many types and sizes of organizations through this service and have unique, compelling expertise with large life sciences companies in particular.
  • A fully managed vCISO service that fully leads and executes your program from beginning to end. This is popular for small to mid-sized businesses that can’t staff full teams but want to take advantage of the deep experience of the Reveal Risk team.

Cybersecurity Maturity Model Certification (CMMC) prep for DoD contractors

What it is:

Reveal Risk is a Registered Provider Organization (RPO) to help manufacturers, software developers, or consulting firms compete for DoD contracts. The CMMC standard is dictated under the DFARS (Defense Federal Acquisition Regulation Supplement) 252.204.7021. We help you prepare for the formal audit that is conducted by a separate, CMMC Third Party Assessment Organization (C3PAO).

What to expect:

  • Clear evaluation of your current state, gap analysis, and the appropriate goals/priorities based on the CMMC maturity level for your contract(s).
  • Help building any necessary processes needed to show the C3PAO to pass the test
  • Incident response readiness and reporting
  • Assistance navigating “Prime” contractor audits or third party assessments of your organization
  • Audit readiness (and partnerships with trusted audit firms that are deeply skilled in CMMC)

Penetration testing and adversary simulation

What it is:

Our experts simulate attacks to help you find gaps in your IT controls and security program effectiveness. We provide prioritized recommendations on how to fix the identified gaps by using practitioners that have owned these processes within companies. We conduct penetration tests to check for system vulnerabilities and adversarial simulations (aka Red Team) to test the effectiveness and responsiveness of your incident response teams, controls and processes. On a recurring basis, our team learns your environment and your business, becoming better with each iteration and ensuring your controls evolve over time to keep up with the threat actors.

What to expect:

  • Certified experts in offensive security, who are trained to think and operate as real threat actors would; our team goes far beyond a simple scan and report to identify your real exposure.
  • Multiple vectors, tailored objectives, and jointly-developed, relevant threat scenarios that evolve over time
  • Custom-tailored testing methods designed for your unique environment.
  • A full suite of pen testing options including internal, external, wireless, physical, application, social engineering, web, Red Team.

Incident response testing

What it is:

Our response preparation activities, including wargames, simulation/rehearsals and executive prep sessions, are designed for cross functional leadership to learn the plan, know their role, and practice handling stress and making decisions as the situation unfolds. Rehearsing good behaviors and working out issues in advance of a real security event can improve outcomes and reputations.

What to expect:

  • Facilitated, scenario-based learning session
  • Dynamic and interactive simulations to keep stakeholders (whether local or executive) fully engaged and adding value
  • After-action review that captures key learning and ensures your team improves over time
  • Updated Incident Response Plan and organizational recommendations to improve response to real events

VRM as a service

What it is:

While our goal is to equip you and your team to manage your vulnerability and technical risk program, we realize there may be times when businesses need external support for the short or long term. We can become an extension of your team and provide ongoing support services to find and fix weaknesses that can undermine your security efforts.

What to expect:

Based on a vulnerability risk assessment, we will execute the strategy to address the identified technical gaps and weaknesses.

  • Design of VRM program, processes, and governance structure
  • Execution of scans (or assisting you in doing it yourself if desired)
  • Process elements to triage risks and drive the right actions across IT asset owners (server patching, config changes, code changes)
  • Oversight of governance processes and driving visibility and accountability to ensure commitments are made and upheld

Periodic assessments

What it is:

If your resources do not have the capacity to execute and manage an ongoing internal assessment program, we can become an extension of your team to conduct ongoing assessments.

What to expect:

  • Identification of your assessment needs or requirements
  • Consolidated process that minimizes organizational disruption for crucial stakeholders
  • Options for technology support for ongoing assessments
  • Experienced, Action-oriented assessor support
  • Cyber-experienced project management and execution leadership to ensure assessments are completed

Executive/staff coaching

What it is:

Get control of turnover, culture, and organizational change through independent advisory and/or staff coaching. We have been in your shoes and can help you and your team lead your organization forward.

What to expect:

  • Deeply experienced executive coaches with robust experiences coaching senior leaders at Fortune 500 and smaller organizations
  • Strong abilities to help your leaders grow and succeed (our resources consistent receive strong marks for impact and value)
  • Experience building out new cybersecurity teams and helping fast track team knowledge and experience
  • Experience helping CIOs and senior leaders hire full time CISOs and post-hire assistance in building out teams and processes to grow the program

Operations support

What it is:

While our goal is to equip you and your team to manage your program, we realize there may be times when businesses need external support for the short or long term. We can become an extension of your team and provide ongoing support services.

What to expect:

  • We can supplement / augment your security operations or security services staffing.
  • We have recent experience in augmenting elements such as:
    • Building/enhancing SOC (security operations center) playbooks
    • Augmenting engineering support
    • Rolling out / scaling Privileged Access Management (PAM) tools such as CyberArk
    • Running governance processes
    • Augmenting or owning internal/external risk assessment team capacity

How can we help you?

We want to hear about your challenges and discuss how we can help.
Contact us for an exploratory conversation.

CONTACT US