Vulnerability Scanning

 

Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning

 

Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring

 

We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
About Us

Erik Tomasi, Managing Principle

In his recent position as COO of DTG Consulting, Erik was primarily focused on Information Security engagements. Assignments include leading security assessments (e.g. ISO 27001, HIPAA, SCADA, FFIEC, SANS 20, NYCRR 500), contracted CISO (Chief Information Security Officer), and project team management. Erik was CIO at Hermes of Paris and White Mountain Re Services, and played technical consulting or CISO roles at Ironshore Services, Man Tech, eHire, PWC, Chase Manhattan Bank, and IBM.  Among his accomplishments are securing Chase’s network by evaluating and implementing two factor authentication for all remote access. He also has worked with Sony Music Entertainment to address multiple data center and application issues throughout their network. Erik is an InfoSec and PCI compliance expert who is a Certified Information Systems Security Professional (CISSP), and Board member of the Society for Information Management (SIM NY). He received a MBA in Finance from New York University’s Stern School of Business and BS in Electrical Engineering from New York University’s Polytechnic School of Engineering and is an Adjunct Professor at Baruch College.

Kartik Trivedi, Managing Principle

Kartik Trivedi has over 15+ years of experience helping numerous entities including Fortune 500, non-profit, tech start-up, financial services, and healthcare organizations meet their security, privacy, and business needs by helping to define strategic goals, develop road maps for more functional, mature, and secure programs, address immediate issues, and drive implementation of practical security solutions. Previously he was partner at Symosisand prior to that he was Director of Application Security at Accuvant, Managing Principal at McAfee, Principal at Foundstone and Software Development Engineer at concept solutions. Kartik has MBA in Finance and Entrepreneurship and MS in Computer Science degrees and CISM, CISA, CISSP certifications. Specialities
  • Security risk assessment, penetration testing and prioritize vulnerability remediation based upon risk exposure to the business
  • Application and mobile IOS/Android security, cloud security, secure software development, threat modeling, code reviews
  • PCI, HIPAA, ISO and other security standards and compliance requirements
  • Security training for developers, technical management and all workforce – delivered On-Demand and instructor led
  • Published author & regular speaker at OWASP, RSA, ISACA conferences

David Dietrich, Managing Principle

Seasoned leader with over 25 years in software architecture, design, build, implementation, program management and thought leadership of high-transaction business information systems. Internet of Things (IoT) expert, including integration with AI, machine-learning, signal processing, big data, network communication and full cloud integration. Focused on product management, customer enhancement all leading to company profitability and growth.

Contact Us

Contact us: info@kraasecurity.com Florida 990 Biscayne Blvd #503 Miami, FL 33132 Email: Info@kraasecurity.com Office: 888-572-2911