top of page

Virtual Chief Information Security Officer (vCISO) Services

While organizations need an experienced CISO to drive critical initiatives and oversee their security programs, not every organization has the budget for a full-time, top-level CISO.
 
With decades of experience in security consulting and advisory services, Pondurance delivers a vCISO service that applies expertise where it is needed most.

Ron-Pelletier_Circle_edited.jpg
cybersecurity experts looking at a

Advisory Services

PONDURANCE SERVES AS A TRUSTED SECURITY ADVISOR SO YOUR CYBERSECURITY PROGRAM FOCUSES ON WHAT'S MOST IMPORTANT TO YOU, AND YOU CAN SLEEP AT NIGHT. 
SOLUTIONS

INFORMATION GATHERING

Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.

VERIFICATION AND MANUAL TESTING

Review and validate all identified vulnerabilities to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration Testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls. 

VULNERABILITY DISCOVERY

Perform detailed security analysis and vulnerability scanning using a comprehensive suite of tools.

Penetration Testing

Application Security Testing

DYNAMIC APPLICATION TESTING​

Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of testing include, but are not limited to:

 

  • OWASP Top 10

  • Verification and manual testing

STATIC APPLICATION SECURITY TESTING (SAST)

Pondurance will analyze your application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. Our SAST services analyze an application from the “inside out” in a nonrunning state via:

 

  • Information gathering and isolation

  • Automated methods verification and manual review

wave pattern background

Red Team Exercise (Physical Penetration Testing)

Pondurance can help validate both digital and physical security to ensure that your organization has a clear understanding of risk. Whether the engagement begins with spear-phishing an employee or attempting to enter facilities, we’ll first discuss all scenarios with you during a rules of engagement meeting. This discussion ensures that your expectations will be met and our techniques are approved.

Some in-scope procedures for the physical Penetration Testing include:

  • Covert facility surveillance

  • Attempts to gain unauthorized entry (RFID cloning, lock picking, etc.)

  • Secure access via tailgating

  • Credential forgery/impersonation

  • Unauthorized access to sensitive materials

  • Clean desk check

A System That Delivers

Cybersecurity technology has improved, but bad actors continue to evolve. The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cybersecurity teams are stretched to keep their organizations safe, stable and resilient against attacks. At Pondurance, it’s our job to know the threat so we can provide you with the best service and protection.

Pondurance can help your organization to review and develop security incident response plans to ensure that your procedures are comprehensive, actionable and robust. Our methodology ensures that you have incident response plans that cover:

Incident Response Planning

Preparation

Establish management commitment, organizational accountability and allocation of resources to prepare.

Identification

Identify and detect an incident as soon as possible.

Containment

Develop procedures to help contain damage and restore affected systems to their normal operating state.

Eradication

Help develop procedures focused on the removal of threats for infected systems. Pondurance may recommend eradication procedures that are designated for internal execution and others that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc.).

Recovery

Develop procedures that provide a basis of recovery for minimum or normal operations.

Learning

Develop a process for validating the plan, facilitating tabletop exercises and adopting a lessons learned process from real-world events.

bottom of page