Service Descriptions

In every service provided by Oviedo Cybersecurity Consulting, your cybersecurity expert will take the time to describe their methods for accomplishing your objectives to you and your in-house IT team in a way that is appropriately detailed to meet your level of technical know-how. An additional optional service can be requested to provide you with more detailed documentation that can be used to enable your in-house, or MSP IT team to carry forward with best practices established during your active consultation.

Managed Security Services Provider

Secure your organization with serious cybersecurity protection. Oviedo Cybersecurity Consulting, in partnership with Antigen Security, offers Managed Security Service Provider (MSSP) packages that provide confidence in your ability to defend against cyberattacks. Our 3 different tiers of services are designed to meet your specific needs and provide you with the most sophisticated products and features available in the industry.

Our premium service package offers 24/7 "eyes on glass" SOC support, which means real humans are monitoring your systems at all times. Additionally, our premium package automatically pre-qualifies your organization for cybersecurity insurance from some of the most established names in the industry, which means you can have peace of mind knowing that you are covered in the event of a cyberattack.

As your MSSP, we bring you the capability to prevent cyberattacks and disrupt incidents before they become disasters. Our services utilize the most sophisticated products and features, including products from major brands like Duo, Red Canary, SentinelOne, CrowdStrike, and more, to prevent, intervene, and respond to cyber incidents while maintaining the human element your cybersecurity program needs to stay ahead of the curve.

Our MSSP services are designed to provide dedicated customer support, the option to leverage 24/7 security operations, and the capability to perform rapid incident response. With our services, you can gain confidence in the ability for your organization to defend against cyberattacks and have peace of mind knowing that we are always looking out for your cybersecurity.

Inventory Control

Effective cybersecurity starts with knowing what assets you have, where they are, and how they are configured. However, for many small and medium-sized businesses, the sheer volume and complexity of IT assets, especially those in the cloud, make it difficult to gain full visibility and control. This is where a comprehensive inventory control program comes in.

At Oviedo Cybersecurity Consulting, we help you regain control over your IT assets with a modern, risk-conscious inventory control program. We assess your existing cyber environment, including your network layout, SaaS applications, critical hardware and software, and services, to identify any gaps and vulnerabilities that may be present. Then, we help you select and implement inventory control methods and tools that are tailored to your specific business needs.

Our program provides you with detailed visibility into the hardware, software, and other assets that you own, their location, current authenticated users, and other relevant details that can help you better understand your organization's risk profile. By fine-tuning the list of products and services you need, we help you get the biggest cybersecurity impact for each dollar spent.

By establishing an inventory control program with Oviedo Cybersecurity Consulting, you can take the first step towards achieving a more mature cybersecurity posture. With better visibility and control over your assets, you can mitigate risks, prevent potential cyberattacks, and ensure the ongoing security and continuity of your business operations.

Processes and Policy Audit

This service is intended to be hands-on with your in-house IT team or by your side as individuals that are familiar with the layout and makeup of your environment navigate through critical assets and demonstrate their normal administrative tasks, such as creating user accounts, enumerating system properties, checking system health reports, performing patch updates, and similar.

As your cybersecurity expert observes your environment and those that maintain it, they will assemble recommendations to help enhance your organization's cybersecurity posture, including information such as potential weakpoints in policy or practice, security controls that could be better utilized or enhanced, and other concerns worthy of your attention.

The final output of a process and policy audit is a list of recommendations for process improvement, including action items that can help you to establish a more mature cybersecurity posture that is aligned with industry best practices. These recommendations may be as simple as revising current documents or as complex as rethinking how certain IT processes are performed to align with the specific cybersecurity challenges your organization faces.

Risk Profile

Your organization's cybersecurity risk profile is a crucial assessment of the most pressing threats, relative to your willingness to accept each risk. While some risks, such as natural disasters, are unavoidable, many others, such as the risk of a cyberattack, can be mitigated through industry best practices and effective cybersecurity controls. With the increasing frequency and complexity of cyber threats, it's essential to establish a tailored cybersecurity risk profile that aligns with the unique needs and expectations of your organization.

