Most of the folks looking for penetration testing or information security consulting try and choose a firm that they feel meets their needs the best. One of the ways that prospective clients may do this is by looking for a particular firm that claims to specialize in their industry or vertical. And we’ve even seen people that want a firm who specializes in large or small companies. Here at Triaxiom, we really aim to be the best across the board, and meet the different needs of our clients in a wide variety of spaces. Fortunately, the experience our engineers possess is incredibly rich and they’ve had the fortune to work with a number of different companies over the course of their career. So while we don’t specialize in a certain size of company or a particular industry, we want our testing and reports to be customized and effective for you.
Specializing in an Industry or Vertical
Information security isn’t a one-size fits all kinda thing, we get it. That’s why we try and take your particular industry and business model into account when planning our testing and when creating your report set. The particular threats that the healthcare industry faces may be quite different than the threats that the Industrial Control System (ICS) space sees. This means that testing needs to take those separate models into account, where maybe confidentiality is a bigger concern for an Electronic Medical Record (EMR) system and availability is of chief concern for a PLC that sits in an electrical co-op.
Similarly, not only do you want tailored testing to assess your biggest risks, but you also want reports and recommendations that take your industry into account. Multi-factor authentication (MFA) may be a much more significant undertaking for a hospital, and while still important, the type of MFA and the speed with which it could be rolled out should be taken into account. In any case, we don’t label ourselves as specializing in a particular industry or vertical because we want to specialize for each customer.
Specializing Based on Company Size
Company size does make a big difference when it comes to IT in general, especially when you’re talking about infrastructure products, managed services, and overall resources they can commit to security problems. But for professional services such as penetration testing, auditing, and consulting, the size of a company doesn’t change the core activities of an assessment. Sure, the engagement will take longer or require multiple engineers to work on the project, but any penetration test consists of the same toolsets and same basic activities.
If anything, organizational security maturity makes a bigger difference in testing approach, as opposed to pure size. And we’ve seen small-to-medium sized businesses that are quite mature from a security perspective, sometimes more so than Fortune 500s, that require the use of more advanced techniques during testing. We also pride ourselves on making our reports useful for organizations of any size and a variety of different audiences. For all these reasons, we can and do partner with customers from 1-5 person start-ups all the way up to Fortune 500 companies with thousands of employees.
To summarize, we strive to exceed all of our clients expectations from start to finish of any project. So while we don’t specialize in a certain size of company or a particular industry, we want our testing and reports to be customized and effective across all sizes and industries of our clients. But, in case you’re not sure if we’ve had experience working in your particular industry and you feel that it is important so that our security perspectives will mesh well, consider this. Our world class engineers on staff have had the pleasure of working with customers in a variety of industries during their testing and consulting careers, including (just to name a few):
- Government (Federal, State, City)