WaySecure

WHO WE ARE


Company Background

WaySecure Consulting is a boutique information security consulting firm founded on January 1, 1998 and has been providing solutions for corporations, organizations and governments ever since. Our main focus is IT related security, providing some of the best expertise in the industry. We also provide services in related disciplines such as operational security, computer forensics and TSCM (electronic counter-surveillance). WaySecure operates globally and can quickly assemble teams of security specialists to meet client requirements no matter how large or complex. Together with our clients, we provide security solutions that balance business/mission needs with risk mitigation measures that make sense. Headquartered in New York City, WaySecure has offices in Phoenix and Seattle.


About Our President

Steve Lutz is the President of WaySecure Consulting, Inc. and brings over 20 years experience in engineering, information systems and information security disciplines to the table. Steve has been a leader in the commercial, aerospace and government sectors in providing state-of-the-art Information Security solutions.

As WaySecure is a boutique security consultancy, Steve is responsible for overseeing the delivery and quality of work performed. He is actively involved in all aspects (business assessments, technical assessments, recommendations) of each project. Before forming WaySecure, Steve was a Senior Manager in Ernst & Young's Information Systems Advisory and Assurance Services group. He has extensive program management experience and specializes in overseeing and managing large complex engagements. Before Ernst & Young, Steve was in charge of Network and Distributed Systems Security at The Chase Manhattan Bank where he was responsible for global network security, Internet security and advanced projects in high risk environments. Prior to Chase, Steve provided security expertise in a wide variety of disciplines to the DoD and intelligence communities of the U.S. government. Steve holds a B.S. in Information Security from the State University of New York.

Additional professional activities include National and International media appearances and interviews with the New York Times, Associated Press, Nippon Television and Forbes Magazine, Guest columnist for Network Computing magazine on security penetration testing. ("Intrusion Detection Provides a Pound of Prevention", August 1997), Featured guest expert on "CyberCrime Radio" (KIEV Radio, Los Angeles) a live broadcast, radio talk show that focuses on high-tech crime and computer security issues, Guest lecturer and co-presenter with the FBI's Computer Crime Unit at Pace University, New York City on Information Security Risks within Corporate America, Guest lecturer at SANS (Systems and Network Security) Conference in Washington, D.C. on "Augmenting Security in a UNIX Environment" November 1995, Guest lecturer at "Beyond Hope" a hacker convention based in New York City on "Tiger Teaming" August 1997, and Guest lecturer at Information Systems Security Association (ISSA) meeting in Seattle on "Information Security Consulting" November 2001

Steve has worked with numerous large organizations including Ernst & Young, Chase Manhattan Bank, Philip Morris, American Express, Morgan Stanley, Union Bank of Switzerland, Kraft Foods, Omnipoint Communications, First USA, EURO-RSCG, Transamerica Insurance Group, The Daily Deal, Quick International Courier, American Lawyer Media, Avon Cosmetics, GEIS, TIAA-CREF, HBO, Time Warner, Boy Scouts of America, Bank One, Seagate, Yahoo, EDS, Immunex, Barnes-Jewish Medial Center, North Shore Medical Center (NY), Long Island Jewish Hospital, Amgen, Saudi Aramco, Barbados Ministry of Education, U.S. Navy (Stennis Supercomputer Center), U.S. Army, Egyptian Armed Forces, Grumman Data Systems, Grumman Aerospace, U.S. Air Force, and the Strategic Defense Initiative (SDIO). Steve regularly speaks at security conferences worldwide and is recognized in the popular press as a knowledgeable source on Information Security.


Differentiators

WaySecure has one of the most experienced contingents of security professionals in the industry. We have the skills to manage and complete large projects on time and on budget. We have extensive experience analyzing, architecting, designing, and managing comprehensive security solutions across many industries. We also maintain contact with individuals at all levels of the security community to help us stay current with the latest threats and intrusion techniques used by the people most likely to attack your enterprise. Our consultants are noted speakers at industry events and conferences, and our in-house R&D team consists of top talent from every area of computer security research. This blend of experience and knowledge makes WaySecure a powerful and devoted ally in securing your digital infrastructure.