As a cybersecurity expert, we bring knowledge and expertise in areas such as ethics, digital rights and privacy law, regulations and compliance, and technical expertise. We work with your organization to assess your risk profile, taking into account your industry, customers, business partners, and any relevant federal regulations, and help you establish the main objectives for your cybersecurity program. By understanding and managing your risk profile, you can ensure that your organization is operating in accordance with the law and meeting your customers' expectations while minimizing the risk of a cybersecurity incident.

Policy Writing

Writing effective policies is a critical component of any successful cybersecurity program. Policies serve as the guiding principles for your organization's cybersecurity practices and set expectations for employees, vendors, and partners. Without clear policies, your organization is left vulnerable to cybersecurity threats and can suffer from financial and reputational damage.

Effective policies are tailored to your organization's unique needs, taking into account industry regulations, internal risk assessments, and the specific threats facing your organization. Whether you need a simple set of guidelines or a comprehensive manual, our cybersecurity experts can help you craft policies that align with your goals and needs.

The policy writing process is a technical and complex process that requires a deep understanding of cybersecurity principles, laws, and regulations. Our experts have the knowledge and experience to develop policies that not only comply with industry standards but also effectively address the specific needs of your organization.

Cybersecurity Training

Cybersecurity training is a crucial aspect of creating a security-conscious culture within your organization. By conveying core cybersecurity principles to both technical and non-technical staff, you can change the way they view cybersecurity and help them to understand how to better protect your organization. Our custom-tailored training programs are designed to meet the needs of all types of employees, and can be combined with effective company policies and executive leadership to create a truly security-conscious environment.

Our training programs are broken down into three categories:

• Executive Training: This is designed for owners and executives who are interested in reaching a new, more security-conscious market, following laws and regulations related to data protection, reducing the cost of cybersecurity insurance, and anticipating legal and cultural changes related to data protection.

• Technical Training: This is targeted toward IT professionals who want to gain an enhanced understanding of how cybersecurity principles can make their work safer, more efficient, and more effective. Our technical training provides more detailed information about implementing cybersecurity controls and best practices.

• Non-Technical Training: This training is targeted toward employees who do not have an IT background but work with new cybersecurity controls, such as technology and processes. Our non-technical training provides a basic understanding of the importance of cybersecurity and how employees can contribute to a security-conscious culture.

Our training programs are tailored to meet the needs of each specific audience, providing the appropriate degree of technical detail to convey the core concepts effectively. Our programs cover topics such as the organization's cybersecurity policies, how to align efforts with those policies, and how to adapt quickly to newly implemented cybersecurity controls.

Vulnerability Assessment

Vulnerability scanning is essential to understanding the cybersecurity posture of your organization. Our cybersecurity assessments are performed using modern tools and methods to evaluate the effectiveness of your organization's cybersecurity controls, their alignment with industry best practices, and their ability to mitigate relevant threats. This includes a friendly and educational assessment process that emphasizes awareness and understanding of your organization's risk profile.

Our expert team provides an assessment summary that can be used to develop better policies and refine your organization's cybersecurity program. This includes the development of incident response plans, contingency plans, and disaster recovery plans. The summary also includes a vulnerability report that details every vulnerability discovered during the assessment process, ranked by their criticality and your organization's unique risk profile.

Vulnerability Remediation

Vulnerability remediation is a critical service that follows a vulnerability assessment, as it focuses on identifying the most critical action items for your organization based on your risk profile. Your cybersecurity expert will provide an audit summary of vulnerabilities ranked by their criticality and your organization's unique risk profile. You can choose to work with your cybersecurity expert to address and remediate each vulnerability, or use the audit summary as a stand-alone document to guide your remediation efforts.

