Dark Wolfe Consulting, LLC (DWC)

Information Technology (IT) Networks, Operational Technology (OT) Networks
Network and Information Managed Security Services Provider (MSSP), Security Consulting, Cybersecurity Consulting, CISO as a Service, Interim CISO Services, Incident Response, Penetration Testing, Information Security Assessments, Gap Assessments, PCI-DSS,FedRAMP, StateRAMP, NIST SP 800, Post Quantum Cryptography Consulting (PQC), GRC Support, Framework Alignment, OT Assessments - Walkdowns - Penetration Testing, NAC Consulting, SASE Consulting, Vulnerability Management Programs, Application Security Programs, Information Security Training in all areas (Digital Forensics (DF), Incident Response (IR), Python, Security Orchestration Automation and Response (SOAR))

Penetration Testing

External Infrastructure Assessments - standard penetration testing and information security assessments, Application Assessments, Operational Technology (OT) assessments (indusrial environments for Allen Bradley, Rockwell Automation, Siemens, etc.), OT walkdown assessments, PCI-DSS QSA Prep, etc.

Managed WAF as a Service (WaaS)

DWC can manage an applications existing WAF, as a service. DWC specializes in proactive and reactive configurations, tightly coupled and loosely coupled configurations, etc.

Security Operations Center (SOC) as a Service (SOCaaS)

DWC can manage an existing SIEM and or consume log and event data into a SIEM and alert the customer as required.

Incident Response (IR)

DWC can support all aspects of IR. DWC has an IR team that is capable in both IT and OT networks (industrial control environments like ICS/SCADA).

Digital Forensics (DF)

DWC can provide support in all aspects of DF including boots on the ground support, remote DF support, staff aug, for both IT and OT environments.

Security Orchestration Automation and Response (SOAR)

DWC can provide Subject Matter Expertise and support, including staff augmentation, for supporting businesses in SOAR strategy support.

This includes consulting on COTS, custom software developement, scripting development, modification and maturization of existing implementations.

Information Security Training

DWC has custom and modern courses in Digital Forensics(DF), Incident Response(IR), Python, Governance, Risk, and Compliance (GRC), Operational Technology (OT) Security Courses, Forward Engineering Courses - all of which are aligned to the NICE framework

Managed Security Services

DWC can pickup where customers leave off.

DWC has a 24/7/365 staff to manage security for security functions customers require. e.g., WAF, Internal Security Tools, DOS/DDOS Tooling

Vulnerability Management Program Support

DWC provides fleshing out and maturing Vulnerability Management Programs for enterprise class and small businesses. DWC can support any function or a complet VMP. This work is customized to fit the customers needs.

Application Security Management Programs and Support

DWC can flesh out an application security program from scratch or reignite an existing one. DWC can also provide training services around application security programs tailored to existing environments and tooling.

Compliance Programs

DWC can flesh out and or mature existing compliance programs.

Additionally, DWC can support a team when attempting to achieve first time certifications like NIST SP 800, NIST CSF, COBIT, CIS, 62443, CCM, GDPR, HIPAA, HITRUST, ISO 27001, FedRAMP, StateRAMP, PCI-DSS, COSO, CMM, and attestations like SOC2, etc.

Chief Information Security Officer (CISO) Services

DWC can provide interim and fractional CISO Services. Typically, DWC will flesh out 2 year and 5 year roadmap packages and associated project plans used to close framework alignment gaps.

Information Security Framework Gap assessments

DWC can assist in conducting gap assessments which illustrated gaps in the current state an the desired information security framework alignment. Additionally, DWC can flesh out roadmaps and project plans to achieve a future state.

Information Security Architecture Future State Designs

Future state architecture services are applicable to both IT and OT environments.

OT environments consist of industrial networks that leverage SCADA and ICS components

Post Quantum Cryptography (PQC) Algorithm Adoption

DWC will roadmap and layout adoption plans for the coming NIST PQC algorithms like: (PKI) CRYSTALS-KYBER, (3 digital signature schemes)(1) CRYSTALS-Dilithium, (2) FALCON, (3) SPHINCS+ (NIST SP 800-56A)

Along with strategies for understanding the store now decrypt later risk and what needs to be addressed 'now' vs what 'can wait' until later. This includes vendors working their way toward adoption of the algorithms.

Hunt and Incident Response Team (HIRT) Engagements

DWC can deploy a team to do do a proactive hunt in any IT or OT environment to hunt for malware artifacts on networks on the wire, in memory, and via DNS.

The teams can deploy on-site or the work can be done remotely without the team touching the customer network or via VPN access if DWC is requested to collect the information.

Application Programming Interface (API) Penetration Testing

DWC is well practiced in performing API information security assessments and penetration testing. The penetration tests include the methodology.