Infosec Introspect, Inc.
Payments Systems Architecture
We perform a soup-to-nuts review of existing and planned payment systems, identifying
weaknesses and improper exceptions handling for at-rest and in-transit payments data.
For one company, Larry architected a mechanism for securely transporting payment instruments across internal networks that in a way that reduced operational overhead and reduced the cost of demonstrating compliance with PCI/DSS.
Enterprise Security Posture
We perform a high-level, soup-to-nuts review of security staffing levels, policies,
incident response preparedness, application and network interfaces with partners
and services providers, etc.
Compliance Audit Readiness
We assess our clients' readiness for technology compliance audits.
There are compelling business reasons for engaging us in advance of
major audit milestones. They include the earliest possible opportunities to:
- identify areas likely to require mitigation
- introduce temporary compensating controls
- commence mitigation planning
Properly executed, this stands to supplement auditor confidence, promote their timely departure, and release precious resources back to the business.
For one company, Larry served as the business owner for driving and demonstrating compliance with PCI/DSS and Sarbanes-Oxley Section 404.
Outsourcing Securely
We help each client identify their own ideal balance between
two competing business drivers: lowering cost
and improving security. This is attainable
only by skillfully deriving business-palatable
security policies and the technological means to support them.
Diligence of this nature verges on mandatory, given current
the outsourcing and compliance trends of recent years.
At one company, Larry advised an implementation that pragmatically constrained the duties and visibility horizon of more than a thousand offshore people.
Advisory Board Membership
Larry sits on the advisory boards of select technology
companies. Having participated from all sides of the
table -- senior management, engineer, consumer, service provider,
reseller, integrator -- his expertise is widely sought. His advise
spans the spectrum: interpreting compliance standards; anticipating
customers' requirements; charting effective roadmaps; messaging to attract
world-class customers; and so forth.
After founding one of the Internet's earliest Managed Security Services (MSS), Larry advised a publicly traded firewall company about requirements for a viable MSS. This resulted in the market's first truly scalable product line targeted at MSS providers. Larry currently sits on the advisory boards of SiteScout, Vantos, Packet Analytics, and Uriel Law.