Your cybersecurity expert will consider your organization's interrelated processes, methods, and tools to determine the most effective, cost-efficient, and labor-saving solutions to address each vulnerability in a way that is appropriate to your risk profile. Remediation aims to improve your organization's cybersecurity posture, leveraging as much automation and efficiency as possible.

By working with a cybersecurity expert to remediate vulnerabilities, you can rest assured that your organization is taking the necessary steps to address critical risks and reduce the likelihood of a successful cyberattack.

Cybersecurity Enhancement

Cybersecurity enhancement involves implementing new policies, controls, and processes to strengthen your organization's defense against threats. This can range from simple measures, such as creating a document listing law enforcement agencies that can investigate cybercrimes against your organization, to more complex initiatives, such as adopting new security software.

Determining the specific actions your organization needs to take and which threats should be prioritized requires a tailored approach. There is no one-size-fits-all solution to cybersecurity. At Oviedo Cybersecurity Consulting, our experts can work with your IT team to develop a customized plan and provide ongoing support to ensure the smallest investment of resources while maximizing the impact on your cybersecurity goals. With our assistance, your organization can enhance its cybersecurity posture and be better prepared to defend against threats.

Disaster Recovery

Disaster recovery includes any cybersecurity incident that is not the result of an ongoing or recent cyberattack. Your IT team's cleanup efforts following a flood, building fire, or loss of services from an MSP or cloud service provider can be considered disaster recovery efforts.

Our disaster recovery service is focused on providing assistance and coordination in the event of a cybersecurity incident or disaster, including helping you follow your existing disaster recovery plan. Your cybersecurity expert can help you find resources and consultants to help restore services, and can coordinate efforts between multiple consultants to ensure that each provides the necessary documentation, including quotes and invoices. With our assistance, you can navigate the challenges of disaster recovery and get your organization back up and running as quickly as possible.

 Incident Response

In the event of a cybersecurity incident resulting from an ongoing or recent cyberattack, a cybersecurity expert from Oviedo Cybersecurity Consulting can help you and your in-house IT team make level-headed decisions in real-time as the incident unfolds. Their actions can prevent further damage and preserve forensic evidence, ultimately helping to minimize the impact of the incident and speed up recovery.

Your cybersecurity expert can assist you in following your established incident response plan, responding in real-time through your preferred method of contact. They can help identify, contact, and coordinate efforts with services and consultants that can aid your organization in ending and recovering from the cyberattack. With a clear plan and the support of an experienced cybersecurity expert, your organization can respond effectively to a cyberattack and minimize the potential disruption to your operations.

Table-Top Exercise

A table-top exercise is a critical step in ensuring that your Incident Response Plan is comprehensive and effective. These exercises simulate real-world scenarios based on probable cyberattacks, and force your team to demonstrate, observe, or reason their way through each appropriate sequence of your plan. The goal is to identify any gaps or weaknesses in your plan, and refine it to improve your organization's overall cybersecurity posture and regulatory compliance.

At Oviedo Cybersecurity Consulting, we can assist you in developing a plan to implement a single table-top exercise, or create a program to make them a periodic event. Our team can simulate phishing, malware, DDoS, and other common real-world attack methods to create a realistic and challenging environment for your team.

During a table-top exercise, your cybersecurity expert can act as a moderator, advisor, incident responder, or auditor. They will ensure that your policies and processes are put to the test and any shortcomings are exposed. This allows your team to refine your incident response plan for faster, more accurate, and less costly responses in future potential real-world cybersecurity incidents. With a comprehensive and effective Incident Response Plan, you can ensure that your organization is well-prepared to handle any cybersecurity incident.

Penetration Testing

Penetration testing is a crucial part of ensuring that an organization's cybersecurity program is robust and mature enough to withstand modern threats. It involves using ethical hacking tools and methods to uncover vulnerabilities in computer systems. At Oviedo Cybersecurity Consulting, we take penetration testing very seriously and utilize the most sophisticated ethical hacking methods and tools to rapidly identify vulnerabilities while ensuring that your data and computer systems are not exposed to additional risk in the process.

