Are you aware that 39% of businesses report cybersecurity breaches yearly? Security breaches are a massive threat to companies of all types and sizes. Yet, many business owners don’t realize their company is at risk of a breach that could result in huge revenue loss and reputation damage.
By hiring me as your IT security contractor, you will get a personalized cyber security strategy to keep your business safe from security risks so you can rest assured your company’s future is secure.
In the US, we operate in New York City, Los Angeles, Chicago, Houston, Phoenix, Philadelphia, San Antonio, San Diego, Dallas, San Jose, and in Europe, we operate in Berlin, Madrid, Rome, Paris, Vienna, Budapest, Lisbon, Prague, Athens, Helsinki, Sofia, Copenhagen, Stockholm, and Luxembourg City.
I made a life choice 15 years ago: to stay independent as a cyber security contractor and never sell a vendor’s solution due to a commission or other benefits.
Even when working for Microsoft, I still helped all companies I visited to choose the best solution, rather than pushing Microsoft-only solutions. Perhaps that’s why I left and opened my own company!
You can always rely on my global cyber security experience, knowledge, and connections knowing I will always have your interests at heart.
That is why you will never hear me recommending just one vendor for a particular cyber security challenge. I give you the ways to choose the right one, the benefits of each, and leave the choice to you. Yes, I make much less money by not receiving a commission from these recommendations – but I keep two things intact: my integrity and the trust my customers have in me.
I’ve been helping companies as their IT security and a cyber security consultant for the past 15 years. I have worked as part of Microsoft‘s security team and as an external security consultant for Emirates Nuclear Energy Corporation.
Now I am a cyber security expert and help software development companies, law firms, and banks build complex and effective information security management programs to combat advanced cyber threats, acting as their Virtual CISO (CISO as a Service).
As an IT security consultant, I have helped software development companies, individual lawyers, law firms, and small businesses protect themselves with the same quality banks received when working with me. I have built defenses at banks (such as SCB in Thailand, Akbank in Turkey, and others) and government institutions (Ministry of Education in Qatar, Ministry of Energy in Saudi Arabia).
There are plenty of cyber security consultant firms out there. But their business model is usually the following:
I do everything differently.
How much does a cyber security consultant charge?
It depends. What do you want?
The answer really can only be “it depends.” That price varies mainly by the length of the project, its complexity, and the project itself.
The hourly rate for a cyber security expert varies according to project complexity and duration.
Is it just a phone consultation or an in-depth problem-solving that you need? Can this consultation save the company millions by preventing a serious data security breach? In that case, the price doesn’t matter, and it’s all about value. Do you want that value?
Just as a hacker (or a hacking team) can work globally, so can a defender build your defenses remotely.
The work gets done with a keyboard and a mouse – in your office or from another country. If you have an expert as your information security consultant, the quality will be the same regardless of location.
People often ask me: “But I need a cyber security consultant near me,” – to which I ask them, why? Why would you need someone to commute several hours to you, arrive sweaty and tired, and bill you for the time during their commute when you can save money and get the same quality?
I love helping clients and hate travel just as much as you do. I have clients in Australia, the USA, the UK, Germany, and the United Arab Emirates – If I had to travel to see each of them every week or every month, there would be no time to work! Instead, everyone gets the same quality from me and is happy.
I get this question a lot!
I am a cyber security consultant and, in a way, a cyber security architect. I build defenses very well. I have been trained in offensive security by an Israeli security company – Offensive Security – but I tend to focus on defense development only and work with some fantastic penetration testing companies in the US and the UK who excel in penetration testing.
Specialization is critical to offering fantastic service, which I do. After completing my work with you is the best time to run a penetration test and validate everything done, I recommend that. It is a continuous improvement loop – you build good defenses, test them, improve them, and test them again. Specialization is the only way to deal with continuously improving threat actors.
What is it like working with an IT security expert?
When you start working with senior information security consultants, both sides must clarify their expectations.
Just knowing about your desire to protect client information is not enough, and it is best to share details about your business processes, how you work with your clients, and how you collect and store their data.
IT security experts need to know the answers to all these questions before starting to work with you.
I help companies manage passwords and access securely. Your employees will stop reusing simple passwords which will make it harder for hackers to steal corporate credentials and you will know who has access to what and why, at any time.
I check for mitigation controls for 17 types of cyber attacks: account compromise, unauthorized access, ransomware, network intrusions, malware infections, sabotage, security policy violations, and more.
I will help your team understand why certain emails and links are dangerous, the concept of operational security and the ways hackers might take advantage of their desire to help. Security Awareness Training is much more than just a series of videos.
I help my customers transform their IT infrastructure security by implementing Server & Network Device Hardening, Desktop Hardening, Network & Web Service security, Data Security, Backups, and more!
How many vulnerable machines/apps can a company have in its network? I help my customers establish and manage a Vulnerability management program, which will gradually reduce the risk of their network vulnerabilities.
Getting access to a corporate account may grant a hacker access to all internal systems. I protect my customers by implementing secure authentication, ensuring the integrity and confidentiality of your communications.
Breach simulation is an integral part of every Information Security Program. My customers can rely on me to support them in the initiation, execution, and conclusion of a Penetration Test.
Software development should be a rapid, efficient, and secure process. I help my customers integrate security into the design, development, testing, integration, and deployment of their code.
