Precision Information Security
Continual assurance in the evolving threat landscape.
secureCENTRX’s risk-based approach empowers organizations to invest in their information security maturity with the confidence of awareness and context. Our services are built on knowledge transfer to elevate customers culturally and institutionally. We implement innovative Techniques, Tactics, Procedures, and Tooling with highly structured processes for perpetual cybersecurity.
Ethical, vetted, and experienced security practitioners and premier industry certifications
50+ projects/year Hundreds of collective person-years of experience
Infrastructure
Testing and Response
- Vulnerability Management
- Penetration Testing
- Red Teaming
- Major Incident Response Program Development
- Ransomware Defense
Software
Securing Software
- Secure Development
- Threat Modeling
- Penetration Testing
- Web Application Firewalls
- Program Development
- Ransomware Defense
Risk Management
Governance, Risk and Regulatory
- Audit Support
- Risk Programming
- Assessment
- Policies and Procedure
- IT Control Framework
- InfoSec Management System
Operations
Security Operations Center
- 24x365
- Extended Detection and Response
- Security Incident Response Management
Get a one-time Recon:Black
external penetration test at no charge when you...
The Black Art of Threat Modelling is Old School
To learn more about secureCENTRX and Accelerated Threat Modeling, please downloadthis brief presentation. For a deeper understanding, please send a request to [email protected]
Governance, Risk, Regulatory
(GRR™)
secureCENTRX puts the GRR in Compliance
How do organization get the most out of the audits/assessment that they perform?
CMMC, CIS, PCI, HIPAA, CCPA, GLB, NIST, FEDRAMP, SOC2, GDPR or others all require significant participation from any organization’s staff. It is secureCENTRX mission to curate the maximum return on that investment and to infuse a sense of opportunity for continuous improvement for everyone. This is all clearly in alignment with business objectives.
Audits are leveraged to determine controls for regulatory compliance, customer assurance, and to increase the security of any organization.
Organizations striving to optimize already stretched thin resources to meet audit requirements resulting in audit fatigue, incomplete data gathering, and erroneous findings.
Audits are based upon a standard. Standards contain control language. A tactical assessment evaluates an organization against its compliance with security controls.
Compliance with the security control can be evaluated by examining the security control in detail to determine what is and is not in scope for a particular security control.
secureCENTRX is hard-wired to support all of the goals of the audit cycle, but the principal outcome is at the core of the values of our team and the customer: to make an organization more secure, robust and resilient.
Our approach is based on demystifying the process with clear, motivated and contextual communications.
The results will always be motivations for positivity within an institution…now, that’s different!
Security Operations
24x365
Always On
100%
All client endpoints, protected
100+
Years of collective experience
50+
Team Experts
Common Threats Addressed
Tooling
Technology Solutions
Adaptive Data Protection protects data-in-use. These operations are typically performed once the data is accessed and all data protection, such as encryption, is removed. Adaptive Data Protection will remove the presence of clear text sensitive data in the enterprise.
secureCENTRX recommends:
Titaniam for Ransomware defense. Titaniam Protect is modular with four interoperable products to apply encryption-in-use to any type of cloud architecture in order to be fit for purpose in many use cases. Titaniam is a Gartner's Cool Vendor.
SASE⁺PLUS converges Software-Defined WAN and Perimeter with Secure Application and Data Interconnect for truy Zero-Trust security from one provider to protect all systems.
secureCENTRX recommends:
Network segmentation is a clear countermeasure to the threat of Ransomware attacks. Acreto was recommended by a Cyber Insurance underwriter for a customer with a porous supply chain in the perimeter. The ease of implementation is astonishing considering the scope of protecting all systems.
NodeZero is an autonomous true self-service SaaS pentesting solution that is safe to run in production and requires no persistent or credentialed agents. NodeZero is laser focused on delivering the highest quality, validated scans.
secureCENTRX recommends:
NodeZero is the new face of beauty for penetration testing by proving threat concepts and verifying remediation. By running continuously and autonomously, the cost of effective threat mitigation in terms of investment and effort is greatly reduced.
CyberTrap – The point of deception technology is to turn the tables on attackers. By basically turning any endpoint into a trap, it enables companies to use deception technology as part of their cybersecurity strategy to actively defend corporate data against unauthorized access.
secureCENTRX recommends:
We have years of experience with CyberTrap, which clearly demonstrates the effectiveness of an organization’s security investment. This solution just makes sense, but the market has been slow to adopt deception technology until after a breach has occurred.
Security technology that discovers, diagnoses, monitors and protects cloud workloads, applications and APIs across the distributed ecosystem. Avocado eliminate lateral movement and data exfiltration with agentless, app-native security and visibility.
secureCENTRX recommends:
secureCENTRX Software Security practice raises institutional security consciousness by applying Avocado for development teams. This is granular security that is inherently missing in every development environment that we’ve supported.
Asset and vulnerability discovery that provides critical context and data needed by incident response and security teams to accelerate decision making.
secureCENTRX recommends:
Effective asset discovery has remained elusive due to complexity and the ever-shifting nature of modern environments. Rumble truly simplifies security because it’s impossible to protect what is not known.
