WaySecure Consulting is a boutique information security consulting firm founded on January 1, 1998 and has been providing solutions for corporations, organizations and governments ever since. Our main focus is IT related security, providing some of the best expertise in the industry. We also provide services in related disciplines such as operational security, computer forensics and TSCM (electronic counter-surveillance). WaySecure operates globally and can quickly assemble teams of security specialists to meet client requirements no matter how large or complex. Together with our clients, we provide security solutions that balance business/mission needs with risk mitigation measures that make sense. Headquartered in New York City, WaySecure has offices in Phoenix and Seattle.
Steve Lutz is the President of WaySecure Consulting, Inc. and brings over 20 years experience in engineering, information systems and information security disciplines to the table. Steve has been a leader in the commercial, aerospace and government sectors in providing state-of-the-art Information Security solutions.
As WaySecure is a boutique security consultancy, Steve is responsible for overseeing the delivery and quality of work performed. He is actively involved in all aspects (business assessments, technical assessments, recommendations) of each project. Before forming WaySecure, Steve was a Senior Manager in Ernst & Young's Information Systems Advisory and Assurance Services group. He has extensive program management experience and specializes in overseeing and managing large complex engagements. Before Ernst & Young, Steve was in charge of Network and Distributed Systems Security at The Chase Manhattan Bank where he was responsible for global network security, Internet security and advanced projects in high risk environments. Prior to Chase, Steve provided security expertise in a wide variety of disciplines to the DoD and intelligence communities of the U.S. government. Steve holds a B.S. in Information Security from the State University of New York.
Additional professional activities include National and International media appearances and interviews with the New York Times, Associated Press, Nippon Television and Forbes Magazine, Guest columnist for Network Computing magazine on security penetration testing. ("Intrusion Detection Provides a Pound of Prevention", August 1997), Featured guest expert on "CyberCrime Radio" (KIEV Radio, Los Angeles) a live broadcast, radio talk show that focuses on high-tech crime and computer security issues, Guest lecturer and co-presenter with the FBI's Computer Crime Unit at Pace University, New York City on Information Security Risks within Corporate America, Guest lecturer at SANS (Systems and Network Security) Conference in Washington, D.C. on "Augmenting Security in a UNIX Environment" November 1995, Guest lecturer at "Beyond Hope" a hacker convention based in New York City on "Tiger Teaming" August 1997, and Guest lecturer at Information Systems Security Association (ISSA) meeting in Seattle on "Information Security Consulting" November 2001
Steve has worked with numerous large organizations including Ernst & Young, Chase Manhattan Bank, Philip Morris, American Express, Morgan Stanley, Union Bank of Switzerland, Kraft Foods, Omnipoint Communications, First USA, EURO-RSCG, Transamerica Insurance Group, The Daily Deal, Quick International Courier, American Lawyer Media, Avon Cosmetics, GEIS, TIAA-CREF, HBO, Time Warner, Boy Scouts of America, Bank One, Seagate, Yahoo, EDS, Immunex, Barnes-Jewish Medial Center, North Shore Medical Center (NY), Long Island Jewish Hospital, Amgen, Saudi Aramco, Barbados Ministry of Education, U.S. Navy (Stennis Supercomputer Center), U.S. Army, Egyptian Armed Forces, Grumman Data Systems, Grumman Aerospace, U.S. Air Force, and the Strategic Defense Initiative (SDIO). Steve regularly speaks at security conferences worldwide and is recognized in the popular press as a knowledgeable source on Information Security.
WaySecure has one of the most experienced contingents of security professionals in the industry. We have the skills to manage and complete large projects on time and on budget. We have extensive experience analyzing, architecting, designing, and managing comprehensive security solutions across many industries. We also maintain contact with individuals at all levels of the security community to help us stay current with the latest threats and intrusion techniques used by the people most likely to attack your enterprise. Our consultants are noted speakers at industry events and conferences, and our in-house R&D team consists of top talent from every area of computer security research. This blend of experience and knowledge makes WaySecure a powerful and devoted ally in securing your digital infrastructure.
WaySecure has several advantages that set us apart from other firms:
Sometimes, an independent test of your organization’s ability to detect and defend an attack is in order. This type of test has been used by the military for decades and is commonly referred to as a Tiger Team attack. Our team performs a simulated attack against systems and networks on a project basis. This type of attack is not to be confused with running a security scanning tool. Our experts simulate an actual attack while minimizing any disruption to your business. At the conclusion of the test, you will be provided with a management presentation as well as detailed keystroke logs of every technique used.
You’ve experienced a security breach. What do you do? Our security incident response team is trained in computer forensics and rules of evidence for computer crime. Above all, our fully insured and bonded experts assure discretion when handling these types of events.
Understanding your risk is key to developing a protection strategy that provides the right amount of security balanced with your organization’s goals. We help identify the Information Security risks and vulnerabilities you are facing, provide effective risk mitigation strategies, corrective actions, and risk acceptance processes.
One of the areas of concern for virtually every modern business is that of network security. Designing networks with security in mind is one of our specialties. We assist our client in designing secure networks using components such as Firewalls, Remote Access Authentication, Intrusion Detection, Link Encryption, and Virtual Private Networks (VPN’s).
The tempo of commerce has increased and expanded to include open networks such as the Internet. Keeping up with the pace of electronic commerce is considered essential to the growth of today’s businesses. The downside is that electronic commerce presents many risks and can be difficult to implement without the right expertise on the team. We have that expertise and use it to assist our clients in designing cryptographic services (Public Key Infrastructure - PKI, Secure Electronic Transaction - SET) to enable new revenue streams in this growing area of business.
As in any war scenario, discovering your weaknesses before an enemy does is a valuable defense. Using our test center, we model client technology and test for security vulnerabilities present in your specific configuration. This service provides our clients with advance information before it is implemented in production. Using our facility eliminates costly trial and error at your organization.
The most efficient method of dealing with Information Security in any organization is through prevention (see our position paper). We assist our clients in developing an Information Security Architecture Model that guide the implementation of security for business systems and technical environments. We can help you create a comprehensive set of policies, standards, procedures, and configuration guidelines that reach down into your specific technology. We are also certified BS7799-2:2002 Lead Auditors.
We perform periodic remote scanning of subscribing clients’ networks and provide alerts when a potential vulnerability is discovered. Our network security specialists have the expertise to interpret the significance the results and go the extra mile by thinking through your network topology.
It has been said that the weakest link in the security of any organization is the human factor. Even with the proliferation of highly secure technology this continues to be the case. We examine your organizational structure, assess the general security awareness, and take into account your unique cultural and political environment. Based on this information we provide recommendations for change and customized training for your entire organization, from senior management to technical staff to end users.