Cyber Security and Data Privacy

Protecting your digital assets.

Who We Help

CEOs and Boards of Directors

ceo board of directors boardroom cyber security information risk

You need to know, in plain terms, what technology investments will  support your financial goals.  You need to sort fad from solid trend,  know when to invest and when to say "no."

You need an independent look at your cybersecurity or data privacy program to know if it is effective, practical and reasonable.

You  want a qualified cyber, privacy or technology advisor to support the  board of directors or to add a technology voice to your regular board  conversations.

You need a qualified Information  Security Officer or Privacy Officer to meet regulatory expectations,  but you aren't in a position to hire one just yet.

You need to know if the large technology investment you are considering is really necessary or if there is a better option.



You have to manage the financial risk of a data breach, and secure the right cyber insurance coverage.

You need an external risk assessment to satisfy a client or regulatory requirement.

You need a vendor information risk management program.

You need to appoint a qualified information security officer under NY DFS 23 NYCRR 500, and outsourcing that role fits your circumstances.

You need to appoint a qualified Data Protection Officer ("DPO") to meet GDPR requirements, and you are aware that the regulation requires this person to have "expert knowledge."

You want an objective opinion on the ROI of a technology or cybersecurity investment.



You are fully familiar with the challenges that come with trying to protect your organization from well-armed adversaries. You need an ally and a sounding board that can give you insights from hands on experience in multiple environments.

You need a strategic planner to crystallize your vision and communicate your strategy in actionable terms.

You need additional resources to help execute or manage your project portfolio.

You need a "data map" or "data register" for GDPR compliance purposes.

You want reinforcements with specialized expertise to help you succeed.

How We Help

Penetration Testing and Vulnerability Management


 SEE YOUR COMPANY THROUGH THE EYES OF THE HACKER.   One forgotten web server, one firewall change, one new installation with a connection to the internet....these open doors into your network are invisible to you, but not to the thousands of potential attackers automatically scanning the internet regularly looking for these openings.  Regularly having your perimeter scanned for vulnerabilities is an important part of an effective defense.  Find your exposures before an attacker does, and close the door before the intruder gets in -- or your data gets out. 

Information Security Incident Response Playbook and Data Breach Response Plan


BREACH RESPONSE PROTOCOLS. We literally built the incident response playbook for one of the world's largest government entities.  We've built them for small and medium sized organizations as well.  Our strength lies in our ability to meet each customer's needs precisely.  We work with the resources you have to develop a sound triage, escalation, analysis and response plan to guide cross-functional teams through difficult situations. 

Cyber Security Program Design and Manged Services


STRATEGY AND STAFF AUGMENTATION.  Whether you are updating an existing program or building your cyber security and data privacy programs from a fresh start, we have a proven methodology for assessing risk, benchmarking and designing a road map that makes sense for your unique risk profile and technology stack.   And, our managed service and staff augmentation resources  help you execute that plan. 



COMPLIANCE RESOURCES.  From GDPR, to New York State Dept. of Financial Services 23 NYCRR 500 to California's Consumer Privacy Act, cyber security and data privacy requirements are rapidly evolving along with consumer and customer expectations.  We bring decades of experience, tried and true assessment tools, and practical advice to help you meet these regulatory requirements without disrupting your business operations.   We can help you conduct your annual assessments, support management in building the supporting programs, and report to your board of directors .

Interim or "Fractional" CISO, CIO or CPO


INTERIM OR VIRTUAL CISO, CPO OR CIO.  For companies that aren't in a position to recruit and hire a  full-time information security executive, but still need a qualified  chief information security officer ("CISO") to set a strategy and  provide leadership, our V-CISO service is a perfect fit.

Companies  required under NY DFS 23 NYCRR 500 to appoint a qualified CISO can  leverage our resources to have appropriately experienced professional  engaged at a fraction of the cost of a full-time employee.

Companies  required under GDPR to appoint a qualified data privacy officer ("DPO")  can rely on us to supply certified, experienced professionals with the  "expert knowledge" required by the regulation.

Cyber,  by definition, involves computers. You need specialized technical  expertise to solve technical problems. That technical expertise should  be coupled with strong business acumen and the ability to balance risk  and find technology solutions to support, and not hinder, business.

Our experienced team of technology and privacy executives and managers have "filled in" for IT, InfoSec and privacy lead roles to give the organization time to find, recruit and onboard the right talent without feeling rushed or exposed or to meet a compliance requirement without making a full-time hire.

Executive/Board Advisory Services


BOARD ADVISORY SERVICES ON CYBER AND DATA PRIVACY.  Whether you need an outside expert to help the board of directors with issues relating to technology investments and risk, or an experienced professional to fill a board seat dedicated to technology and information risk management, we can help.  Technology and information governance isn't a single conversation.  It is a common component of revenue,  customer trust, strategy, growth and profitability.  Our professionals all bring "hands on" experience and provide practical guidance to businesses.  This is in stark contrast with consultants and legal counsel issuing generic directives that are taxing on the business without lowering risk.   Every business is different, and while standards are helpful, applying a good standard incorrectly or inappropriately can do more harm than good. 

Technology is complex, changes rapidly and is subject to numerous external forces--exactly like other areas of your business. Having a true expert involved in regular board conversations can help a business capture opportunities it would otherwise miss and avoid expensive mistakes.

Who We Are


Hard to Find Talent ~ Objective Advice

In a time when cyber security skills and data privacy skills are in a state of shortage, we have both.  We've worked with financial, tech, educational, retail, government and healthcare clients to deliver privacy, IT and information security services.  We don't sell technology, so you can count on us for objective guidance on selecting the best product for you.   


Strategic Advisors

We hold strong to our position that strategy drives investment and tactical planning.   IT, information security or data privacy shouldn't be the "tail wagging the dog."  It shouldn't prevent the business from moving forward.  It can be wind in your sails or an anvil.  We help you be certain that your technology budget is not driven by outside influence, but rather a strategic investment that doesn't carry hidden risk.


Results Oriented, "Get-the-Job Done" Professionals

We recently helped a client revive a failed SIEM implementation and successfully put it into production, saving a huge investment from being an embarrassing loss and giving the SOC the tools they needed.  

We have successfully completed multiple projects that had been deemed 

"impossible" by others. If you have a project that is struggling or completely failing, and you need to see it succeed, we should talk.

Sample customer comments:  "We chose you because you were the most sensible" and "I don't know what we would have done to handle this situation if we hadn't already been working with you"  

We stand by the quality of our work.  100%.  

If you're not happy, we make it right or you don't pay.  

Insights & Resources

Contact Us

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Contact us for experienced guidance on cyber strategy, technology governance, expense management, or just extra resources for challenging projects.

The Palisade Group