Security·Defense in depth

Defense in depth, not theater.

Six integrated layers, every one monitored, every alert triaged by a human. Quarterly we attack our own controls to find what's drifted. Aligned to the frameworks our clients are tested against.

L01 / IDENTITY

Who you are.

· MFA enforced· SSO & conditional access· ITDR for Entra/Okta· Privileged access vaulting

L02 / ENDPOINT

Every device.

· EDR + 24/7 MDR· Disk encryption· App allow-listing· Auto-isolation on alert

L03 / NETWORK

The pipes.

· Next-gen firewall· DNS filtering· Segmentation (VLAN/SDP)· Quarterly pen test

L04 / EMAIL

The doorway.

· Advanced threat protection· DMARC / DKIM / SPF· Inbound URL sandboxing· Quarterly phishing drills

L05 / DATA

What's yours.

· Immutable offline backups· 3-2-1-1-0 retention· Encryption at rest & in flight· Tested restores, monthly

L06 / DETECTION

The eyes.

· Wazuh + Sentinel SIEM· 24/7 SOC analyst tier· Log retention 365 days· Runbooks per scenario

Frameworks

Aligned, audited, documented.

Our controls map to the frameworks our clients are tested against. We don't sell certifications — we operate to them, so the evidence already exists when your auditor asks for it.

SOC 2 Type II NIST CSF 2.0 CIS Controls v8 HIPAA / HITECH PCI DSS 4.0 FINRA / SEC 17a-4 CMMC L2 FL Stat. §501.171 FTC Safeguards NYDFS 23 NYCRR 500 ISO/IEC 27001 TPN Gold (M&E)

What you receive

Our SOC 2 Type II report and bridge letter — under NDA, before signing
A written control matrix mapping our practice to your framework
Quarterly evidence packets formatted for auditor consumption
Cyber-insurance attestation language and defensible answers

Operational cadence

Discipline you can audit.

DAILY·

Triage.

Endpoint alerts, identity anomalies, backup-job state. SOC tier-1 + tier-2 review every signal in under one hour.

WEEKLY·

Verify.

Backup restore samples, patch compliance, MFA enrollment drift. Synthetic transactions across critical apps.

MONTHLY·

Report.

Health report to leadership, vulnerability remediation summary, identity hygiene scorecard, change log.

QUARTERLY·

Attack.

External pen test, internal red-team scenario, phishing simulation, tabletop exercise. Findings remediated before next quarter.

Incident response

When something is on fire.

Our DFIR engineers carry runbooks for the scenarios we see most: business-email compromise, ransomware deployment, insider misuse, lost device. Notification clocks start the moment we engage.

Standard response

T+0 ·Engineer on call within 15 minutes (P1)
T+1h ·Containment — isolate hosts, revoke sessions, freeze accounts
T+4h ·Forensic image of affected systems, evidence chain established
T+24h ·Root-cause hypothesis, eradication plan, communication template
T+72h ·Notification window for regulated breaches (HIPAA, FL §501.171)
T+10d ·Final incident report with corrective actions, written by humans

What we do not do

We do not pay ransoms. We do not negotiate with threat actors on a client's behalf without written authorization, legal counsel, and (for sanctioned groups) Treasury OFAC clearance. We document every decision so the record exists if regulators or insurers ask.

Retainer clients have an after-hours line in their welcome packet. Non-clients can engage us as same-day rescue at the published premium rate; SOW lands by email within an hour of intake.