Are you Stinnett Secure?
Stinnett is a controls-based advisory firm that helps assess, identify, implement, defend and report on the overall status of an organization’s cybersecurity maturity.
As experts in Information Security, our Data Privacy and Cybersecurity team delivers the confidence clients need to protect critical information assets by identifying infrastructure vulnerabilities and in turn, improve compliance.
Did we mention unmatched expertise? With an impressive track record of complex information security consulting coupled with a comprehensive list of industry-leading certifications, we’ve got you covered. That means investing in ongoing continuing education related to IT governance, risk, audit, industrial control systems, systems engineering, ethical hacking and more.
Our Security Strategy
Security is more than firewalls and virus protection software. Stinnett’s technology champion’s success in managing digital risk is based on a two-fold, controls-focused approach that goes beyond audit.
These mitigation steps include:
- Detecting risks utilizing industry standard frameworks (e.g., NIST, CSC), penetration testing and advanced control analysis to determine control gaps.
- Identifying opportunities for improvement and provide management with living documentation to help develop future cybersecurity maturity initiatives.
Who We Consult
Stinnett’s strategic thinkers guide clients from businesses of all sizes and cater to industries ranging from aerospace, manufacturing and energy to insurance, governmental and banking to every sector in between. Advisory services span from less mature organizations beginning to design a new cybersecurity program to performing substantive testing of controls and procedures in establishments with mature cyber processes—ensuring best practices are always incorporated.
Don’t risk it. Our team will identify and recommend the services that best reduce the probability of a cybersecurity incident occurring. With the development and implementation of a strategy specific to your business model, responding against security threats and challenges has never been easier.
Application Security Testing focuses on web application systems to test and analyze the security of an application. Stinnett’s experts identify vulnerabilities in an application’s coding, development and functionality.
Detailed services include:
- Dynamic Application Security Testing
- Static Application Security Testing
- Software Composition Analysis
Stinnett will assist your company with everything from the creation of a cybersecurity program to advanced assessments of your entire environment.
Our security team are experts in cloud services, enterprise networks, industrial controls systems, data privacy compliance and all the components in between.
Our consulting services include:
- Cybersecurity Consulting
- Cloud Architecture
- Network Architecture
- Software Development
- Tabletop Exercises (IRP, DRP, BCP)
- Virtual CISO
- Privacy and Compliance (GDPR, CCPA, NIST 800-171, etc.)
Data breaches and cybersecurity incidents impose serious consequences to reputation, intellectual property and finances. The way an organization reacts to an incident has a direct impact on the overall outcome. Stinnett’s experts are well-versed in conducting incident response procedures. We can analyze logs and other critical data surrounding the incident to determine who, what, how and when. Our team members hold over 15 years’ experience in handling information systems and security, allowing us the experience necessary to properly analyze a multitude of incidents. Additionally, our penetration testers know how to quickly spot indicators of compromise and evidence of intrusion.
Let Stinnett’s professionals perform a comprehensive review of your business’ technological systems to look for potential problems with people, processes and technology. These detailed assessments might encompass any of the following criteria:
- Cloud Security Assessments
- CMMC Assessment – Defense Contractors
- Cybersecurity Framework Assessment
- Data Asset Risk Assessment
- Disaster Recovery Assessment
- Enterprise Risk & Compliance
- Identity & Access Management
- Incident Management & Response
- IT Infrastructure & Equipment Assessments
- IT Security During M&A
- Security Appliance Assessment
- Security Program Development
- Security Staff Assessments
- Supply Chain Cybersecurity Risk Management
- Web Application Firewall Assessment
Stinnett’s penetration professionals will test your computer systems and networks to find vulnerabilities that expose your business to a cyberattack.
Detailed services include:
- Application Penetration Testing
- Internal Network Penetration Testing
- External Network Penetration Testing
- Network Segmentation Testing
- OSINT / Breach Check
- Physical Penetration Testing
- Social Engineering
- Wireless Security Assessment
Stinnett has extensive experience in SCADA & ICS Operations Technology (OT) assessments. Our team holds multiple certifications, including the coveted certified Global Industrial Cyber Security Professional (GICSP). Our team of professionals and engineers can identify risks and assist your organization in putting together a plan to address gaps.
SCADA & ICS assessments include:
- Business Impact Analysis
- OT firewall architecture review
- OT firewall penetration testing
- PLC, HMI and other industrial controls vulnerability assessments
- Tabletop exercises to bring IT, OT, I&E and other operational groups together
As data privacy and cybersecurity experts, we know that an important step your organization should take is educating and informing your employees and contractors.
Stinnett’s team will train your group through the following methods:
- Application Security
- Awareness & Education
- Network Defense
- Secure Coding
Stinnett’s experts will evaluate and test your systems to identify any current or potential vulnerabilities in your business. These assessments can be one time or performed on a continuous basis.
Assessments may contain any of the following:
- ASV PCI-DSS Vulnerability Assessment
- External Network Vulnerability Assessment
- Internal Network Vulnerability Assessment
- Physical Vulnerability Assessment