+1 910-420-4242 info@versecurity.com

Quality, not quantity.

Versecurity, LLC

Welcome

Versecurity LLC is a specialized technology assurance and advisory services firm.  Our services are highly customizable to the needs of your organization, encompassing IT audit and attestation, compliance reviews, risk management and advisory, policy and procedures design and development, vulnerability assessment and penetration testing, systems integration, web development, programming and many free-of-charge projects in open source development, employee/departmental training and security awareness. Here you will find an introduction to our services and operating style, and please contact us with any thoughts or questions.

Contact Us

Our Services

IT General and Application Controls Reviews
Internal and external IT audit services, performed either as independent assessments or as part of an integrated financial, operational or compliance audit, such as Sarbanes-Oxley or ISO. Areas of review in IT general controls audits include physical and environmental security, application development and change management, computer operations, backup and recovery, business continuity, data communications, information security and logical access controls over customer information systems.
System and Organization Controls Examinations (SOC 1 / 2 / 3)

Formerly known as “SAS 70″ audits, the AICPA adopted new standards that categorized service organization controls examinations into three types: SOC 1 , SOC 2 and SOC 3.

SOC 1® — SOC for Service Organizations: ICFR These reports are specifically designed to address controls at the service organization that are relevant to their customers’ financial statements. SOC 1 audits are suitable for organizations that process financial transactions on behalf of customers.

SOC 2® — SOC for Service Organizations: Trust Services Criteria (TSP 100) These reports address service organization controls relevant to the security, availability and processing integrity of the systems used to process customer data, and the confidentiality and privacy of the information these systems process.

SOC 3® — SOC for Service Organizations: Trust Services Criteria for General Use Report Like SOC 2, these reports address controls relevant to security, availability, processing integrity, confidentiality and privacy. However, they have an abbreviated reporting format whereby the controls, auditor’s tests and results are omitted, and are considered general use reports that can be freely distributed.

Payment Card Industry Data Security Standard Examinations
Compliance assistance and management advisory services for adherence to the Payment Card Industry Data Security Standard (PCI DSS). Any organization that stores, processes or transmits cardholder data must be compliant with this standard, which is rigorous in nature when compared to the control requirements and testing activities included in the scope of IT general controls reviews for financial statement audits or Sarbanes-Oxley compliance. Our PCI compliance services include assistance with identifying, testing and implementing the controls required as defined by the PCI DSS, assistance completing the Self-Assessment Questionnaire, interpretation and risk assessment of findings reported by PCI Approved Scanning Vendors, and implementation of technical configuration changes required to maintain compliance with the standard.
IT Policy Design, Development and Advisory
Development, documentation and management advisory services related to clients’ information technology policies and procedures. Projects typically include analyses of organizational processes, operations and technological environment, design and development of departmental methodologies and controls, and assistance with the implementation and documentation of related policies and procedures.
Vulnerability Assessments and Penetration Testing
Technical examinations of customer information systems to identify, test and remediate vulnerabilities that may be exploited by an attacker or other threat. Commonly referred to as vulnerability assessments and penetration testing, these examinations are conducted against the customer’s environment from an internal or external perspective (or both) depending on the project objectives and related systems and architecture in scope.
Programming and Web Development
Custom projects that include web site design and development, content creation, multimedia and animation, development of native mobile applications for integration with customers’ existing web solutions, web, application and database server configuration, systems integration and data interface programming.

Why Versecurity?

We believe that the unique combination of our character, competencies and cost as a service provider make Versecurity both a quality and cost leader in the area of technology assurance and advisory services. Expand the toggle boxes below for background information, service delivery concepts and examples that we feel distinguish our firm as exceptional or better.

 

Character, Competencies and Cost

We love what we do.
We love what we do.  Don’t tell anyone, but all of us at Versecurity would do our jobs in one form or another, regardless of whether or not we were paid.  This passionate interest in our profession, sometimes referred to as an “addiction as much as an ambition” is fundamental to the way we think and operate as a company, because we are constantly looking to do more of what we do, and better. Over time, the countless ideas for improving our processes and systems have led to substantial changes and enhancements in the quality and efficiency of our work.  These are ultimately adopted as part of our formal operating procedures for client engagements, and the process continues, everyday.

Versecurity was founded by a small group of entrepreneurs that from a very young age had a love for computers, gadgets and technical systems, which continued into adulthood and their professions–information systems security, design, development and consulting. Although they all worked in IT audit and security departments at regional and “Big 4” accounting firms, they also spent their nights and weekends doing things like setting up hacker labs, testing new Linux distributions and building custom boxes robust enough to allow for quintuple booting.  As the years went by, they became increasingly tech-addicted and skilled in their work, but they also became increasingly aware of how dependent people, businesses and governments were becoming on information systems.  

There were also more than a few instances in which they witnessed nightmares become reality when critical systems went down or were breached, and the people responsible for getting them back online did not know where to begin to quantify the extent of lost, exposed or corrupted data, or how to correct the damage or prevent it from happening again.

Seeing the upward trends of increased reliance on information systems, more frequent occurrences of system attacks, hacks and frauds, no foreseeable reason for this to reverse or diminish, all in the absence of increased controls or user security-consciousness led to an idea for what eventually became Versecurity.

