Veterans supporting Veteran owned businesses.
CYBER THREAT
SECURITY
SOLUTIONS
Specializing in Cybersecurity Governance, Risk, and Compliance (GRC), and fractional vCISO consulting solutions for Veteran owned small and medium businesses. We can assist you with your cyber resilience projects.
OUR
SERVICES
We are a Veteran owned, non-profit organization. Our projects are chosen based on resource requirements and the number of our current volunteer roster. All of our volunteers are Veterans and subject matter experts in various aspects of cybersecurity governance, risk, compliance, engineering, threat intelligence, threat hunting, penetration testing, and forensics. We also have a limited number of cybersecurity internships for students currently enrolled in 4 or 6 year cybersecurity degree programs. Let us know how we can help you in building a strong and resilient cybersecurity and information assurance posture.
CYBERSECURITY GOVERNANCE
Cybersecurity governance is the framework that provides the structure for managing and controlling cybersecurity-related processes within an organization.
RISK MANAGEMENT
Our risk management services help businesses identify, assess, and prioritize cybersecurity risks to minimize their impact.
COMPLIANCE SOLUTIONS
We offer comprehensive compliance solutions to ensure that businesses adhere to industry regulations and standards, safeguarding their digital assets.
FRACTIONAL vCISO
Strong cybersecurity begins with a top down strategy. Our security experts will work with your security teams to being your cybersecurity program into business alignment.
SECURITY AUDITS
Our security audits help businesses evaluate the effectiveness of their cybersecurity measures, identifying vulnerabilities and recommending enhancements.
SECURITY AWARENESS
We provide specialized training and awareness programs to educate employees about cybersecurity best practices, empowering them to contribute to a secure work environment.
Governance, Risk, and Compliance
Governance, risk, compliance, and privacy is as much about risk management as it is about technology service delivery.
We take an enterprise approach to designing and implementing manageable solutions for our clients. Our team integrates controls within the IT services process, and consolidates control models for multiple compliance requirements by establishing objectives that mitigate risk in the day-to-day service processes of an IT organization. This method reduces the duplicated work effort of both the IT and business resources teams, and keeps the focus on delivering measurable, quality IT services.
As both technology and compliance obligations become more complex and increasingly entwined, focusing on governance, data quality, and assurance will be essential for most, if not all, corporate enterprises.
IT governance and privacy are not just about the risks of new information technology, or simply gauging performance of the IT organization, but are also about the development and proper implementation of appropriate policies, procedures, standards, and control definitions. The value of IT services is met by not only aligning the goals of the IT organization, but also by ensuring that business goals are met in a secure and contained manner.
Fractional vCISO
Employing an executive-level IT/security professional can be very cost prohibitive. Many organizations, especially small and medium-size businesses, do not need a full-time Chief Information Security Officer (CISO). All they need is a trusted advisor to provide thought leadership on creating an effective information technology/security program and taking advantage of current resources to effectively manage the organization's cybersecurity and information assurance needs.
Leveraging the expertise of a fractional vCISO only when needed can eliminate the worry and confusion over creating a secure and effective IT environment. We help you navigate complex regulatory compliance issues while aligning business needs with budgetary constraints, leaving you free to run your business operations. Further, with access to a broad range of subject matter experts, the right support can be delivered at the right time – when you need it.
Our fractional vCISO service provides your organization with immediate access to a professional and experienced cybersecurity leader in areas of security operations, data management, infrastructure, data security, compliance, and risk management. Our goal is to assist your leadership on their journey to enterprise cybersecurity resilience. We can also prepare your Security Director for the transition to the CISO position within your organization.
Risk Management
Enterprise risk management involves understanding, analyzing, and addressing risk to ensure organizations achieve their objectives. So it must be proportionate to the complexity and type of organization involved. Enterprise Risk Management (ERM) is an integrated and joined-up approach to managing risk across an organization and its extended networks.
Because risk is inherent in everything we do, cyber risk professionals' roles are incredibly diverse. They include insurance, business continuity, health and safety, corporate governance, engineering, planning, and financial services.
We work with your team to develop an effective enterprise risk management program. A cyber risk assessment is essential in building an information security program. Risk management and risk assessment activities will consider people, business processes (information handling), and technology. Keep in mind that there is no such thing as siloed cybersecurity risk, all risk is ultimately business risk.
