Security Assessments

The Security Assessments Practice at Set Solutions is dedicated to assisting organizations in improving their security posture and their alignment to industry-leading standards through a range of different types of security assessment services. The team is comprised of information security experts who are ready to custom-tailor assessments to address any organization’s unique information security requirements. Our most commonly delivered services fall into the following categories:

Threat & Vulnerability Management (TVM)

TVM services assist client’s in understanding their risk-exposure to cyber threat actors and security incidents. These services include:

  • TVM Program Enhancement – Assisting with building up the maturity of an internal TVM program through program reviews and by creating custom tailored integrations to enhance reporting and provide improved contextual risk-analysis.
  • Application Security Services – Services to assist in implementation and/or enhancement of secure development operations and integration into existing development workflows. These services include regression testing automation, secure coding training, application threat modeling, dynamic application security testing (DAST), static application security testing (SAST), application infrastructure reviews, and integration of application security solutions.
  • Penetration Tests – Controlled adversarial threat emulations, which simulate the actions of real-world cyber threat actors to identify potential exposures. Penetration testing can be targeted towards different types of environments to include the external network (Internet-facing perimeter assets), internal network, facilities (physical access), wireless networks, personnel (phishing / social engineering), applications, or other unique information systems.
  • Red Team Assessments – An evasive approach to penetration testing which provides organizations with an authentic evaluation of detection and response capabilities.
  • Purple Team Assessments – A collaborative assessment (between the adversarial “red team” and the defensive “blue team”) wherein the penetration testing team maintains open communication with security operations personnel to develop and enhance security controls in real-time.

Governance, Risk, and Compliance (GRC)

Set Solutions GRC professionals have significant experience with both industry-specific compliance standards (HIPAA, PCI-DSS, etc.) and leading cyber security frameworks (NIST, ISO 27001, SOC2, etc.). Services include:

  • Gap Analysis Review – Review of your organizations processes and/or controls against a standard (industry compliance or CSF) to identify gaps and opportunities for improvement.
  • Remediation Services – Our team can assist you in achieving compliance through remediation services related to identified gaps.
  • Program Governance Review – An assessment to evaluate the comprehensiveness and maturity of an organization’s security governance.
  • Risk Assessments – Assessments which evaluate cyber risks facing an organization and the degree to which existing controls address those risks. Risk assessments can be performed at a macro-level (focused on the entire enterprise) or performed against specific systems or environments.

Incident Response (IR)

The Set Solutions Security Assessments team can assist in preparation, identification, triage, and response to security incidents. IR services include:

  • Table-Top Exercises (TTX) – Discussion-based sessions where participants (from across different verticals within the organization) evaluate operational responses within the context of a simulated cyber security incident.
  • Threat Hunting / Breach Assessments – Technical review of an organization’s network and/or endpoints to identify signs of malicious activity, to include Indicators of Compromise (IOCs) or Indicators of Attack (IOAs).
  • Response and Forensics Services – For organizations who have experienced a cyber incident or breach, we are available to assist with technical experts and forensic analysts who can assist in triage, containment, eradication, recovery, and after-action reviews.

Leading Industry Certifications


Team Bios

Justin Hutchens (“Hutch”)

Security Assessments Practice Lead

Hutch is a seasoned cyber-security professional and industry leader who has published research and spoken at multiple conferences to include HouSecCon, ToorCon, and DEFCON. Hutch has a Master’s degree in Computer Security Management and multiple information security certifications to include CISSP, GPEN, GWAPT, and OSCP. Hutch is skilled at coding in Python, JavaScript, C#, PowerShell, and Bash — and emphasizes the importance of automation for both assessment methodology and development of internal processes.

LinkedIn Bio:

Jimmy Mejia

Principal Security Consultant

Jimmy Mejia began his information technology career with the U.S. Army’s 82nd Airborne Division. Since separating from the military, Jimmy has accumulated years of experience operating in multiple security roles within the healthcare, retail, technology, and oil and gas industries. Jimmy comes with a vast background in system and network administration and has multiple industry certifications to include OSCP, CISSP, and GPEN.

LinkedIn Bio:

Related Content




Conference Presentations