WaySecure has several advantages that set us apart from other firms:

  • WaySecure is vendor neutral, we only derive revenue from independently generated security consulting services. We are not in the business of offering other non-security related IT services, software, or hardware. We are truly an independent advisor to our clients. As such, WaySecure provides objective and professional recommendations that are in the best interests of our clients. We cannot and do not receive royalties, fees, or other considerations from product vendors when we recommend their solutions.
  • We are small, yet we are extremely focused on security consulting including security architecture design and implementation. We have used, managed, and implemented many related technology platforms in our collective backgrounds, so that the solutions we arrive at together will have the "we've done that before" perspective added in. We are advisors as well as implementers so we do not stop working when the recommendations have been delivered and the decision to implement is made.
  • A significant amount of our revenue comes from repeat business. This demonstrates that we are not only committed to building a long-term relationship with our clients, but that our clients feel the same way about us. Our philosophy is to act as a long term "trusted advisor" to our clients.
  • Unlike many consultants, we will not leverage professionals who perform other non-security related consulting services on an engagement simply because they need to be chargeable. By remaining a small closely held corporation, we avoid the sales pressure many of our competitors are under to deliver ever-higher revenues to their shareholders. As a result, our clients get only the people they need when they need them

WHAT WE DO


Simulated Hacking Attacks

Sometimes, an independent test of your organization’s ability to detect and defend an attack is in order. This type of test has been used by the military for decades and is commonly referred to as a Tiger Team attack. Our team performs a simulated attack against systems and networks on a project basis. This type of attack is not to be confused with running a security scanning tool. Our experts simulate an actual attack while minimizing any disruption to your business. At the conclusion of the test, you will be provided with a management presentation as well as detailed keystroke logs of every technique used.


Security Incident Respons

You’ve experienced a security breach. What do you do? Our security incident response team is trained in computer forensics and rules of evidence for computer crime. Above all, our fully insured and bonded experts assure discretion when handling these types of events.


Risk Assessment

Understanding your risk is key to developing a protection strategy that provides the right amount of security balanced with your organization’s goals. We help identify the Information Security risks and vulnerabilities you are facing, provide effective risk mitigation strategies, corrective actions, and risk acceptance processes.

Secure Network Design

One of the areas of concern for virtually every modern business is that of network security. Designing networks with security in mind is one of our specialties. We assist our client in designing secure networks using components such as Firewalls, Remote Access Authentication, Intrusion Detection, Link Encryption, and Virtual Private Networks (VPN’s).


Electronic Commerce & Cryptography

The tempo of commerce has increased and expanded to include open networks such as the Internet. Keeping up with the pace of electronic commerce is considered essential to the growth of today’s businesses. The downside is that electronic commerce presents many risks and can be difficult to implement without the right expertise on the team. We have that expertise and use it to assist our clients in designing cryptographic services (Public Key Infrastructure - PKI, Secure Electronic Transaction - SET) to enable new revenue streams in this growing area of business.


Security Test & Evaluation (ST&E)

As in any war scenario, discovering your weaknesses before an enemy does is a valuable defense. Using our test center, we model client technology and test for security vulnerabilities present in your specific configuration. This service provides our clients with advance information before it is implemented in production. Using our facility eliminates costly trial and error at your organization.

Information Security Architecture & Policy

The most efficient method of dealing with Information Security in any organization is through prevention (see our position paper). We assist our clients in developing an Information Security Architecture Model that guide the implementation of security for business systems and technical environments. We can help you create a comprehensive set of policies, standards, procedures, and configuration guidelines that reach down into your specific technology. We are also certified BS7799-2:2002 Lead Auditors.


Network Security Scanning Service

We perform periodic remote scanning of subscribing clients’ networks and provide alerts when a potential vulnerability is discovered. Our network security specialists have the expertise to interpret the significance the results and go the extra mile by thinking through your network topology.


Training

It has been said that the weakest link in the security of any organization is the human factor. Even with the proliferation of highly secure technology this continues to be the case. We examine your organizational structure, assess the general security awareness, and take into account your unique cultural and political environment. Based on this information we provide recommendations for change and customized training for your entire organization, from senior management to technical staff to end users.

CONTACT US


Waysecure Consulting

2607 Western Avenue, #506 Seattle, WA 98121

+1 917 770 5559

info@waysecure.com