Are you aware that 39% of businesses report having cyber security breaches every year? Security breaches are a huge threat to companies of all types and sizes and yet many business owners don’t realize their company is at risk of a breach that could result in huge revenue loss and reputation damage. By hiring me as your IT security consultant, you will get a personalized cyber security strategy that will keep your business safe from security risks so you can rest assured your company’s future is safe.
I made a life choice 15 years ago: to stay independent as a cyber security expert and never sell a vendor’s solution due to a commission or other benefits.
Even when working for Microsoft, I still helped all companies I visited to choose the best solution, rather than pushing Microsoft-only solutions. Perhaps that’s why I left and opened my own company!
You can always rely on my global cyber security experience, knowledge, and connections knowing I will always have your interests at heart.
That is why you will never hear me recommending just one vendor for a particular cyber security challenge. I give you the ways to choose the right one, the benefits of each, and leave the choice to you. Yes, I make much less money by not receiving a commission from these recommendations – but I keep two things intact: my integrity and the trust my customers have in me.
I’ve been helping companies as their IT security and a cyber security consultant for the past 15 years, have worked as part of Microsoft‘s security team and as an external security consultant for the Emirates Nuclear Energy Corporation.
Now I am a cyber security expert and help software development companies, law firms, and banks build complex and effective information security management programs to combat advanced cyber threats, acting as their Virtual CISO (CISO as a Service).
As an IT security consultant, I have helped software development companies, individual lawyers, law firms, and small businesses protect themselves with the same quality banks received when working with me. I have built defenses at banks (such as SCB in Thailand, Akbank in Turkey, and others), and government institutions (Ministry of Education in Qatar, Ministry of Energy in Saudi Arabia).
I’ve been employed by
There are many (MANY!) cyber security consultant firms out there. But their business model is usually the following:
I do everything differently.
How much does a cyber security consultant charge?
It depends. What do you want?
The answer really can only be “it depends.” That price varies, mostly by the length of the project, its complexity, and the project itself.
The hourly rate for a cyber security expert varies according to project complexity and duration.
Is it just a phone consultation or an in-depth problem solving that you need? Can this consultation save the company millions by preventing a serious data security breach? In that case, the price doesn’t even matter. It’s all about value. Do you want that value?
Just as a hacker (or a hacking team) can work from across the globe, so can a defender build your defenses remotely.
The work gets done with a keyboard and a mouse – be it in your office or from another country. If you have an expert as your information security consultant, the quality will be the same regardless of location.
People often say to me: “But I need a cyber security consultant near me” – to which I ask them, why? Why would you need someone to commute several hours to you, arrive sweaty and tired, and bill you for the time during their commute, when you can save money and get the same quality?
I love helping clients and hate travel just as much as you do. I have clients in Australia, the USA, UK, Germany, and the United Arab Emirates – If I had to travel to see each of them every week or every month, there would be no time to work! Instead – all of them get the same quality from me, and everyone is happy.
I get this question a lot!
I am a cyber security consultant and in a way, a cyber security architect. I build defenses very well. I have been trained in offensive security by an Israeli security company – Offensive Security – but I tend to focus on defense development only and work with some fantastic penetration testing companies in the US and the UK who excel in penetration testing.
Specialization is key to offering fantastic service, and that is what I do. After my work with you is complete is the best time to run a penetration test and validate everything done, I recommend that. It is a continuous improvement loop – you build good defenses, test them, improve them, test them again. Specialization is the only way to deal with continuously improving threat actors.
What is it like working with an IT security expert?
When you first start working with senior information security consultants, both sides need to clarify their expectations.
Just knowing about your desire to protect client information is not enough. It is best to share details about your business processes, how you work with your clients, and how you collect and store their data.
IT security experts need to know the answers to all these questions before starting to work with you.
I help companies manage passwords and access securely. Your employees will stop reusing simple passwords which will make it harder for hackers to steal corporate credentials and you will know who has access to what and why, at any time.
I check for mitigation controls for 17 types of cyber attacks: account compromise, unauthorized access, ransomware, network intrusions, malware infections, sabotage, security policy violations, and more.
I will help your team understand why certain emails and links are dangerous, the concept of operational security and the ways hackers might take advantage of their desire to help. Security Awareness Training is much more than just a series of videos.