Security Audits and Assessments
Our security audit experts will help you perform a complete Cyber Security Audit, Compliance Audit, and Data Security Audit to uncover where weaknesses and security gaps exist throughout your organization and what issues drive non-compliance. Our GRC team will use the finding from the assessment to establish an effective security program.
Our security audits can also play an important role in internal investigations when anomalies are discovered or wrongdoing is suspected. You can use our findings for any potential litigation/legal proceedings and strengthen your internal controls to mitigate future problems.
Compliance Assistance
Our IT compliance security volunteers help veteran owned organizations identify vulnerabilities and assess real business risks and meet SOC 1 and SOC 2, PCI, HIPAA, GLBA, FISMA, ISO 27000, CMMC compliances, and other security compliance mandates more efficiently and effectively. We help devise security and governance programs that fit your environment, and help you recover from and prepare for a cyber security breach.
Our security experts understand this through years of experience in all aspects of information security. Our services are customizable and can be related to any aspect of information security, such as technology, policy and procedures, compliance network design, disaster recovery, compliance standards, Incident Response, and more.
Employee Awareness and Human Risk
Employees are part of an organization’s attack surface, and ensuring they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. If an organization needs to comply with different government and industry regulations, such as FISMA, PCI, HIPAA, Sarbanes-Oxley, CCPA, GDPR and others, it must provide security awareness training to employees to meet regulatory requirements. We can assist with your employee cybersecurity awareness training and education program. Our Veteran volunteers have the background and experience to help reveal your employees' weaknesses, before the hackers do.
We have also started to work with volunteers that have current training in human risk management.
Those within the cybersecurity industry have caught onto the benefits of this type of employee risk management. After all, more than 60% of breaches are caused by human error, action or inaction, and security tools and software can’t do it all to protect your organization. Because people are often the ones manipulated to get a foot-hold into your network, better managing the employee risk behind your organization is really one of the highest-impact ways to increase your cybersecurity.
Human risk management (HRM) calls for a change in the narrative that portrays your employees as your biggest security threat. It asks you to instead view your team as your biggest strength, and to believe that with the right awareness training and support, they can champion your security.
Effective regulatory frameworks in cybersecurity, such as COBIT, NIST CSF, ISO 27001, SOC1 and SOC 2, PCI-DSS, HIPAA, C2M2, and other standards, play a pivotal role in safeguarding sensitive data, ensuring privacy, and fortifying organizational resilience against cyber threats. These frameworks provide structured guidelines, best practices, and standards tailored to different industries and compliance needs, offering a roadmap for organizations to establish robust cybersecurity measures. Adherence to these frameworks not only mitigates risks but also fosters trust among stakeholders, enhances brand reputation, and facilitates regulatory compliance. However, navigating the complexities of multiple frameworks and ensuring compliance can be daunting for organizations. Our company specializes in providing tailored solutions and expert guidance to help clients decipher these intricate frameworks, implement effective cybersecurity measures, conduct thorough risk assessments, and achieve regulatory compliance seamlessly. Through our comprehensive approach, we empower clients to navigate the intricate landscape of cybersecurity regulations with confidence, enabling them to focus on their core business objectives while safeguarding their digital assets and reputation.
ABOUT ISACTI
ISA Cyber Threat Infrastructure began supporting Veteran operated businesses in late 2008 as, Veteran Cyber Support. After separating from active duty in 2007, Ed Burns and Jon Medina began helping a handful of small businesses with their information systems security. Both had years of experience in cyber security and information assurance through the military, and both had a desire to help Veterans who operated their own companies. They began to obtain grants and donations in order to become fully not for profit, and launched Veteran Cyber Support a year later. In 2011 Veteran Cyber Support became ISA Cyber Threat Infrastructure.
ISA Cyber Threat Infrastructure is dedicated to empowering businesses with robust cybersecurity governance, risk management, and compliance solutions. Our mission is to safeguard Veteran organizations from cyber threats and ensure a resilient digital infrastructure. Because our Veteran volunteers are all subject matter experts in various disciplines of cybersecurity and information assurance, we focus on excellence and innovation, and strive to deliver unparalleled cybersecurity services that exceed our partners' expectations.
