Custodela was formed by a group senior security professionals that have been working in the industry as cyber security generalists and specialists since its infancy. We recognized that well rounded technically proficient security professionals with hands on practical experience are very difficult to obtain, so Custodela was created to fill that growing need. High level gap assessments are easy, but coming up with achievable recommendations and real-world solutions with practical processes to solve them are not.
Offensive Security – Red Teaming
We have hundreds of combined Network and Application Penetration Tests. We don’t just find common vulnerabilities, but conduct low level manual attacks, and drive to break application flow logic in creative ways that could never be achieved by automated tools.
Cyber Security Operations – Blue Teaming
Deployment and management of mature small to large Security Operations program and supporting technology, including logging, advanced focused monitoring, threat hunting, intrusion detection/prevention, and vulnerability analytics. We believe false positives can cripple a team’s effectiveness. We have significant success with custom developed and tuned Security Operations Automation techniques to monitor more with less people.
We are developers. We’ve built Application Security programs from the ground up from a strong understanding of common code and logic flaws, how to find them, and the best way to inform and educate developers on how to fix them. We have significant success with custom developed Application Security Automation integration with both small and large agile development teams building over 100 unique applications in a single organization.
We’ve conducted hundreds of complex architecture reviews on both legacy and modern complex application flows. We look outside of just the architecture, but also focus on how the applications are used. We have significant experience assisting organizations adhere to a wide number of contractual and industry requirements, including the PCI DSS.
Incident Response, Investigations, Threat Containment, and Forensics
Process development and real-world investigation experience.