Your Virtual Chief Security Officer (vCSO)

Cyber Security should not be scary.  You don’t have to go alone.  Let us start together with VanBo as your virtual Chief Security Officer .  If we do the basics, we can improve the confidentiality, integrity, and availability of your data giving confidence to your partners, customers and customers to be. The cornerstone of security start with training and education.

There are several basic steps to start towards security:

  1. Security Assessments
  2. External Vulnerability scan.  
  3. Internal Vulnerability scan.
  4. Network Monitoring.
  5. Penetration Testing.

Other Items to consider: Training, Encryption, password policy, 2FA (Two Factor Authentication), disclaimers, policies and procedures, backups, wireless network testing, remediation and other items including remediation assistance of problems discovered

We offer subscription programs that allow you to secure your information over time and keep it secure.  We offer programs that test externally on a monthly basis and provides hours for remediation and strengthening your network.  This allows you to budget for security and make it easy to start and keep going.

Tools and Partners

VanBo utilizes some of the best tools in the world for analysis and remediation including:

Kali Linux Security Tools

We are Microsoft Partners with focus on Azure, Active Directory, Backup.

Microsoft Partners

We partner with UltraScary for our deep security going further than the average organization goes.

All logos and trademarks are property of their respective organizations

More Information about our offerings:

  1. Security Assessments –  A Security assessment can be as simple as a discussion/interview about where you feel you are at and what your security goals are to amore in depth assessment including several of the services below (External/Internal scans, monitoring, penetration testing).  The goal of an assessment is to determine where you are and where you want to go with your security footprint.
  2. External Vulnerability scan.  – Scan your network from the outside.  Check the external IP addresses for vulnerabilities.  This looks at your connections to the world from the point of view everyone else sees.  This is a non-exploitative test that does not actually attempt to exploit the weakness found but rather report on it for remediation consideration.
  3. Internal Vulnerability scan. – Scan your network from the inside.  This is an important step of security that is often overlooked.  Up to 100 devices are scanned internally for vulnerabilities.  If we can get internal administrative access, this test is most effective.  Even without it, it is an important test and will report on weaknesses that should be addressed.  This can be a one time scan but is more effective if equipment is permanently setup to scan on a periodic basis so you can monitor progress.
  4. Network Monitoring.  This is a permanent setup to monitor your network.  It can include asset reporting on your network so you have awareness of what is on your network.
  5. Penetration Testing.  Setup systems to test vulnerability and scan for vulnerabilities on a regular basis.  It goes beyond External vulnerability scans utilizing skills beyond vulnerability scanning like scanning of SQL servers and web servers for deeper testing.

Other Items to Consider:

Training – Is your staff aware there are things they can do to help keep information safe?  Do you have policies and procedures for them to follow surrounding information handling?

Encryption – Critical information should be encrypted.  That includes encrypting the hardware that the information resides on and encrypting the transfer of information between computers when possible and cost effective.

Password Policy – Do you have a password policy?  Is it documented? Do your employees know what it is and what is expected of them?

2FA (Two Factor Authentication) – This is important for your cloud services that, at a minimum, your administrators have two factor authentication enabled.

Disclaimers – Do you have privacy disclaimers where appropriate?  Do your employees and other know how they are allowed to use the information?

Policy and Procedures – Do you have policies for your employees?  Do they know the procedures?  Do you review them regularly?  

Backups – Do you have backups?  Where are they?  Do they backup the important information?  Have they been tested?

Wireless Network Testing – Do you have a wireless network?  Is your guest network seperate?  Have you tested your wireless network for vulnerabilities?

Remediation – Now that you know you have issues, now what?  We will work with your IT to help remediate the issues or do the remediation on your behalf if you do not have the staff to do it.