ISA on-boards 3-4 new projects monthly, on average. Each company must be Veteran owned and operated. Your leadership will work collaboratively with a small team of Veteran volunteers located throughout the states and led by an experienced project manager. Each volunteer is a SME in their sector of industry and regulatory compliance.
Your first step is to reach out and determine if your organization falls within our scope of purpose. Because our efforts are pro-bono for Veteran owned businesses, we can only bring on a few new companies per month. Our on-boarding specialist will determine if your company fits with our mission, and if your project fits within our current roadmap. Send us a message in the form below, or shoot us an email and give us a brief description of your company, the current security project, and how you think we can help.
LEADERSHIP TEAM
Edward Burns: Executive Director, vCISO
As Executive Director, Ed brings a wealth of experience from both military and civilian cybersecurity backgrounds. With practical knowledge gained through years in the field, he leads with a down-to-earth approach, prioritizing strategy and business alignment with the mission of aiding our country's Veteran entrepreneurs and business owners. The shift from military to corporate settings gives Ed a solid grasp of the varied challenges posed by current cyber threats. Under his direction, the company thrives on practical expertise and adaptable solutions, tailored to the ever-changing cybersecurity landscape. Ed fosters a culture of teamwork and innovation, pushing the leadership team to continuously improve services for small and medium Veteran owned organizations. In an industry that demands flexibility, his mix of real-world experience and business sense ensures the company stays agile, protecting clients' interests with steadfast commitment.
Jonathon Medina: Managing Director, vCISO
Jonathon leverages a diverse background spanning military and civilian cybersecurity domains to fulfill his role as Managing Director at ISACTI. With insights gained from his transition between military and corporate environments, Jonathon possesses a nuanced understanding of the multifaceted challenges posed by small and medium businesses in today's security landscape. Grounded in practicality, he emphasizes pragmatic business strategies, ensuring the organization remains focused on effective solutions for Veterans. Guided by Jonathon's leadership, the company thrives on the security backgrounds of it's Veteran volunteer groups. Encouraging collaboration and innovation, Jonathon fosters an environment where the team continually enhances cybersecurity defenses for it's partners. In an ever-evolving industry, Jonathon's blend of firsthand experience and business acumen enables the company to stay up to date with the latest threats to our industry, steadfastly safeguarding our clients' interests.
Lucille Jansen: Human Resources Director
As Human Resources Director, Lucille brings a unique perspective shaped by her background in human resources and technical recruiting. With her considerable industry contacts and a knack for understanding organizational dynamics, Lucille ensures that the ISACTI volunteer teams are not only skilled in cybersecurity but also aligned with its mission and values. Drawing from her experience in recruiting technical talent, she understands the importance of assembling diverse and capable groups to tackle complex cybersecurity challenges. Lucille's leadership is characterized by a people-first approach, prioritizing the development and well-being of her team members. Under her guidance, the company fosters a culture of inclusivity and collaboration, where every individual's contributions are valued and respected. In an industry where human capital is as critical as technical expertise, Lucille's background in HR and recruiting proves invaluable, driving the company's success by cultivating a strong and cohesive team.
Security Team Leadership
David Breadon: vCISO, Security Teams Director, Lead Security Architect
Dave has close to 25 years in the technology sector with roughly 15 years dedicated to strategic cybersecurity and information assurance initiatives, program and process refinement, and building security culture from the top down. He enjoys fractional vCISO projects and mentoring current security managers for the CISO role. His experience encompasses team leadership, cybersecurity frameworks, security program maturity, incident response planning, security control integration, cybersecurity governance (GRC), security risk, regulatory compliance (HIPAA, NERC CIP, GLBA), attack surface management, security auditing & gap assessment, 3rd/4th party vendor supply chain security risk, vulnerability management, purple team coordination, threat hunting, workflow analysis & design, project management (10,000+ hours), process and service improvement (ITILv4), contract negotiation, and asset acquisition.
