Black Cat’s Principles

Confidentiality
  • Ensures that data or an information system is accessed by only an authorized person. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved
Integrity
  • Integrity assures that the data or information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest. Data encryption and hashing algorithms are key processes in providing integrity.
Availability
  • Data and information systems are available when required. Hardware maintenance, software patching/upgrading and network optimization ensures availability.

Mission & Our Team

Our mission is to help companies establish a modern, mature security program to be effective with companies operational objectives, with a step by step approach.

 

Defense in Depth a Layer Approach to your mission critical assets

 

Our Leadership Team

Eric Holtzclaw

| CISO

Security Business Consulting:

Security Product Consulting:

Technical Background:

Primary role audits passed two PCI’s (level 1 PCI) two SAE 16 (SOC1 reports) and was lead on ISO2007.2013.
Security Architecture design, Service Design with SaaS and Customers security management, Developed Security Awareness programs for OSWASP Coding and PCI DSS.
Developed all Security Policies and Procedures for all security process with Audits and Operations Teams.
ELK champion and Integration for Applications and Security for a custom SIEM. System Integration Multi-site.
Multi-site firewall/IDS designs, Imperva Firewalls, F5, RSA 2FA and Radius, Cisco SourceFire IDS, Cisco ASA, Cisco UCS,End Point Security and IdM integrations, Centrify for OS X, AD in Azure, Sophos AV and Web root.Threat and Vulnerability tools, Nessus, Open-SCEP, BurpSuite, Harding Images with Linux and Windows.
Penetration Testing Red Team exercises and HSM Encryption Administration.

 

Larry Suto

| CTO

20 years experience in the IT industry ranging from networking, systems administration and software development. For the better part of 15 years he has focused his skills in production information technology and offensive security. He has done security architecture design, penetration testing, vulnerability analysis, code review, and security event management/analytics.  He is comfortable working with Linux or Windows security. Larry has produced industry recognized research on web application security test tools as well as web application firewalls. He has done work for dozens of corporations and businesses both large and small.

Currently he has a CISSP and is in pursuit of OCSP certification.

Security Business Consulting:

  • Cisco Systems in security engineering
  • Verizon Business Consulting
  • California Community college system
  • Kaiser Permanente code review of .Net and Java enterprise applications.
  • Wells Fargo Bank network and application security engineering.
  • UC Irvine Health application and security testing and architecture

Technical Background:

Security code review of banking applications - expertise with Java, .Net, PHP and Javascript.
Penetration testing and web application security review and reporting with SMB and corporate environments.
Integration of Bro IDS with ELK and Splunk Integration for Applications and Security for a custom SIEM. System Integration Multi-site.