Cloud-native, analytics-driven XDR platform SIEM, SOAR, NTA, Behavior Analysis. This is more than a SIEM, it’s a set of tools that allows for high fidelity tuning/filtering based on machine learning.
Gurucul is making waves in very a crowded market. Gurucul should be investigated thoroughly by everyone in order that we all understand what is actually possible. Gurucul wasn’t even ON the Magic Quadrant two years ago, now they are Visionary and Leader.
TriagingX has extended behavior analysis capability from sandbox for a single file object to the entire endpoint system's behavior analysis, including desktop and server computers, physical or in the cloud. The suite of next-level products includes threat hunting, sandboxing, and end-point detection and response.
secureCENTRX recommends:
Humanity is being over-run with Ransomware, Malware, Vulnerabilities and Zero-Day Attacks. That’s a tall order and it keeps everyone on high alert. TriagingX has executed thoroughly and knowingly regarding how organizations actually can prepare for and respond to reality-based threats.
APIsec provides continuous, comprehensive coverage of API endpoints, with seamless integration with workflows. Unlike traditional security solutions that look for common security issues, APIsec pressure-tests the entire Application through the API, including business logic flaws responsible for most breaches.
secureCENTRX recommends:
We think of APIs as the new face of the Internet Protocol in that it’s almost ubiquitous and security is assumed rather than assured. API technology is increasingly complex with IoT, security, cloud, web devices, and the need for integration. API testing is critical for automating testing because APIs now serve as the primary interface to application logic. Tests can be difficult to maintain with the short release cycles and frequent changes commonly used with Agile software development and DevOps. Most testing organizations with a heavy investment in functional automation and manual testing are not prepared for this shift. ApiSec.ai makes a big difference in timing, cost and effectiveness.
ZeroTouch AI is a Modern Windows MDM and Configuration Manager SaaS solution, offering easy over the air device provisioning (Imaging), enhanced security (Patch Management of OS and 3rd party applications), cloud group policies, build-in asset management, Software Deployment, Automation, self-healing and self-service capabilities, packed with 1000s of features to better help IT professional manage corporate devices and deliver exceptional return on investment (ROI) to business with 1000s of built-in solutions and automation.
secureCENTRX recommends:
secureCENTRX recommended ZeroTouchAI MDM to help customers small or large to better implement the zero-trust security framework (Trust nothing. Validate everything) on corporate devices and help their IT teams have better visibility, management, and automation in place, and protect company intellectual property (IP).
Leadership
Kelly Robertson, CEO
30 years of professional Information Security experience in 30 countries across many disciplines, technical vectors and market segments. Industry certifications include ISC2 CISSP #409644, f5 and Imperva WAF, Microsoft ISA, CheckPoint, CSI Encryption, WhiteHat web security analyst, Cisco routers and internetworking. Board member of Silicon Valley ISSA and member of several industry consortiums.
Worked at SAIC, Nokia, Juniper Networks and White Hat Security before transitioning to security consulting for numerous startups with Zisher Infosec, which became part of SEC Consult America in 2017. SEC Consult was acquired by Atos in late 2021. Currently CEO of secureCENTRX, a boutique Information Security consultancy focused on serving Managed Service Providers.
Chant Vartanian, Founder
- Founder and Chairman of Singularity Ventures
- Founded M-Theory Group of companies in 2007, including secureCENTRX
- 25 years Information Technology Executive Management and entrepreneurial experience
- CEO of M-Theory Group for 15 years
- Hardware-as-a-Service pioneer, Developed/Created CapEx-as-a-Service™ and other innovative solutions
- Responsible for developing more than $200M in revenue
- Successfully executed two M&A transactions
- Vartanian brings extensive operational experience and strong business acumen and provides keen insights to new and upcoming technologies
Ryan Edington, Infrastructure
secureCENTRX Principal Security Practitioner, Ryan Edington performs the Infrastructure testing services using Tactics, Techniques, and Procedures and keen experience. Ryan is a certified Offensive Security Certified Professional (OSCP).
Ryan has 5+ years of information security experience including penetration testing, vulnerability analysis, and employment of red team exercises. He has experience and expertise conducting in-depth testing on infrastructure, cloud, web application, API, mobile, Crypto Trust Wallet and wireless network testing. Ryan’s background includes 8+ years in systems administration and network engineering with an emphasis on information security.
James Flowers, GRR™
James leads secureCENTRX Governance, Risk, Regulatory practice (GRR). James is an IT professional with over 20 years in the areas of risk, audit, compliance, governance, and security. In his expansive career, James has advised and assisted many fortune 100 companies all over the world. James has extensive domain expertise in marshalling successful risk and compliance programs in all manner of environments.
Ben Stroba, SecOps
As the Manager of Security Operations, Ben is responsible for oversight of day-to-day Security Operations. He drives innovation, processes, and procedures for absolute precision in detection, response, and orchestration. secureCENTRX SecOps is the sentinel organization protecting tens of thousands of endpoints in real time. In addition to providing response measures around the clock he conveys several layers of visibility from the SOC, SIEM, EDR, and numerous other security solutions. The diligence of secureCENTRX 24×365 Security Operations allows customers to sleep worry free at night.
