Due to personnel decisions, expanding business opportunities, as well as attrition a regional bank found itself with no senior staff to run its cybersecurity operations. It had been relying on misaligned contractors and consultants which cost an exorbitant amount of money. A decision was made to develop internal talent but they needed assistance to guide, train, and support the growth of their team. Silent Sector was engaged to fulfill this need and provide the institution with the ability to eventually rely on its own internal staff. The in-house team would be able to provide the necessary guidance, direction, and support for the organization, over time. Silent Sector started the process with meetings and alignment to the CIS CSC20 framework, identifying the needs of the client through interviews and discussions. Silent Sector recommended specific training, processes, tools, and modifications to existing internal processes. Silent Sector team members were also able meet with internal stakeholders, while maintaining an advisory role and working with the client to grow their internal staff's capabilities.
A B2B software company had grown very quickly due to rapid market adoption of its innovative product. With the CTO and founding partner's growing responsibilities, as well as the growth of the development team, it was no longer possible to provide adequate internally managed quality assurance and security testing of the product. They quickly recognized the need for a third party to test their platform in development and production, with the added complication of having a limited budget. The software company engaged Silent Sector to provide in-depth and comprehensive Penetration Testing and product review within their budget. Silent Sector completed the required testing within the client's time frame and budget, ending with a live demonstration of the significant findings. The company was provided comprehensive, specialized documentation and findings evidence to meet its unique needs.
A Department of Insurance for a Mid-Western state required a forensic investigation for alleged data theft. The courts required a 3rd party to ascertain what data was taken and the methods used to extract the data from the insurance department's computers. The suspected individual had already been put on administrative leave. Silent Sector began with an analysis of all communications channels, keeping clear chain of custody as the evidence was obtained. Within a matter of hours, Silent Sector identified the data theft as a mail server backup job writing to another internal server. Silent Sector was able to provide evidence that the individual did not steal data, but was using his own active directory account to accomplish the backup job that was occurring in the middle of the night. The courts dismissed the claims and the insurance department apologized, paid the employee for time off, and he returned to his position. The client appreciated Silent Sector's practice of strong transparency in direction of truth and logic, regardless of the assumed situation.
A small software as a service (SaaS) company found itself with very large Fortune 1000 clients wanting to use their services. When the large companies began negotiating initial contracts, the small SaaS company realized there was a demand in the contracts for cybersecurity practices they did not have in place. The SaaS company's CIO reached out to Silent Sector for support. By providing ongoing cybersecurity leadership services, Silent Sector was able to implement a sustainable program, bridge the cybersecurity communications gap between potential clients, and respond to the 3rd party security questionnaires. These activities resulted in expediting the procurement process and a smoother sales cycle. Silent Sector was to obtain the small SaaS company millions in additional revenue from large clients, by leveraging cybersecurity as a major sales benefit over the competition. Partnering with Silent Sector also allowed the SaaS company to implement a proactive security posture with defense in depth strategies, cyclic penetration testing and industry related security compliance.
A very large, prominent name in the technology world began to undergo Payment Card Industry certification (PCI DSS Compliance). During this process they identified they did not have adequate resources or expertise in this compliance framework. Silent Sector was engaged to provide force multiplication for the in-house compliance project management office. After working with the client and the 3rd party PCI QSA firm, Silent Sector was able to accomplish a passing assessment. The work done by Silent Sector to obtain PCI Compliance was able to save the corporation over $1,000,000 per-month in fines and fees, that would have resulted from their previous non-compliance contractual terms. Silent Sector went on to provide an operationalized PCI program that would assist the organization in performing self-assessment activities year-round in preparation for the recurring annual PCI audits.
A division of an international medical device company with no internal cybersecurity structure or managed security services ran into an issue when their customers began questioning the security of their products. These devices were being used in large hospitals and connected to the hospitals' networks, with unknown security environments. The company had never looked at their product as a potential security risk since it was seen as a closed system. The company engaged Silent Sector to discuss their product and provide high level documentation on the potential risks. The client had minimal budget and had the caveat they needed in less than 7 days in order to answer the device users' demands. Due to Silent Sectors commitment to serving small and medium size business, this request was considered critical, not only to the company but to the users as well. Silent Sector immediately recognized the potential for much larger impact to the hospital facility networks if the devices were compromised. Silent Sector assisted the client with a high-level review and provided the needed assurances they could send to their customer, as well as appropriate recommendations for moving forward with the hardening of their devices for secure use.