When you request a penetration test, our cybersecurity experts will adhere to a strict code of ethics, take privacy seriously, maintain a professional and respectful demeanor, and work with you and a lawyer to develop an agreement defining what systems are meant to be tested and what is meant to be left alone. We will perform the work within a predefined scope that best suits your needs, utilizing methods and tools that are proven effective by authoritative sources in the cybersecurity industry.

Our goal is to identify as many noteworthy vulnerabilities as possible and provide documentation that describes each vulnerability, along with some detail about the method or tool that uncovered it. We will also provide your organization's leadership and IT team with appropriately detailed summaries and security recommendations based on our observations. With our penetration testing services, you can have peace of mind knowing that your cybersecurity program is robust and mature enough to defend against modern threats.

Validation of Vulnerability Remediation and Mitigation

This service is designed as a follow-on to a Penetration Test and the subsequent remediation or mitigation efforts taken in response to the vulnerabilities identified during the test. It is important for your organization's IT team not only to address these vulnerabilities, but also to document how they were addressed and follow up to ensure that the controls put in place are effective. Having an external entity validate these efforts can add weight to your testing and validation reports and assure regulators, clients, and business partners that your organization is taking steps to enhance its cybersecurity posture.

When you request this service, your cybersecurity expert will review your IT team's remediation or mitigation report, develop a validation testing plan, and coordinate efforts with your IT team to gather artifacts and evidence that demonstrate the effectiveness of the controls put in place. The cybersecurity expert will then review the artifacts and evidence for authenticity, develop a validation testing report, and provide you with a signature on company letterhead that states the results of the validation, including any caveats or shortcomings. This service provides an extra layer of assurance to your organization's cybersecurity efforts and can help build trust with stakeholders.

Detailed Reports and Documents

These documents can be developed and provided to your organization for an additional fee that covers legal costs, research, labor, and peer review. The reports and documents are tailored to the specific services provided to your organization, and are designed to assist you, your executives, or your in-house IT team with understanding the principles applied while performing work for your organization, as well as recommendations to follow-up and maintain the cybersecurity controls put in place.

Documentation is critical for business continuity, especially in the cyber realm, where computer systems could potentially be configured in any number of ways. The documents available may include a description of methods and tools used by your cybersecurity expert, assessment reports with additional technical detail, audit reports with additional technical detail, and customized policies, plans, and guides. By providing these documents, Oviedo Cybersecurity Consulting ensures that your organization has a complete understanding of the work performed, as well as the steps that can be taken to maintain your organization's cybersecurity posture.

Vetting Vendors and Service Providers

The Vetting Vendors and Service Providers service offered by Oviedo Cybersecurity Consulting provides a way for organizations to assess the cybersecurity posture of potential business partners, service providers, or vendors. Cybersecurity risk extends beyond an organization's own systems and can impact the supply chain, making it critical to evaluate the security of external parties that an organization may work with.

Vetting vendors and service providers can be a time-consuming and challenging process, as it requires knowledge of cybersecurity industry standards, best practices, and the ability to accurately cross-reference sources. By leveraging Open Source Intelligence (OSINT) methods and tools, Oviedo Cybersecurity Consulting's cybersecurity experts can efficiently assess a vendor's or service provider's overall cybersecurity posture and evaluate potential risks.

When you engage Oviedo Cybersecurity Consulting to vet a vendor or service provider, you can expect a thorough review of articles, case studies, and disclosures related to the subject in question, along with an analysis of trends in their cybersecurity maturity relative to modern threats. Your cybersecurity expert will provide a written summary of their findings and make a risk-based recommendation on whether or not to proceed with the vendor or service provider. This service helps organizations make informed decisions about their business partners and ensure that their supply chain is as secure as possible.