Cybersecurity Services Offered by Stonewatch
My cybersecurity firm, Stonewatch Security, can provide you with workforce solutions. We have resources who specialize in specific fields and are trained to handle the different IT security requirements of your organization.
We offer services based on the role assets play in functioning security programs. All our assets are specifically certified for security tasks they perform. Ancillary services that support security programs are also available. Some examples of the service roles we provide:
- Program Manager
- Audit Manager
- Chief Information Security Officer
- Security Architect / Security Engineer / Security Analysts
Stonewatch Security provides the key resources to execute projects that will build and document a security program designed to meet regulatory requirements. Common project types include:
- Data Classification initiatives
- Risk Assessments
- Control Baselines
- Program Reviews
- SME Reviews
- Vulnerability Assessments
- Expert Witness
- Forensics seizure or review
- NIST 800-171 compliance
- NIST 800-53 compliance
- HIPAA compliance
- NERC CIP compliance
- ISO 2700X
Security programs robust enough to achieve and maintain these framework requirements have nearly constant execution of functions. When done routinely they are processes. When being started for the first time or after being heavily modified, they are Projects.
We use Agile project management to flexibly iterate the many deliverables needed to support our clients. We put considerable focus into developing empirical data about the performance of our projects and programs. At minimum a simplified version of Earned Value Management (EVM) is used to track all projects. This allows us to objectively show the costs in resources to perform each function in your environment.
Stonewatch Security adheres to DOD8570 standards for each of the three typical NIST levels, and all sub functions. Auditors have the CISA. Risk Assessment Professionals carry the CRISC. Even non-technical and support roles are encouraged to obtain Security+. Our recruiting is done through participation is SME workshops for major certification bodies like CompTIA and ISC2. This allows us to vet the professionals we use during the grueling SME sessions. Our resources typically carry numerous certifications within the greater field of security.