Our solutions are proposed, planned and executed in-context for every client.
One of the distinguishing characteristics of our approach to service delivery is our focus on providing solutions that are meticulously catered to each client’s unique needs, objectives and environment.  We believe that only within the proper context can information security and compliance needs be accurately quantified and evaluated.

No two organizations are identical and no two solutions should be either.  We approach each engagement as a unique undertaking, listening closely to each client and working as a team with project stakeholders to develop the approach, activities, timing and deliverables required to meet the specific needs of their organization.  There is no template or checklist, only seasoned professionals attending to each detail and devising specific solutions in which the context affecting each organization is the foundation of each solution.

Our engagements are fixed fee, priced below the competition and expenses are never charged to the client.
All of our engagements are performed on a strictly flat-rate basis, and this fixed fee is contractually binding regardless of unforeseen circumstances or occurrences that could delay the project and require us to spend more hours to reach completion.  We also never charge clients for out-of-pocket expenses of any kind, and this is included in the engagement contract as well.

During scoping discussions, we make it our responsibility to gain an extremely clear understanding of the exact nature, timing and extent of the project’s activities, and all of the associated deliverables, prior to proposing on the engagement.  We contractually obligate the fee stated in our original proposal, as well as the timing and deliverables.  What you see is what you get, every time.

All client-serving personnel have at least 10 years professional experience in IT audit and consulting.
All of our client-serving personnel have more than 10 years professional experience in IT audit and consulting, and clients are never charged expenses of any kind, nor do they ever pay a dollar more than what was originally stated in the engagement proposal.  This is always contractually obligated, as well as the individuals the client expects or desires for the engagement.

Clients also have the pleasure of working with a small firm that has extensively streamlined the testing, documentation and reporting processes that consume the vast majority of hours on most projects, and because seasoned experts are performing the fieldwork and writing the audit reports, customers enjoy the efficiency and quality of deliverables that always exceed expectations, and are always delivered on time and on budget, every single time.

We are team-oriented, accommodating, consultative and receptive with all members of an engagement.
Unfortunately, in life sometimes people are insincere, selfish, short-sighted or uncaring about the circumstances of others.  The world of business and professional services is certainly no exception.  Auditors, consultants and any “third party specialist” provide services that are fundamentally people-based.  We don’t make widgets or put fuel in your car.  For this reason, there is a large degree of trust expended on behalf of the customer, right from the beginning of the relationship, and to an extent, some “faith” is required.  We strive to utterly minimize this in all of our engagements and partnerships, whether with vendors or customers, and we expect brutal honesty when we present our deliverables.

Failure to prevent, detect and/or correct control gaps in customer information systems could have a far-reaching impact with severe consequences that may be very difficult or impossible to rectify.  For this reason, we take the role of “IT auditor” or “information systems consultant” very seriously and sincerely.  And it’s for this reason that we have adopted an approach of being the nicest, toughest auditors we can be.  We work with clients and strive to forge a team-oriented partnership with everyone involved, whether they are customers, customers’ auditors, vendors or other party, we fundamentally have the same objective in each project.  So it is of the utmost priority for us to be accommodating and consultative with every person in every engagement, and to be meticulously thorough in our work, ensuring that any findings or recommendations we have are factually irrefutable and previously scrutinized and verified by all parties involved prior to conclusion.

Being team-oriented, accommodating and consultative with all members of an engagement is fundamental to how we operate as a professional services firm.  We are very good listeners, always happy to help, not afraid or unreceptive of bad news or criticism, and strive to be an exceptional teammate and resource for every customer, vendor, partner or auditor we encounter on engagements.

We understand the difference between data and information.
It’s everything and communication (respectively).  Data is the underlying universe of everything that produces or impacts the information we generate from systems, whether it be an account balance, employee listing or a report of IP addresses attempting to gain unauthorized access to our network.

In every country on every continent, people (yes, you…and yes, me) rely on the integrity and stability of information systems for daily processes that are so fundamental to our livelihood that we take them for granted to an unnoticeably pervasive degree.

Companies no longer “keep books” on their operational accounting or financial statement reporting. Everything is on a system. And we rely on the integrity of the data that is produced by that system. Reports are generated by the system’s stakeholders, and we use this information to make decisions that range from trivial to critically important with a wide range of potential impact. Naturally, these stakeholders expect the information produced by the system to be valid and accurate. But how would we know? What if 15% of the time the underlying data was intentionally or inadvertently manipulated prior to generation of the report? What if this happened 50% of the time? Or more? Without someone or something to prevent, detect and correct this, there could be a far-reaching impact with severe consequences that may be very difficult or impossible to rectify.

For this reason, we know that the quality of our services and consistency of delivery is critical, and the role of an information technology auditor or information security consultant comes with much responsibility. We take this very seriously and have developed firm methodologies for each service area that are meticulous, current, consistent, adaptive and tested at length. This is the foundation upon which our services are designed and delivered from start to finish for every client and engagement.

We understand the importance and impact of our profession.
We understand the constantly changing, rapidly evolving technical landscape, and the ever-increasing reliance people, companies and governments are placing on information systems everyday.  For this reason, we view our role as IT auditors and consultants as increasingly important as well, and the impact of doing our jobs with the utmost quality and integrity everyday cannot be underestimated.

Thanks for stopping by

Please reach out any time.

Tell us your needs and interests, ask us questions or share your thoughts, we’re happy to hear from you!