www.siriuscom.com 8/18/2017 1

Sirius Security Overview

Rob HoisingtonIT Security Consultant

www.siriuscom.com 8/18/2017 2

Rob Hoisington is a Security Architect and member of the IT Consultant team for Sirius Computer Solutions. Robert holds a Masters of Science degree in Information Technology from University of Maryland University College and he is an alumnus of the U.S. Military Academy at West Point where he received a Bachelors of Science in Computer Science.

Rob has been with Sirius Computer Solutions for 5 years. During this time he has worked with clients in a wide variety of industries including banking, insurance, education, healthcare, manufacturing, distribution, and utilities - addressing a wide variety of security, regulatory, and disaster mitigation challenges.

Prior to joining Sirius, Rob worked for the U.S. Army as a Signal Corps Officer where he was responsible for technical teams as well as security, networks, and systems both in the U.S. and deployed overseas.

Rob is married, has 3 kids, and lives in Spring Hill, Tennessee.

Rob HoisingtonIT Security Consultant - CISSP, GLEG, GCIHRobert.Hoisington@siriuscom.com - 757.675.0101

www.siriuscom.com 8/18/2017 3

www.siriuscom.com 8/18/2017 4

– Introductions– Sirius Consulting Approach and Portfolio (high level)– Sirius Security Capabilities

• Security Consulting Services• Security Solutions

– Client Security Roadmap and Initiatives– Next Steps

Agenda

Sirius Consulting Approach and Portfolio

www.siriuscom.com 8/18/2017 6

Consulting Services PortfolioEnterprise Consulting• Interim CIO and CISO Services• Digital Workspace• Internet of Things • IT Strategic Roadmaps• IT Service Management• Technology Solution Evaluation• Process Optimization Assessments• Cost Reduction Assessments• Business Impact and Technology Investment

Justification • Insourcing/Outsourcing Assessments• M&A Due Diligence and Integration• Telecommunications• Imaging and Print Services• Organizational Assessments

Data Center Transformation• Data Center Models

• Private• Cloud• Hybrid

• Data Center Functions• Production• Disaster Recovery• Other

• Data Center Services• Strategic Planning and Budgeting• Current State Inventory• End State Design • Detailed Implementation

Planning and Budgeting• Implementation and Testing• Implementation Post Mortems

DevOps Transformation• End-to-End DevOps Lifecycle• SDLC & Application Lifecycle Management, Agile,

Waterfall, Continuous Release and Deployment • Operations Optimization• Infrastructure Best Practices• ITIL, CMMI, Scaled Agile Framework (SAFe), Lean, and

Six Sigma Best Practices• Data Strategy• Quality Assurance Best Practices and Test Automation• Cloud Computing• Infrastructure as Code (IaC) • Security, Regulatory, Governance and Controls

Risk, Security, and Compliance• Security Governance Review• Enterprise Risk Assessment & Security

Posture Services• Data Criticality Assessment• Vulnerability Assessments• Technical Security Architecture Review• HIPAA/HITECH & MU Assessment• PCI Assessment

• Security Policy Services• Employee Security Awareness• SIEM/MSSP Assessment• Executive Security Consulting Services• Penetration Testing• Social Engineering• Forensics• Code Risk Assessments

Business Continuity & IT/DR• BC & IT/DR Current State Assessment• Business Impact Assessment (BIA & µBIA)• Emergency Preparedness Action Planning• Architecture Standards for Continuity &

Recovery• Declaration Process Plan

• Tabletop Exercise Facilitation

• IT/DR Exercise Planning & Coordination• BC Program Awareness Consulting• Incident Response Planning• Enterprise Communication Planning• Family Support Reponses Program

Sirius Security Capabilities

www.siriuscom.com 8/18/2017 8

– Vendor neutral and consultative– Primary focus is to understand/develop customer requirements including via

assessment if necessary. • Understand current client environment• Understand security drivers (high risk data, privacy, compliance, incidents, etc.)

– Jointly develop an approach to meeting requirements• May include People, Policy, Process, Governance, and Technology • Solution/Remediation plan or may not include Sirius capabilities if best fit for client

is something we don’t offer

As a systems integration company, the full Sirius engineering team stands behind the ITC to assist with security implementation services and remediation, including a large

number of partner brand skills and services – most competitors can’t offer the breadth of internal resources and partnerships that Sirius brings to the table for implementation and

remediation services.

Sirius Security Principles and Approach

www.siriuscom.com 8/18/2017 9

Sirius Security Architecture Review (SAR)

www.siriuscom.com 8/18/2017 10

– Compliance• PCI DSS, NIST, FISMA, HIPAA, ISO, etc.

– Assessments• Penetration Testing, Network Vulnerability, Web App Vulnerability• System Security Configuration Reviews• Information Criticality Workshop

– Governance• Third Party Vendor Management, Program Development, Security Awareness

– Incident Response• Physical, Technical, Plan Development, Retainer

– Digital Forensics• Imaging, Extraction, Analysis, Preparation for Counsel, Expert Testimony

– Executive Security Consulting Services– Presales Consulting

• Security Architecture Review (SAR) Workshop• Security Solution Development

Sirius Security Consulting Services

www.siriuscom.com 8/18/2017 11

Security Solutions– Vulnerability

Management– Patch/System

Management– Traditional Endpoint

Security– Next Generation

Endpoint Security– Next Generation

Firewall– Network Access Control– Content Filtering/Proxy– Email Security– Security Incident Event

Management– IPS/IDS

– Application Protection– Identity and Access

Management– Database Security– Remote Access– Multi-Factor

Authentication– Web Application Firewall– Endpoint Incident

Response– Cloud Security– Privileged Identity

Management– Managed Security

Services

– GRC Platforms– Data Loss Prevention– Network Management

and Audit– Network Taps– SSL Decryption – Mobile Device

Management– Unstructured Data

Security– Encryption– Data Center

Segmentation

www.siriuscom.com 8/18/2017 12

Sirius Security Solutions and Services Partners

…and more

www.siriuscom.com 8/18/2017 13

Sirius Security Solutions NIST Cyber Defense Matrix View

Recover

Technology PeopleProcess

Devices

Applications

Networks

Data

Users

Degree of Dependency

RespondDetectProtectIdentify

Client Security Roadmap and Initiatives

Next Steps

www.siriuscom.com

THANK YOU