Cyber Security Advisory for Operational Technology (OT)
We are securing clients in the energy, water, and manufacturing industries by bridging the gap between IT and OT environments and the complexities of these interconnected systems to provide safe, reliable, and productive operations.
Highly Skilled
Industry certifications include CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CHFI (Certified Hacking Forensic Investigator)
Tailored To You
Your business is unique; your operational risk is as well. We customize our SCOT (Sensible Cyber for OT) process based on your needs.
Industry Focused
We focus on clients with that rely on OT, including utilities and manufacturers, and the programs they face, including NERC CIP, CMMC, and ISO27001.
What We Do
Cyber Security Risk Assessment
Helping clients understand and convey business operating risk, develop appropriate security strategies, and security bridge the IT with the digitalization of OT.
Virtual Chief Information Security Officer (vCISO)
We are a trusted ongoing advisor, nurturing a culture of security, overseeing cybersecurity risk to align with your risk profile, and allowing your business to scale while remaining secure and compliant.
Project and Initiative
We partner with your organization, providing expertise in IT and cybersecurity, ensuring that new initiatives align with your organization’s objectives, and allowing for prosperous, secure, and compliant implementations supporting your business in the future.
Client Success
Developing a security department
As the company grew, it faced increasing regulatory pressure and trouble filling IT positions that were also responsible for cybersecurity. We worked with the company to stand up a dedicated cybersecurity department. This included a risk assessment, initial policy creation, evaluating and implementing security tools, and staffing the department. As a result, through training and mentorship, we successfully transitioned IT members to full-time cybersecurity positions, had measurable security KPIs, and expanded security monitoring to 24×7 while minimally impacting overall cost.
System design and consolidation
System consolidation was required for a more extensive merger and acquisition project in a highly regulated industry. This system consolidation aimed to migrate systems and processes, taking advantage of the time to thoroughly review the current systems and processes, allowing a fresh look and developing a new, more efficient system. We provided strategic and hands-on consulting, including gathering business requirements, evaluating solutions, designing/architecture of technical and cybersecurity aspects, telecommunications, managing vendors, and policy development to align with compliance standards during all project phases. The result provided a consolidated system, enhanced operating efficiencies, and contributed to a successful M&A experience.
Recovery of funds due to phishing
A manufacturing company utilized an accounting firm for payments. Unfortunately, the manufacturer suffered a business email compromise, resulting in the accounting firm wiring over $70,000 to an overseas account. Working with the accounting firm, we navigated them through the steps necessary to navigate the incident for the accounting firm and the manufacturing company. With our guidance, the manufacturer was able to recover over $70,000 and the transfer funds process to reduce the risk of fraudulent payments in the future.
Simplifying compliance-related activity
Compliance-related activity, including ongoing and data gathering, was becoming an onerous burden on IT. Working with the compliance and IT teams, we developed processes to monitor upcoming compliance due dates easily, created standard procedures around data gathering, and automated evidence gathering on the most time-consuming tasks. As a result of this streamlining, data-gathering efforts were reduced by 75%, and missed compliance deadlines were eliminated in the following quarters.
Engaging security awareness training
The board of directors was concerned about a 10% failure rate in simulated fishing attacks. We reviewed the security awareness program that was currently in place and developed an updated awareness program and training to be more engaging and tailored to the company and the industry. This resulted in future phishing exercises being under the 3% acceptable level. More importantly, empowered employees to learn and truly understand the risk of phishing providing statements, including “you didn’t get me this time!” “I’m too good to fall for this now,” and “try harder.”
About Us
Josh Sturm, CISSP, CEH, CHFI
Co-Founder and Security Consultant
Josh Sturm is a highly experienced cybersecurity and IT professional with over 15 years of industry experience, specializing in regulated industries such as finance and utilities. Throughout his career, Josh has worked on IT and OT systems, gaining invaluable knowledge and expertise in both areas.
With a passion for staying up-to-date with the latest technologies and industry best practices, Josh has earned several industry certifications, including CISSP, CHFI, CCNA, and CEH. He also holds a Master’s degree in Cybersecurity and Information Assurance.
In his current roles, Josh provides cybersecurity and IT consulting to OT clients and teaches cybersecurity. He has a strong track record of helping growing companies remain secure and compliant while implementing effective cybersecurity strategies that align with business objectives.
Josh is highly respected within the industry, and known for his expertise, professionalism, and dedication to his clients. He takes pride in providing tailored solutions that meet clients’ unique needs, helping them achieve their cybersecurity and business goals.
In addition to his professional accomplishments, Josh is also a dedicated volunteer within his community. He has a passion for mentoring and teaching, particularly when it comes to cybersecurity and IT.
Josh has volunteered as a youth mentor for several years, working with young people from diverse backgrounds and helping them to develop critical skills and self-confidence, along with the knowledge and skills needed to navigate the digital world safely.
He enjoys the opportunity to give back to his community and believes that volunteering is an integral part of his overall mission to make the world a better, safer place.
Vanquish would love to help secure your organization, allowing it to thrive in a safe, reliable, and productive manner.
Call or email us today to discover if we are the right fit for you!