Information Security
Consulting
Solution Architecture
Serving the local community and beyond.
Services
Solution Architecture
Consulting
Vulnerability Assessment
Training
CISO Engagement
Penetration Testing
About
NorthCreek SG is a veteran-owned information security and strategy consultancy established to deliver security services such as penetration testing, vulnerability management, training, and solution design and implementation. We reduce risk using proven industry methods with a focus on eliminating unnecessary infrastructure and operational complexity.
20+ years of information technology, information security, and executive leadership
MSc in Cybersecurity and Information Assurance, ISC^2 CISSP, EC-Council CEH and CHFI, Offensive Security OSCP, AWS Solutions Architect, and more.
Community involvement as a mentor, volunteer, advisory board chair, and coach.
Solution architecture is an important practice to execute before any tech solution development begins. We can help in designing, describing, and managing solution engineering in relation to your specific business problems, providing valuable technical vision while reducing longterm technical debt.
Consulting
We can help design your technology investments to align with the strategic objectives of your business. We can assess your technology needs, assess the impact it has on each aspect of your business, and offer hands-on guidance so your systems are enabling scalability and creating value while ensuring maximum efficiency and security.
Vulnerability Assessment
We focus on understanding the strategic factors for needing the assessment beginning by mapping out scope, risk appetite, risk tolerance level, risk mitigation practices and policies for each endpoint, residual risk treatment, countermeasures for each device or information system, and a business impact analysis. We use a mix of OSINT, open-source software, and proprietary tools and data sources to compile a thorough understanding of the systems, attack surface, and vulnerabilities present.
Training
We offer in-person and remote training options for those interested in learning more about information security, current attacks and defenses, cloud computing, and more. Our training is great for beginners looking to expand their knowledge of best practices in security or infrastructure design, junior-level systems administrators or engineers looking to improve their skillset, C-levels wanting to understand potential risks, vulnerabilities, and attacks their organization could encounter, and anyone with a passion for cybersecurity.
CISO Engagement
Our CISO engagement allows you to leverage the executive leadership skills of a security and compliance expert with previous practical CISO experience. We serve as confidential thought partners allowing your executives the opportunity to brainstorm, cross check ideas, and get advice from industry leaders. We help you remain vigilant about incoming threats – now and in the future.
Penetration Testing
Consultation and Scope: We conduct a thorough interview with your security and IT personnel to understand your information systems and agree on the test scope. We will make suggestions regarding ineffective systems for remediation prior to the test.
Assess Vulnerabilities: We complete our vulnerability assessment using a mix of OSINT, open-source, and proprietary tools and data sources.
Harden the Network: We present and work to implement the security recommendations from the assessment and focus on making the network as secure as possible. This is a crucial step that provides maximum value from the penetration test.
Performing the Test: We perform a full penetration test using whatever types of attacks or breach techniques are needed to defeat your now upgraded information systems within the scope established for the test.