Navigating Change Through Continuous Threat Vigilance
The CVP Cybersecurity Practice delivers innovative and continuous security services through our ‘Predict. Prevent. Protect.’ methodology to manage risk and improve overall security posture by elevating Cybersecurity as a core competency and Practice area for the company. CVP’s talented cybersecurity professionals specialize in areas from security operations to Cloud security, automation, risk management, and cyber defense. Our cybersecurity program management techniques employ lean, streamlined operations and provide the ability to dynamically manage competing and changing priorities in budget constrained environments.
The success of CVP’s Cybersecurity Practice is defined through harnessing the power of Machine Learning and Automation, enhancing communication and workflow, saving time and money with automated security assessments, and creating a framework for continuous improvement.
CVP’s Cybersecurity Practice strengthens our client’s security posture through the following key areas:
- Our “Anticipate, Automate, Prevent” Intelligence Driven Approach (AAPIDA) for next generation security operations eliminates the traditional security approach by triggering a multi-tool automated approach to communication, containment, eradication, and recovery. Our approach shifts the manual, human-based process and event analysis to machine- based intelligent automation. This reduces the response and containment times from minutes/hours to a matter of seconds.
- Implementing a ChatOps platform within security operations provides a platform for conversation-driven investigation bringing together security personnel, security tools, chatbots, and incident response workflows in the same communication channel to further streamline processes and expand situational awareness.
- Delivery of a dynamic “Next Generation” vision to security assessment
heavily leveraging inherited/common control implementation and
automated workflows for security control testing that pave the way for accelerated Authority to Operate issuance and integration as part of an Ongoing Authorization program.
- Implementing the CVP Cyber Delivery Range – a dynamic environment available to our clients for cybersecurity services such as threat intelligence, malware processing, reverse engineering, and continuous cybersecurity tool assessments.
Innovative technology meeting talented people is the crossroads of success for a cybersecurity organization. Cybersecurity is not just about the next visionary, next best tool, best leadership team, talented staff, or proper funding, it’s about a synergy of all of the above. Incidents in today’s world may be viewed as inevitable but one of the most critical decisions for an organization is not just about the security tools they have purchased and implemented but also the security personnel and services entrusted to secure the environment.
Client Success Stories
Protecting Enterprise Systems from Cyber Threats
CVP manages the security operations center (SOC) of a food inspection agency that has a workforce of over of 11,000 employees nationwide. Because three-quarters of the workforce is mobile working on-site inspections across the country, CVP handles security operations and incident handling with an integrated, multidisciplinary team that does not disrupt critical public health-related business operations. We monitor, hunt threats, analyze thousands of security events injecting threat intelligence data, prevent attacks, and respond to multiple security incidents monthly. Our implementation safeguards operations, prohibits unauthorized access, protects against malware, prevents data loss, ensures availability, and eases network management. The streamlined operations prepared the client for next generation security operations utilizing security automation while maintaining a real time security risk picture of their environment.
Restructuring an Enterprise Security Program
CVP helped a federal financial management agency restructure its cybersecurity program utilizing our security expertise and domain knowledge. We conducted an expedited analysis of the environment identifying a critical program gap. CVP created and implemented a vulnerability scanning program customized to the agency’s environment and made it into a defined, repeatable, and scheduled operation. We defined the agency’s set of common controls and introduced system owners and stakeholders to the integration of enterprise controls into previously insular security plans. Additionally, we worked collaboratively to structure a mitigation tracking plan; define standards; map a common set of fields, terms, and methods; and distribute templates for consolidated use by the organization providing a definable return-on-investment for the client and preparing the client for the next evolution of their cybersecurity program.
Remediating Security Weaknesses
A health insurance contractor had failed several external security audits. It brought in CVP to rewrite its System Security Plan to address audit red flags and achieve compliance with federal guidelines and regulations. CVP provided security expertise and technical writing to assist the system security officers and system owners with the review and development of the information security program, policies, standards, and procedures. We also produced the lifecycle documentation required to meet federal requirements. In less than 60 days, CVP helped re-establish both system boundaries and common controls clearly documenting control implementations that resulted in the clearance of all audit findings.
Preparing for Accelerated Security Authorization
CVP implemented a security Assessment and Authorization (A&A) program for a federal agency leveraging a standardized methodology across the organization that engaged and integrated all stakeholders. Our support included package creation, testing and delivery; developing and refining A&A policy, procedures and guidelines; and compliance monitoring. CVP tracked and maintained data relevant to the Federal Information Security Management Act (FISMA) reporting, including system inventories, mitigation tracking plans, and self-assessments. Additionally, we updated all A&A security artifacts to comply with the new federal standards and began implementation of our created roadmap to accelerated Authority to Operate issuance and ongoing authorization for the agency.
- Watch Desk
- Incident Response
- Focused Operations
- Security Control Overlay
- Security Tool Integration
- Multiple Platform Experience
- CI/CD Pipeline
- Security Orchestration, Automation, and Response
- Intelligent Automation
- Automated Security Assessment
- Risk Management Framework
- Security Authorization
- Security Assessment
- Security Training
- Identity Management
- Threat Intelligence
- Security Engineering
- Penetration Testing
- Insider Threat
- Continuous Diagnostics and Mitigation
Meet Featured CVPros
Director, Cybersecurity Practice
Andy directs CVP’s Cybersecurity Practice and leads an industry recognized and trusted Cybersecurity organization focused on Security Operations, Cloud Security, Security Automation, Risk Management, and Cyber Defense.
Greg uses his 20+ years of experience in cybersecurity analysis, planning, and compliance, and hardware/software design engineering to secure networks and systems for CVP’s clients.
Tristan is a senior cybersecurity professional who uses his experience in healthcare cybersecurity and expertise in security solutions engineering to lead CVP’s healthcare cybersecurity projects.
Omar is a cybersecurity professional with extensive experience deploying security operations and initiating large remediation efforts of critical system vulnerabilities impacting thousands of assets.
Seeman is a security operations center professional with in-depth technical experience in enterprise infrastructure operations, cybersecurity, and enterprise security.
Eric is a cybersecurity professional with over 20 years of goal-driven experience in cybersecurity program development and integration in the federal and healthcare sectors.
Mark is a creative and results-driven cybersecurity leader with over 14 years of professional services experience in managing operations, architecture design, information assurance, security assessments, and audit readiness.