Cyber for the Real World
In 2021, a Ransomware attack on Colonial Oil closed over 80% of Washington DC gas stations - no one in government or Congress could get into work. (Fortunately, it was the Shut Down. Bad planning for the Russian cuprits. ) How is this relevent in 2025?
The Colonial Oil attack came from one compromised password.
Simple 'Cyber Hygiene'
Implement NIST password rules. 60% of passwords from large data breaches are resused in attacks.
Update system files regularly, with a focus on PowerShell, the No. 1 language for US cyber attacks.
Don't trust multi- or two-factor authentication! Large REITs using Real Page are able to bypass it.
What do NYPD, the White House Office of Science & Technology, Oil Pipelines, and US beer bottlers have in common?
Extreme concern about ransomware. At last year's FInancial Times / White House cyber security summit across the street from the White House, CTO and executive leaders from these and other market segments voiced this as their top cyber fear.
But what these top industry leaders did not know was that ransomware is not the right focus. Cyber Hygiene is. Because without poor hygiene, ransomware can't get it. We can't focus on the ends in cyber. We have to focus on the means. Just like stopping smugglers. Look for the tactics, not the byproducts.
We help US Cabinet Agencies, other government, and private sector clients review, design, and innovate their cyber and infrastructure security
We'll help you design a cyber-ready foundation today, that is resilient and flexible enough to last through many tomorrows.
Cyber Security & Architecture
Tools and practices for a cyber-ready foundation across global enterprise - for government and private sectors. We don't try to do it all, for our clients. That's not our focus. We help clients consider, evaluate, and design or implement the cyber security policies and software that suits them best.
We are not a software provider, we are a strategy and innovation solution provider.

And if you use our services, you'll get the best in innovative cyber insight possible.
Endpoint Security
Defining, monitoring, and managing endpoints across IOT arenas
White House Advisory
2023-24 US National Cyber Framework, US Homeland Security, US DOD
FedRamp & NIST
Government & vendor poam and compliance strategy and evaluations
FY 2025 CIO FISMA
Navigating civilian compliance and privacy laws for agencies & financial institutions
How are we different from other cyber or IT consultants?
Simple. We don't try to BE every other firm. Cyber is a vast IT discipline, and we stick to what we specialize in: technology & engineering innovation; and national security strategy. And because we are not trying to sell our own product, we don't push clients into cyber solutions that might not be the best fit. Instead, we partner with the industry's leading cyber providers - Sophos, Nesus, Fire Eye, IBM and others - to bring you optimal solutions for your budget and specific needs.
Innovation for National Security
We partner with a range of cyber security software and hardware providers to bring our public or private sector clients the scope and range of continuity of service they need to fulfill their mission. Our sweet spot is national intellligence, defense and national security; and this is the foundational view we bring to act as executive advisor, audit or design lead.
National Intelligence & DOJ
We were the first US government contractor to detect a Chinese cyber intrusion into a US Department of Energy Lab - Argonne Lab in Washington DC.
The team used a local DC home network and Howard University DOE interface - with a non-US citizen student newly arrived in the US as its primary actor. We discovered the team had access the US DOE Covid servers, and was uploading xml and other scripting under guise of academic work, and downloading scraped, real-time data and analysis. Crypto cover was also involved. We discovered the break-in during routine endpoint monitoring, and discovery of an all-Chinese (mainland China) device network.
We offer clients a strong foundation in sanctions, supply chain, and affiliated cyber intelligence and analytics. Other cyber work has supported US DOJ Huawei and Russian indictments, since 2020.
Cyber Risk & Policy Assessment
By leveraging unified visibility across clouds, identities, and endpoints, we advise clients on software and automated monitoring tools - such as Crowd Strike or Nesus - to effectively hunt threats everywhere, and track lateral movement across domains.
SOX & NYSE Cyber Compliance
Disclosures play an important role in communicating with the investor community and stakeholders more broadly. In the quarter century since cyber risk became a core item on the board agenda, directors have recognized that it is an ever evolving issue, requiring constant diligence and a focused approach to enable effective oversight. The past year has seen an increase in the sophistication in cyber threats, which has prompted companies to improve their cybersecurity frameworks, but also helped adversaries improve the sophistication of attacks.
