Obsidian leads cybersecurity programs in advising Information Systems Security Managers to perform Information Systems Security Officer roles, implementing NIST security doctrine. Obsidian uses the Risk Management Framework process for DoD Information Technology and National Security systems.

Obsidian uses the NIST Cybersecurity Framework and MITRE Corrective Action Requests (CARs) as a key part of our process for hunting, identifying, assessing, and managing cybersecurity risk and incident response. 

Obsidian has a proven penetration testing approach which focuses on locating and targeting exploitable defects in the design and implementation of applications, systems, or networks. . We use automated toolsets to reduce risk, and our expertise in manual testing allows us to complement automated results with targeted and precise tests that enhance the results. 

Obsidian provides offensive security operations support for responding to a crises or urgent situations to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.