I help my customers transform their IT infrastructure security by implementing Server & Network Device Hardening, Desktop Hardening, Network & Web Service security, Data Security, Backups, and more!
How many vulnerable machines/apps can a company have in its network? I help my customers establish and manage a Vulnerability management program, which will gradually reduce the risk of their network vulnerabilities.
Getting access to a corporate account may grant a hacker access to all internal systems. I protect my customers by implementing secure authentication, ensuring the integrity and confidentiality of your communications.
Breach simulation is an integral part of every Information Security Program. My customers can rely on me to support them in the initiation, execution, and conclusion of a Penetration Test.
Software development should be a rapid, efficient, and secure process. I help my customers integrate security into the design, development, testing, integration, and deployment of their code.
Policies and Procedures are the governing laws of a company's business. The ones I create are living and breathing documents bringing order and structure to my customers' security practices.
Secure Work From Home is one aspect of remote access, but I also take care of third party partners, and outsourced employees, vendors, and guests. Remote access to data is not limited to VPN.
I expand the defenses I build beyond VPN and add Zero-Trust as your primary defense principle.
Antivirus is just one of the 12 controls I implement to defend endpoints from advanced hacking attacks. I prevent the exploitation of these devices via malicious documents, scripts, 0day vulnerabilities, and more.
You should be able to detect any unauthorized access anywhere in your network, be it a malicious insider or an outside hacker. I will help you build the necessary security monitoring to achieve that.
Every Information Security Program I build and execute for my clients is different. Their teams, infrastructure, applications used, and business objectives are different, and I often customize my services to serve them better.
Most people reuse their passwords. The password used for their online shopping activities would most likely resemble the password used to access your corporate email or collaboration platform.
And when their favorite online shopping sites get hacked (and they do, often!) – their passwords become known to the hackers, globally. There are websites allowing hackers to enter a person’s name or email address and see all the passwords they have ever used!
They then attempt using these against your email server or collaboration system and voila, many times, they work!
Every company on this list of hacked companies had antivirus and a firewall. They still got hacked. In all cybercrime investigations, the outcome is the same: hackers simply don’t care if you have antivirus and firewalls, they will still get in.
So what should you do?
As a cybersecurity consultant, I always protect my clients from advanced attacks by implementing a whole set of additional defense measures everywhere in their IT infrastructure, focusing on the endpoint.
Most people in your company are not security experts. I would even argue 100% of your entire workforce are just experts in their fields – and that is how things should be.
I will only introduce a small change: relevant, human, easy to understand training which will give them a basic understanding of how hackers might or will try to mislead them into opening a malicious attachment or a fake login link.
IT Administrators leave the defaults on for most cloud services I have audited in the past few years.
They don’t enable or enforce 2-factor authentication. They leave all the possible security policy settings default – which usually means they are turned off.
These policies and settings exist for a reason – hackers are actively abusing cloud services, and cloud service providers have developed countermeasures to protect you.
But did your IT admin enable all the 285+ security settings present in Office 365, now known as Microsoft 365?
Every time I consult a company on cybersecurity I get to see completely unprotected devices such as printers and routers. Most of them WiFi-enabled. Then they wonder how were they hacked?
Through the unprotected printer.
But they could just as well get in through an insecure desktop, laptop, mobile phone, server, or a network device.
This is why I help my clients protect their whole IT infrastructure. And when their systems administrators are overworked and underqualified when it comes to cyber defense, I help them by coaching the sysadmin and guiding them on how to protect every device type in their network against modern, persistent, and advanced hackers.
Most companies we start working with have no vulnerability management, and as a result, have no clue they can be easily hacked through any of them.
Our virtual ciso (CISO as a Service) team will identify all vulnerabilities present in your computers, software, servers, network devices, and other equipment.
They will then generate a plan to fix them and start working on the remediation process.
The final step in our vulnerability assessment service is to build your whole vulnerability management program, with scanning automation, configuration scanning discovering configuration errors, and more.
Hacking into email systems is likely the easiest task for a hacker or a hacking team.
Did you know it usually takes just a few minutes?
All my clients enjoy complete peace of mind – knowing that their email cannot be hacked by most hackers on the planet.
I can help you establish secure email and instant messaging communications within and outside of your company.
It is also a tremendous relief for your clients and business partners to know that anything they send you will be kept safe and secure from prying eyes.