Skip to main content Skip to search
iManagement Consulting LLC | Tallahassee, FL
Mon - Fri: 8:00 - 17:00
+ 1 850 888-2462
sales@imcllc.biz

Cyber Security

Our Methodology

Our philosophy is that good testing requires good planning. However, good testing also requires a “look around” to understand the system as it really is used — in a way that cannot be ascertained from a specification document. As a result, we provide an equal mix of three different approaches to cyber security testing: 1) prescribed functional tests for security features (to ensure they work as they are expected), 2) exploratory testing of the application to determine weak points, attack vectors and missing or extra functionality, and 3) automated testing for common, high risk vulnerabilities.

For this reason, iMC’s security testing methodology is based on the standards set forth by the Open Web Application Security Project (OWASP). In the past, the security industry has lacked a comprehensive security framework for classifying vulnerabilities based on the potential damage that would be experienced by the organization under attack. Furthermore, OWASP supports government agencies by providing software tools and knowledge-based documentation to protect against identified threats. Based on our team’s extensive industry experience, OWASP has filled this gap by providing impartial, practical information about Application Security to organizations worldwide.

OWASP
OWASP Vulnerability Classifications

Our Approach

Our approach to cyber security external penetration testing is a to employ a three-step process for developing and executing test cases:

  • Threat Modeling
    • Exploratory tests are performed, based on publicly available knowledge, specification documentation, system understanding, industry experience, etc.
  • Vulnerability Testing
    • Individual vulnerabilities are tested, based on an understanding of the threats previously identified in the threat modeling exercise.
  • Risk Identification
    • Finally, any vulnerabilities realized during the testing phase are classified based on the risk of exploitation they represent.
Vulnerability Testing Approach

Our Team

iMC brings a team of highly-technical, security professionals that are uniquely equipped to exploit weaknesses in the same manner that unethical hackers/attackers would. While iMC utilizes a number of security professionals with various skill sets, our key team members come with some of the following credentials:
  • Award winning security work
    • Trained Department of Defense (DOD), White House, US Marine Corps, Navy, Air Force, Lockheed Martin, etc.
    • Taught Ethical Hacking in all 50 states and 10+ countries
    • Lead Instructor on Cyber Threat and Response Exercises for all Military Branches
    • Information Assurance & Defensive Cyber Operations – US Army
    • EC Council Instructor of the Year (2014)
    • Former government CISO & Top 100 CSO in the USA by CISO Magazine
    • SANS – GIAC Curriculum Developer & Instructor & International Advisory Board
  • Member Organizations
    • FBI Infraguard
    • ISSA
  • Team Certifications
    • CISSP, GICSP, CISSP, GCFA, GSEC, GCIH, GCIA, GCWN, GPEN, GSEC, GSNA, CISA, C|HFI, C|EH, CISM, CCSA, CCSE, CCNA, CDE, CNA, MCP, MCDBA, MCITP, Security+, Certified Trainer