Security, Risk, & Compliance

We make cybersecurity achievable, understandable, and affordable.

Has your company…

  • Recently been asked if you have a SOC2?
  • Recently been asked to complete a security questionnaire by one of your customers or suppliers?
  • Struggled to answer questions related to your cybersecurity program?
  • Been increasingly getting similar cybersecurity questions from multiple different places?
  • Recently purchased cybersecurity insurance?

Pileum SRC can help you ensure that you have the security program in place that fits your company. No overspending, no underspending and no paying cybersecurity insurance premiums in vain. We can make cybersecurity fit you, while helping you ensure that your company has the security program that it needs to remain competitive, despite the ever-changing nature of the threat landscape.

Why Cybersecurity?

Cybersecurity incidents continue to grow at unprecedented rates. This is increasing the need to have mature, documented security capabilities. Cyberinsurance is a good idea, but not a good substitute for a security program. In fact, cybersecurity insurance claims can be denied for negligence. This is why creating and maturing a security program is worth the time and resources required. Understanding your risk increases the value of investments. 

Did You Know?

  • The average cost of a data breach is $4,000,000.
  • Each record can cost between $200 and $400 depending on the industry.
  • 45% of breaches are discovered by accident.
  • Average time for US companies to discover a data breach is 206 days.
  • Breaches that took less than 30 days to contain had an average cost of $5.87 million.
  • Breaches that took more than 30 days to contain had an average cost of $8.83 million.

What We Do

Security and Risk Architecture Development

  • Initiate or advance cybersecurity risk management (e.g. NIST, COBIT, ISO, etc.)
  • Address regulatory compliance gaps (e.g. PCI-DSS, HIPAA, IRS1075, SOC2, etc.)
  • Risk Assessments
  • Maturity Assessments, Readiness Reviews and Gap Analysis
  • Technical Security Assessments (Vulnerability and PEN Testing, Application Security Assessment, Ethical Hacking, etc.)
  • Business Impact Analysis, Business Continuity Planning and Disaster Recovery Planning
  • Security Incident Response Planning

Standards Based Cybersecurity Compliance

  • Pileum helps companies identify and comply with cybersecurity standards under various regulatory oversight bodies and in most industries.
  • Healthcare (HIPAA), PCI, GDPR and other regulations and directives are a regular part of Pileum SRC engagements.

We Don’t Stop There

Virtual Chief Information Security Officer (vCISO)

  • Pileum can serve as a Virtual Chief Information Security Officer (vCISO).
  • This is ideal for organizations that do not have a named security officer or person responsible for management of security programs.
  • We can customize a vCISO program to meet a variety of needs with regular and periodic engagements designed to advance security programs.

Risk Assessment Simplified

At Pileum SRC, we want to help you make better business decisions. In a cybersecurity landscape that changes rapidly and is overrun with complex potential security solutions, Pileum SRC stands ready to help you put the right security program in place to fit your organizations specific needs. Through our standards based risk assessments, we seek to help you understand those needs by answering a few basic questions:

  • What do you have?
  • Where is it located/stored?
  • How does it get to/from that location?
  • How is it currently protected?
  • Is that good enough (to meet: internal standards, regulatory standards, etc.)?

SOC2 Support

Pileum helps companies attain SOC2 by walking with them through the entire process. We offer:

  • Help pre-audit by:
    • Providing guidance prior to engagement with audit firms
    • Security program development to prepare for audit
    • Helping with audit firm selection
    • Helping the firm introduce security culture
  • Help during audit by:
    • Being a primary interface to the auditors
    • Answering audit questions
    • Helping mitigate audit found gaps
    • Running your security program to meet the SOC2 requirements during the audit period while training your internal staff on cybersecurity principals and helping them learn to operate under SOC2 scrutiny.
    • Helping the firm create security culture and mindset
  • Help post audit by:
    • Continuing to run the security program to meet the necessary standards; vCISO
    • Supporting the internal security team until they are ready to run the security program themselves
    • Helping the firm drive home security culture and mindset
    • Ad hoc help as needed


* Required