OccamSec was founded in 2010 with the objective of solving some of the biggest problems in information security - "Why do consultants keep telling me what I already know?" "How do we actually fix these issues?" "Do we even need to fix these issues?" "How can we make the most out of the technology we already have deployed?" and many others that (based on our operational experience) we felt were not being addressed.
We began by providing penetration testing services and over time we realized that to increase effectiveness required support from intelligence. In addition to finding issues we think it is important to provide recommendations on solutions, based on a client's resources. We also realized that it is vital to obtain and use relevant business information. Context around any issue is needed if it is going to be correctly dealt with.
Today we provide an end-to-end service, with a team operating our own intelligence collection system and a team performing assessments, identifying and helping build remediations, and [architecting | defining | implementing] information security plans. Along the way we also began work on a platform which will help all organizations effectively manage their information security issues, and improve their resilience. This platform has several components, the first of which is in production and solves the problems we have encountered with vendor management (an ever increasing security risk).
Finally, it became apparent to us that operational resilience is what we are helping clients with. The ability to identify and withstand disruptions (primarily due to information security issues) should be a key objective of any infosec program. It is not possible to prevent every risk from materializing, but what we can do is work to ensure that major disruptions to key business processes are minimized, and that measures are in place to deal with them.
The majority of our team have considerable expertise in their chosen field, much of it in operational roles. Our COO used to prepare briefings for the White House, the CFO built a multiple asset OTC trading platform for 200,000 users, and the CEO started coding at 8, hacking at 11, and has over 20 years of professional infosec experience. Our personnel have a vast amount of experience across the private and public sector, and are a team of intelligent, creative thinkers who like solving problems and helping clients.
Do you sell third party products? No we do not. Being vendor agnostic is one of the things we believe makes our recommendations useful.
Why don't you have client references on your site? The first step of an attack is about good reconnaissance, as to find out what security tools clients use and who they work with, so by disclosing our clients we would potentially be helping malicious actors attack them.
So who have you worked with? Many of the worlds largest, most well known brands. Organizations in all sectors, of all sizes, and nearly in all places at this point. References are always available on request.
Why haven't I seen you at SOMECON or heard you on SOMEPODCAST? We are very busy helping our clients out. Although we do plan to become more engaged in the future, for the moment we prefer to focus on helping our clients. It's just, you know, about priorities.
Can you help with......? If it's about an infosec problem, if no one else can help, and if you can get in touch (use the contact page), then yes we can."
524 Broadway, New York, NY 10012
49 Greek Street, London W1D 4EG
Business Centre, Building 1, PO Box 73030, Dubai Internet City, Dubai
307A Kamani St Honolulu, HI 96813