Probably the worst example of cyber security lapse this century is the failure to adequately secure US GPS navigational signal, managed by the highly skilled US Military, against enemy or terrorist use. And as a result the horrifying devastation in the Ukraine has continued for over 2 years - with almost 85% of all Russian attacks (drone, missile, jet and naval) guided by US GPS from Peterson AFB in Colorado. A tragic example of 'group think' and failure to 'question everything' by US & NATO leadership. There is absolutely no technical or logical reason why this was allowed to happen, or why it is still ongoing - except for a lack of technical understanding, and/or will, on the part of the US leadership involved. 

Whilst satellites are largely dumb machines with one a few signal emmissions possible, there remain many ways to isolate, identify, and block or disrupt enemy or terrorist uplink to and download from the normal three-satellite cluster and ground station constellation required for any navigational guidance. And the majority of GPS guidance and memory chips, and gyroscopic equipment, used by Russia (and China and North Korea and Iran) remain largely US or other Western nation in origin - with each number recorded in manufacturing and shipping inventories for decades. Russia does not even obscure or alter the numbers on the chips and GPS receivers it uses. A hacker's dream. And we ignore this and other golden opportunities to use cyber controls to harden the surface of our US military space and satellite stategic and tactical systems against enemy use. 

FedRamp remains the gold standard for US national security and cyber threats in large, distributed computing environments.  When FedRAMP POAMs (readiness milestones, and US military / federal OPSEC (operational security) is achieved, and users - including tech support and third party vendors - are repeatedly trained and tested in both protocols, the network is almost infallible.  Most malware, DOS, hash, and other cyber intrusions occur because of sloppy cyber - IT protocol, and/or user error or inattention.

We help clients understand and prepare for FedRAMP compliance testing; and provide refresher training and evaluation services for both this cyber protocol and OPSEC.  Once an entity or agency becomes versed in FedRAMP, the problem areas of so much cyber intrusion - failure to synchronize OS or software updates, failure to monitor direct endpoints or access from personal devices, off-network use from on-network devices - disappear. Your surface is hardened, and your workforce and managers are well-trained and the nuances of cyber defense become habit.

FedRamp remains the gold standard for US national security and cyber threats in large, distributed computing environments.  When FedRAMP POAMs (readiness milestones, and US military / federal OPSEC (operational security) is achieved, and users - including tech support and third party vendors - are repeatedly trained and tested in both protocols, the network is almost infallible.  Most malware, DOS, hash, and other cyber intrusions occur because of sloppy cyber - IT protocol, and/or user error or inattention.

We help clients understand and prepare for FedRAMP compliance testing; and provide refresher training and evaluation services for both this cyber protocol and OPSEC.  Once an entity or agency becomes versed in FedRAMP, the problem areas of so much cyber intrusion - failure to synchronize OS or software updates, failure to monitor direct endpoints or access from personal devices, off-network use from on-network devices - disappear. Your surface is hardened, and your workforce and managers are well-trained and the nuances of cyber defense become habit.

Our financial cyber advisory includes the migration of Capital One's $3 trillion in portfolio managment to its new IT HQ in Richmond, VA. And World Bank crisis mitigation advisory following a breach to its Washington DC HQ.  As US military and national intelligence advisors, we specialize in emergency and rapid response protocol. 

Our clients include: the Egyptian Development Bank (data recovery); disaster recovery and backup for AT&T and Anthem call centers; Ameriprise and Stock Exchange clients (platform security audit). 

As the US military expands into European theatre action with the Ukraine war, and as Russian and PRC Chinese sanctions are ordered for US and NATO nations, the demarcation between US and allied critical infrastructure is blurred. NATO was the first to recognize and formalize cyber response and protection for blended domains of military and civilian critical infrastructure. 

Our work includes SHAPE, SOCOM, EUCOM, UK, and US vulnerability analysis for White House and other leadership; and space, energy, and financial arena intelligence, cyber support, and training. Including agency, vendor, and Big 4 management training, SOC evaluation, and implementation leadership for adjacent arenas and agencies under NIST and US Homeland Security compliance or contracts.