Jennifer Durance: Volunteer Coordinator, Senior Security Architect
As a seasoned professional with over 15 years in information technology and cybersecurity, Jennifer brings a wealth of experience to her role as the Veteran volunteer coordinator. With a background as a project manager and cybersecurity architect, Jennifer possesses a deep understanding of both the technical and managerial aspects of security. Her extensive tenure in the industry has equipped her with the insights needed to navigate complex cybersecurity challenges. Jennifer's leadership is characterized by a results-driven approach, prioritizing efficient project management and robust cybersecurity architecture to meet our partners' needs effectively. Under her guidance, our volunteers thrive on her strategic planning and execution. Jennifer has in-depth knowledge of various cybersecurity tools, technologies, and protocols, allowing her to assess vulnerabilities and design robust defense mechanisms. Her expertise has been acquired through years of hands-on experience in roles such as network administration, system engineering, and penetration testing.
Jason Wooding: Intern Coordinator, Senior Security Architect
With a background as a vulnerability management engineer and cybersecurity architect, Jason brings a wealth of technical expertise and strategic insight to his role. Jason's 12 year journey in the field has equipped him with a deep understanding of cybersecurity principles and a knack for designing robust defense architectures to protect organizations from cyber threats.
In addition to his role as a cybersecurity architect, Jason serves as the student intern coordinator, where he plays a pivotal role in nurturing the next generation of cybersecurity professionals. He leverages his experience and mentorship skills to provide guidance and support to aspiring students, helping them develop the skills and knowledge needed to excel in the field. Jason's dual role reflects his dedication to our partner Veteran organizations, and giving back to the community by cultivating future talent. His ability to balance technical expertise with mentorship demonstrates his commitment to fostering a strong and vibrant cybersecurity ecosystem.
Project Leadership
Keith Brooks: Lead Project Manager
Keith is a dedicated project manager with over a decade of experience spanning both IT and cybersecurity domains across a diverse range of organizations. With a background in managing projects of varying scales, he brings a wealth of consulting expertise to the table. Keith's journey in project management has equipped him with an understanding of the intricacies involved in executing successful IT and cybersecurity initiatives, from inception to completion. His tenure in medium and large organizations has provided him with a comprehensive understanding of the unique challenges and opportunities present in multi-tier environments. Whether navigating the complexities of a multi-national corporation or the agility required in a startup setting, Keith demonstrates adaptability and resilience in achieving project goals.
Kelly Denninger: Project Manager
With nine years of invaluable experience gained at a Fortune 500 company, Kelly is a seasoned project manager. Specializing in cybersecurity, she has honed her skills in orchestrating complex projects with meticulous attention to detail. Kelly's journey in project management has been marked by a relentless pursuit of innovation and a steadfast commitment to meeting and exceeding organizational goals. With a deep understanding of the unique challenges inherent in the cybersecurity landscape, Kelly has successfully led numerous projects aimed at enhancing the security posture of dozens of organizations. Her ability to navigate intricate regulatory frameworks and rapidly evolving threat landscapes sets her apart as a trusted expert in the field. Kelly's expertise extends beyond traditional project management; she possesses years of experience in threat intelligence which allows her to anticipate future trends and proactively address emerging threats in real time.
Ahmid Roblaos: Project Manager
Ahmid is a cybersecurity expert with seven years of time invested in detection and response and an additional six years in security project management. With a keen understanding of the evolving threat landscape and a passion for protecting digital assets, Ahmid has successfully led teams in implementing robust cybersecurity solutions for medium and large companies. His expertise spans a wide range of domains, including network security, data protection, risk management, and compliance. Ahmid's get-it-done mindset and attention to detail have earned him a reputation for delivering effective cybersecurity initiatives tailored to the specific needs of each organization we work with. As a dynamic project leader, he excels in fostering collaboration, motivating teams, and driving projects to completion within budget and timeline constraints. Ahmid's dedication to staying abreast of the latest trends and technologies in cybersecurity ensures that our clients receive cutting-edge solutions that mitigate risks and safeguard their digital infrastructure against ever-evolving threat actors.
GET IN TOUCH
As of 12/23 we are no longer in the Technology Blvd. business park. In order to save costs, and because our clients and volunteers range throughout the states, we are now fully remote.
For Veteran or intern referrals please email referrals@isacti.org. Be sure to include their name, as well as your referral document and questions. We will try to reply within 2 business days.
Tel: 512-842-0806
Austin, Texas
For project inquiries, please fill in the following contact form. Include the general details of the project and the necessary timeline.
BACK TO TOP