Advancing the state of security orchestration and program delivery.
CISOCON is an elite cyber security consultancy, conducting work that advances the state-of-the-art in the field of cyber security and protects businesses from the inside. We aim to flip the asymmetry that exists between attack & defense by creating an edge for the good guys.
Our team creates and executes bespoke, holistic security security programs for tech companies to move the needle on security.
We protect Startups, SMBs and Enterprises
Our 100+ clients are typically technology-driven, conducting business in all industries ranging from e-commerce, fintech, adtech, healthtec etc. What everyone has in common is the need to secure the business and underlying technology stack.
Proactive defense, aimed to create a systematic edge.
These are our services. We combine strategic foresight with deep-tech expertise and pragmatic, outcome oriented execution.
Our goal is to protect businesses, not individual networks or apps. But we can do both if you’d like us.
1. Security Program Development
The security program is what drives a company's security objectives. Every tech-enabled business should have one. Strategizing high-quality programs that find operational traction and deliver just the right defense capabilities, is a challenging task though.
CISOCON's sweet spot lies exactly here: Developing and managing state-of-the-art, OKR-based security programs that are purposefully designed for operational execution. We don't stop at the planning phase - our Delivery Teams can tackle the workload for you and jointly with you, including leadership by an elite CISO.
2. Operational Delivery
The key to driving a security program lies in experienced people, a CISO-led delivery team that not only knows what to do, but specifically how to do it.
Delivery and implementation of defense architecture and cross-cutting capabilities is the core of what CISOCON does. We bring in seasoned, tech-native people that combine multiple skillsets from engineering, architecture, hacking & exploitation etc., ready to execute your security program and support onsite teams.
3. Inside-Out Security Assessments
If you've been doing traditional penetration tests in the past to understand how and where your company, services or technology stack is vulnerable - please stop. Pentests are costly, intransparent, unintelligent and very low-leverage. Most importantly, they do not tell you what to better.
Assessments should be designed around specific outcomes. This could be satisfying customer requests, dissecting application & infrastructure stacks to find attack vectors or creating a baseline for the security program.
Each outcome requires a slightly different approach. In any event, this should be inside-out, not outside-in by just scratching at your company's public perimeter.
Our team conducts inside-out, high-leverage and collaboration-based assessments that are tailored for the desired outcome.
4. Defense Architecture Design & Implementation
Any tech-enabled business faces the need to protect itself against a multitude of attacks. Many attacks target confidential data, some target service uptime, others aim at the people by conducting phishing or extortion attempts. They way to answer this is by ramping up a tailor-made ecosystem of defense solutions and adopting cutting-edge architectural approaches that create a strategic advantage over adversaries. We refer to this as flipping the asymmetry problem. The objective must be to:
- make it extremely cumbersome for attackers to break in (almost economically unviable)
- next to impossible to not be detected
- and make it very difficult for the adversary to cause any lasting damage.
The question arises as to what defense capabilities are important, which commercial or open-source solutions are suitable and against which priority to implement them. Answering this is what our team does best.
What our Clients Say
“We’ve been working with CISOCON for years to ensure strong security of our Customer Data Platform. Their expertise and methods continuously amaze me. Clear recommendation!”
— Dr. Markus Wübben, Co-Founder & CDO CrossEngage
“Christian & Eric are really pragmatic. They obviously understand security, but most importantly they understand the business context. In the due diligence leading up to our last financing round, even large global financial services institutions were impressed with the quality of CISOCON’s work.”
— Christian Schneider-Sickert, CEO LIQID
“Great CISOs are really hard to find on the market. We thank CISOCON for running our security program and supporting us for 1.5 years in building up best-in-class defense capabilities.”
— Karl Markgraf, COO TeamViewer
“Absolutely a fun team to work with!Going with CISOCON is definitely faster and more efficient than trying to hire an inhouse security team. It is quite noticeable and valuable that they’ve seen so many other companies from the inside.
— Anselm Bauer-Wohlleb Co-Founder & CTO Alasco