Policies and Procedures are the governing laws of a company's business. The ones I create are living and breathing documents bringing order and structure to my customers' security practices.
Secure Work From Home is one aspect of remote access, but I also take care of third party partners, and outsourced employees, vendors, and guests. Remote access to data is not limited to VPN.
I expand the defenses I build beyond VPN and add Zero-Trust as your primary defense principle.
Antivirus is just one of the 12 controls I implement to defend endpoints from advanced hacking attacks. I prevent the exploitation of these devices via malicious documents, scripts, 0day vulnerabilities, and more.
You should be able to detect any unauthorized access anywhere in your network, be it a malicious insider or an outside hacker. I will help you build the necessary security monitoring to achieve that.
Every Information Security Program I build and execute for my clients is different. Their teams, infrastructure, applications used, and business objectives are different, and I often customize my services to serve them better.
Most people reuse their passwords, and the password used for their online shopping activities would most likely resemble the password used to access your corporate email or collaboration platform.
And when their favorite online shopping sites get hacked (and they do, often!) – their passwords become known to hackers globally. Some websites allow hackers to enter a person’s name or email address and see all the passwords they have ever used!
They then attempt to use these against your email server or collaboration system, and they often work!
Every company on this list of hacked companies had antivirus and a firewall, and they still got hacked. In all cybercrime investigations, the outcome is the same: hackers don’t care if you have antivirus and firewalls; they will still get in.
So what should you do?
As a cybersecurity consultant, I always protect my clients from advanced attacks by implementing additional defense measures everywhere in their IT infrastructure, focusing on the endpoint.
Most people in your company are not security experts, and I would even argue 100% of your entire workforce are just experts in their fields – and that is how things should be.
I will only introduce a slight change: relevant, human, easy-to-understand training that will give them a basic understanding of how hackers might or will try to mislead them into opening a malicious attachment or a fake login link.
IT Administrators leave the defaults on for most cloud services I have audited in the past few years.
They don’t enable or enforce 2-factor authentication. They leave all the possible security policy settings default – which usually means they are turned off.
These policies and settings exist for a reason – hackers are actively abusing cloud services, and cloud service providers have developed countermeasures to protect you.
But did your IT admin enable all the 285+ security settings in Office 365, now known as Microsoft 365?
Whenever I consult a cybersecurity company, I get to see completely unprotected devices such as printers and routers. Most of them WiFi-enabled. Then they wonder how they were hacked.
Through the unprotected printer.
But they could get in through an insecure desktop, laptop, mobile phone, server, or network device.
This is why I help my clients protect their whole IT infrastructure. And when their systems administrators are overworked and underqualified in cyber defense, I help them by coaching the sysadmin and guiding them to protect every device type in their network against modern, persistent, and advanced hackers.
Most companies we start working with have no vulnerability management, and as a result, they have no clue they can be easily hacked through any of them.
Our virtual cisco (CISO as a Service) team will identify all vulnerabilities in your computers, software, servers, network devices, and other equipment.
They will then generate a plan to fix them and start working on the remediation process.
The final step in our vulnerability assessment service is to build your whole vulnerability management program with scanning automation, configuration scanning, discovering configuration errors, and more.
Hacking into email systems is likely the most straightforward task for a hacker or a hacking team.
Did you know it usually takes just a few minutes?
All my clients enjoy complete peace of mind – knowing that most hackers cannot hack their email.
I can help establish secure email and instant messaging communications within and outside your company.
It is also a tremendous relief for your clients and business partners to know that anything they send you will be kept safe and secure from prying eyes.
A cybersecurity consultant specializes in assessing, planning, and implementing security measures to protect a company’s information systems. They identify vulnerabilities, recommend solutions, and often help with the deployment of these solutions.
Companies may lack in-house expertise or require an external perspective on their cybersecurity posture. A consultant can bring specialized knowledge, experience, and up-to-date practices to ensure that a company’s digital assets are secure.
Typically, they should have a relevant degree in IT or cybersecurity, certifications like CISSP, CISM, or CEH, and several years of experience in the field. Practical experience with specific technologies, a thorough understanding of various cyber threats, and problem-solving skills are also crucial.
Consultants often begin with penetration testing, where they simulate cyberattacks to find weak points. They also conduct vulnerability assessments using specialized tools and manual reviews, considering both technological and human factors.
No, consultants work with businesses of all sizes. While large corporations may have complex needs, small and medium-sized businesses also face cybersecurity threats and can benefit significantly from expert advice.
A consultant typically advises on broad strategy and solutions, working on a project or contractual basis. An analyst, on the other hand, often works in-house, monitoring an organization’s networks, detecting threats, and responding to incidents on a day-to-day basis.
They invest in continuous learning, attending workshops, pursuing advanced certifications, and actively participating in cybersecurity forums and communities. Staying updated is essential in this fast-paced field.
Success can be gauged in various ways: reduction in security incidents, passing compliance audits, improved security awareness among employees, and positive feedback from stakeholders. It’s essential to have defined metrics and KPIs to measure performance objectively.
Costs can vary depending on the scope of work, the consultant’s expertise, and the project duration. While there is an upfront investment, the long-term savings from preventing data breaches and ensuring business continuity often outweigh the initial costs.
Companies should seek references, review case studies, and conduct interviews to assess a consultant’s expertise and fit. It’s essential to ensure the consultant understands the company’s specific industry, business model, and unique challenges.