A security architect is responsible for designing secure environments to safeguard sensitive data and systems. Once these counter-measures are in place, the security architect will test for any weaknesses and audit the entire system.
A security architect needs to have a thorough understanding of an organization’s systems in order to learn who has access and where the vulnerable points may be. After making a thorough assessment, recommendations are made to update and improve the security system through software and hardware. User policies and protocols are then set, as well as monitored and enforced.
I have spent the past several years working as an Enterprise Security Architect. I have the experience and the certifications to ensure your organization is making smart decisions around security as you grow your business.
I can hold Skype or WebEx sessions with your staff to explore the various security postures at play in your organization. We can review your data security, network security, or your Active Directory security configurations and plan a path forward that will ensure your environment remains secure.
Security Gap Analysis.
I will review your environment, interview your administrators and audit your configurations. I will identify where the gaps in your security lie, and will recommend a path forward to correct any deficiencies. Contact me to learn more…
System or Network Design Review.
I have spent the past 30 years in the I.T. industry building and reviewing design documents for systems and networks both large and small – from the most complex the the most basic. Contact me to learn more…
Preparing for and surviving audits.
I am well versed in HIPPA, PCI-DSS, FedRAMP, NIST, CIS, and many other industry recognized auditing standards, and I can help your business prepare for that looming audit, or respond to the audit you just underwent. Contact me to learn more…
Reviewing the security posture of your vendors.
I know what to look for and what to where the red flags are in a SOC 2, Type 2 report. I know the right questions to ask, and when the answers are wrong. I can assist your team in navigating the delta between what a vendor is promising and what they are able to deliver. Contact me to learn more…
I possess a specific combination of top level cyber-security certifications that give me a unique perspective into your cloud security environment. I am a Certified Information Systems Security Professional (CISSP), which means I have a solid foundation that is both deep and broad in the specific security domains of the CISSP certification.
I am also a Certified Cloud Security Professional (CCSP). This means I have proven that I have the advanced technical skills and knowledge to design, manage and secure your data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cyber security experts at (ISC)².
I am also an Information Systems Security Architecture Professional (ISSAP). My industry recognized cyber security certifications together with my years of real-world, hands-on experience have combined to make me an expert in information security.
And in this ever-changing industry in which the opposition grows ever smarter, you’re always looking for ways to stay ahead of the competition.
Whether you are considering a new SaaS offering, or planning to migrate your entire data center to the cloud, I can help with all aspects of your cyber-security needs:
- Audit review of your vendor’s environment
- FIPS, NIST, SOC 2 Type 1&2, Etc.
- Architectural review of potential cloud environments
- Review of data security concerns (both at rest and in transit)
- Planning user authentication, 3rd party identity stores, and privileged access management
- Use of 3rd party data migration vendors
- Encryption and Cryptography questions and concerns
Please click here to contact me to learn more about how I can help your company benefit from cloud services, while keeping your data and your users secure.
John T. Scott 