We live in a brave new world. Technology is changing at a lightning fast pace. All organizations have sensitive data that makes them potential targets for cyber attacks. Companies are under what feels like constant assault from hackers and inside threats alike. The risks are not static and vary significantly depending on organizational culture, business practices, IT infrastructure complexity, and other factors. For better or worse, there is no silver bullet when it comes to security. In this seemingly crazy, chaotic atmosphere, it may be tempting to bury your head in the sand and hope for the best.
This is where we come in. We’re here to help, whether you’re a CISO managing an established security program or a small business that is just beginning to build a program. The truth is that no one has all the answers (not even us). We specialize in helping our clients understand and prioritize digital risks. We provide our clients with the tools to help them effectively organize, mitigate, and manage those risks. We deliver a broad range of cost-effective CISO solutions to build or enhance any security program.
Our Work
Whether you’re a CISO managing an established security program or a small business that is just beginning to build a program, we're here to help. We deliver a broad range of cost-effective solutions to build or enhance any security program.
Virtual CISO
We support management teams by providing interim-to-long term chief information security officers (CISO). We can be temporary, or part of the team, for as long as you need. We “virtually” sit right next to you. We’re part of the team. With our Virtual CISO service, our experts build highly effective security programs, drive information security strategy and initiatives, assess legal and regulatory requirements, monitor the latest threat tactics and techniques, and partner with corporate leaders to balance security requirements with the organization’s strategic business goals.
Cyber Risk Prioritization
Organizations today face threats from diverse groups, ranging from nation-states to financially-motivated cybercriminals to vindicative insiders. It would take near-unlimited resources to implement controls that fully address each and every threat. So instead, we believe that organizations must prioritize their security risks in order to build an effective strategy.
Tensyl works closely with our clients to identify, measure, and prioritize risks. We conduct best-in-class security risk assessments that provide our clients with quick, actionable intel. We build roadmaps for program growth over one-year, two-year, and three-year horizons. We set realistic targets based on available resources and good old-fashioned common sense. We leverage the risk prioritization analyses to help clients with budgeting and return on investment (ROI) analyses.
Technical Testing
Every network has vulnerabilities, even those that experienced infosec professionals manage. To suggest your network is impenetrable is hubris. We all have blind spots. It's human nature. The difference between well-managed organizations and everyone else lies in recognizing this inherent weakness. Bringing in independent third parties is important. Fresh eyes promise new perspectives.
Tensyl offers a wide range of technical testing. We perform vulnerability scanning utilizing Security Content Automation Protocol (SCAP)-compliant vulnerability scanning tools. We perform sophisticated, bespoke penetration testing against an array of targets—networks, hosts, applications, employees. We identify vulnerabilities and attack vectors that can be used to exploit enterprise systems before the bad guys do.
Incident Response Readiness
Tensyl’s experts have extensive experience performing complex incident response (IR) investigations. We have seen first-hand what works and what can go wrong. We leverage our IR experience to assess companies’ IR readiness. We develop operationally-friendly incident response plans (IRP) that detail the process for identifying and escalating security incidents, containment and recovery, and the roles and responsibilities of the response team, among other things. We also perform comprehensive IR preparedness assessments to identify material gaps or significant shortcomings in a client’s IR policy, plan, and procedures, and to evaluate the company’s ability to effectively detect and respond to a security incident. We also build and perform customized table top exercises that test the efficacy of our client’s IRP and evaluate our client’s preparedness to respond in the event of a significant security incident.
Supplier Risk Management
These days, organizations regularly turn to third party vendors, suppliers, and other contractors for support. But outsourcing services creates security risks. Companies may allow vendors to directly access their corporate network. Or companies may transfer data directly to vendors. Regardless of the precise workflow, access to highly confidential and sensitive data presents security risks to organizations. Regulators have taken notice and now require companies to provide robust oversight of their supply chain.
Tensyl helps clients build defensible supplier risk management programs. Based on each client’s individual regulatory and business requirements, we perform due diligence during supplier selection, establish minimum levels of security expected of suppliers, create custom risk assessment matrices, and perform ongoing monitoring and oversight of suppliers.
Cyber Education and Training
One of the best things that any organization can do to avoid being victimized by cybercriminals is to help employees become more “cyber situationally aware.” The more adept employees are at recognizing cyber threats—spotting phishing messages or recognizing the importance of keeping software up-to-date, for instance—the more likely they will be to protect, detect, and respond appropriately.
Tensyl has ample experience developing cybersecurity awareness education and training programs that provide actionable training based on the latest attacker threat profiles. We create and deliver customized training modules that include content relevant to the specific risks that our clients face, such as phishing. The trainings aim to provide concrete steps that non-technical audiences can use to identify and appropriately handle cyber threats.