FedRAMP is still the gold standard for US government agency and  vendor cyber readiness. When FedRAMP POAMs (readiness milestones, and US military / federal OPSEC (operational security) is achieved, and users - including tech support and third party vendors - are repeatedly trained and tested in both protocols, the network is almost infallible.  Most malware, DOS, hash, and other cyber intrusions occur because of sloppy cyber - IT protocol, and/or user error or inattention.

We help clients understand and prepare for FedRAMP compliance testing; and provide refresher training and evaluation services for both this cyber protocol and OPSEC.  Once an entity or agency becomes versed in FedRAMP, the problem areas of so much cyber intrusion - failure to synchronize OS or software updates, failure to monitor direct endpoints or access from personal devices, off-network use from on-network devices - disappear. Your surface is hardened, and your workforce and managers are well-trained and the nuances of cyber defense become habit.



FINANCIAL CYBER: A $3 TRILLION MIGRATION

Capital One and the World Bank

Our financial cyber advisory includes the migration of Capital One's $3 trillion in portfolio managment to its new IT HQ in Richmond, VA. And World Bank crisis mitigation advisory following a breach to its Washington DC HQ.  As US military and national intelligence advisors, we specialize in emergency and rapid response protocol. Our early clients include the Egyptian Development Bank, and disaster recovery and backup for AT&T and Anthem call centers.

As the US military expands into European theatre action with the Ukraine war, and as Russian and PRC Chinese sanctions are ordered for US and NATO nations, the demarcation between US and allied critical infrastructure is blurred. NATO was the first to recognize and formalize cyber response and protection for blended domains of military and civilian critical infrastructure.

Our work includes SHAPE, SOCOM, EUCOM, UK, and US vulnerability analysis for White House and other leadership; and space, energy, and financial arena intelligence, cyber support, and training. Including agency, vendor, and Big 4 management training, SOC evaluation, and implementation leadership for adjacent arenas and agencies under NIST and US Homeland Security compliance or contracts.

Protecting US & NATO Critical Infrastructure

US-NATO CYBER RISK

How to harden a surface the US Military does not own or control, but is impacted by?

Zero Trust in traditional cyber and IT networks is achieved through KNOWLEDGE, MANAGEMENT, and CONTROL. But in dual-use (military and civilian) sea, ground, air, and space environments, neither US nor NATO militaries usually own these functions.  This level of cyber requires 'awareness' and monitoring - and intelligence - without control.

We have supported projects ranging from NORAD underground water reservoir safety, to missile defense and satellite cyber, to identifying enemy or terrorist intrusion or planned intrusion into US Naval installations including the USN Surface Warfare Center (Indian Head, National Harbor, MD-DC),  and PRC Chinese cyber penetration into US Department of Energy and other US and NATO  secure buildings in Washington and in London.

Reach out to us for teaming, training, sub-contracting, proposal or prototype support in any of these or other cyber areas.