Cybersecurity Services Offered by Stonewatch

My cybersecurity firm, Stonewatch Security, can provide you with workforce solutions. We have resources who specialize in specific fields and are trained to handle the different IT security requirements of your organization.

We offer services based on the role assets play in functioning security programs. All our assets are specifically certified for security tasks they perform. Ancillary services that support security programs are also available. Some examples of the service roles we provide:

  • Program Manager
  • Audit Manager
  • Chief Information Security Officer
  • Security Architect / Security Engineer / Security Analysts

Projects

Stonewatch Security provides the key resources to execute projects that will build and document a security program designed to meet regulatory requirements. Common project types include:

  • Data Classification initiatives
  • Risk Assessments
  • Control Baselines
  • Program Reviews
  • SME Reviews
  • Vulnerability Assessments
  • Expert Witness
  • Forensics seizure or review

Programs

  • NIST 800-171 compliance
  • NIST 800-53 compliance
  • HIPAA compliance
  • NERC CIP compliance
  • ISO 2700X

Security programs robust enough to achieve and maintain these framework requirements have nearly constant execution of functions. When done routinely they are processes. When being started for the first time or after being heavily modified, they are Projects.

We use Agile project management to flexibly iterate the many deliverables needed to support our clients. We put considerable focus into developing empirical data about the performance of our projects and programs. At minimum a simplified version of Earned Value Management (EVM) is used to track all projects. This allows us to objectively show the costs in resources to perform each function in your environment.

Stonewatch Security adheres to DOD8570 standards for each of the three typical NIST levels, and all sub functions. Auditors have the CISA. Risk Assessment Professionals carry the CRISC. Even non-technical and support roles are encouraged to obtain Security+. Our recruiting is done through participation is SME workshops for major certification bodies like CompTIA and ISC2. This allows us to vet the professionals we use during the grueling SME sessions. Our resources typically carry numerous certifications within the greater field of security.

Program Manager

My FAC Level III Program Manager meets FAC requirements and is capable of managing long-term programs that consist of three to seven projects. Budgets range from $150K to $750M.

Enterprise Security Architect

My Enterprise Security Architect designs and builds security programs to meet regulatory or framework requirements that can withstand audits. This resource meets all three DOD8570 levels and has multiple security certifications.

Chief Information Security Officer

My Chief Information Security Officer is CISSP-certified and has another major certification with a degree that is closely aligned. This resource can manage a security program to maintain its ability to withstand audits and meet DOD8570 level III.

Chief Financial Officer

My CFO has a CPA and is experienced in small-to-medium-sized enterprises. This resource is capable of executing CFO functions for security programs.

Audit Manager

My Audit Manager is a CPA and CISA who meets SSAE 16 requirements for the private sector, GAGAS Yellow Book for the federal government, as well as International Standards for Assurance Engagements (ISAE) 340. This resource reviews work papers, attestation, and audit documents.

Risk Analyst

My Risk Analyst meets DOD8570 requirements and is capable of conducting a formal risk assessment based on NIST, ISO, or COBIT (using ISACA CRISC methodology or equivalent). This resource coordinates activities to direct and control an enterprise with regard to risk.

Information Security Officer

My Information Security Officer assists in managing security programs. This resource handles the majority of high-level technical security functions.

Financial Controller

My Financial Controller is a CPA who performs financial controlling duties and handles disbursement of funds for programs and projects.

Earned Value Management (EVM) Analyst

My EVM Analyst tracks and maintains EVM for projects that exceed $1M. This resource is a senior PM with PMP who plans to move to Program Management.

Microsoft Office Master

This resource has a master certification in Microsoft Office and performs the following functions:

  • Builds documents, templates, data sources, and pivot tables in Excel
  • Prepares PowerPoint presentation designs and layouts
  • Creates Microsoft Word documents and templates
  • Assists with the layout, formatting, and technical issues related to office documents and data presentation

Project Manager

My Project Manager is a recognized PMP with extensive knowledge on agile methodology. This resource manages smaller, short-term projects that are integrated within a program.

Security Analyst

My Security Analyst has years of experience and is a certified cybersecurity analyst. This resource handles the bulk of technical functions required to run a security program, including SEIM (QRadar), vulnerability scanning (NESSUS), and network enumeration (NMAP).

Quality Assurance

My Quality Assurance resource reviews written documents for spelling and grammar. This resource also ensures that the content makes sense to nontechnical readers and is focused on business requirements.