10/6/2021

Introduction to TestifySec

Author: Cole Kennedy

A person standing on a mountain top

Traditional security methods have proven to be insufficient to thwart cybercriminals and state-level adversaries. We founded TestifySec to provide better security for the world's critical infrastructure and defend the most critical and valuable infrastructure.

Our experts have years of experience securing and hardening critical systems and their networks. Our methodology works on all systems, including cloud-native, metal, virtualized, and embedded systems. We understand how to architect zero trust systems no matter what your business goals and constraints are.

Zero Trust Methodology

To provide our clients with enterprise zero trust architecture, we focus on the following practice areas:

  1. Supply Chain Security: The foundation of any system is its supply chain. Recent attacks have shown a need to approach supply chain security differently. Mikhail and I are leading that effort with our work in the CNCF. We are ready to bring the latest guidance from the CNCF and Open Source Security Foundation to secure your enterprise. Our reference architecture aligns with SLSA Level 4, providing the strongest security available from source to production.
  2. Public Key Infrastructure: In our systems, we design security boundaries around private key material. We understand how to create zero-trust networks and systems with cryptographic guarantees.
  3. Policy As Code: Defining organizational policy as code is essential to maintaining agility while making a DevSecOps transformation. Our team understands how to decompose complex organizational policy into automation, reducing friction across your enterprise.
  4. Cloud-Native Security: Securing modern systems requires a team with experience in Cloud Native systems. Every one of our engineers is a Kubernetes Certified Administrator. We leverage containers and Kubernetes to provide predictability and consistency in systems. In addition, we provide an out-of-band method for securing your workloads and data, reducing the risk of using new and open-source technology.

Success Methodology

Our engineers follow a proven formula to ensure your security transformation.

  1. Discovery: Our architects and engineers will meet with your security and engineering team to understand your business concerns and risks.
  2. Assessment: As a product of the discovery phase, our team will deliver an infrastructure security assessment and draft architecture that meets your organization's needs.
  3. Delivery: Our team of engineers and partners will be ready to deliver the architecture in an agile manner. We have years of experience delivering on projects while working remotely. At no point will you not know status and progress of your project.
  4. Sustainment: We provide support solutions to meet your ongoing needs, from virtual training to incident response.
  5. Custom Solutions: We will lower your overall management cost by developing custom software that allows your organization to manage their network, user, and workload security specific to organizational needs, integrating with existing enterprise systems.

We look forward to securing your organization's most critical systems.

-Cole and Mikhail

Founders

| | | | ---------------------------------------- | --- | | Cole Kennedy - CEO |

Cole works with some of the largest organizations in the world to implement and mature Zero-Trust and software supply chain practices. His work has been featured at multiple conferences including KubeCon, and GitLab Commit. He is an open-source contributor and is a co-author of the CNCF Best Practices Paper. He is a decorated Iraq and Afghanistan combat veteran that understands how to execute a mission. Mikhail Swift - CTO | Mikhail is a technology leader with expertise spanning the entire software development life-cycle including full-stack development, agile/scrum project management, systems architecture, and DevSecOps. At TestifySec, Mikhail focuses on enabling modern software development and cyber-security for clients in national defense, critical infrastructure, financial services and enterprise IT/OT.