Risk and Vulnerability Assessment (RVA)
Our personnel have years of direct experience leading cybersecurity programs in advising Information Systems Security Managers (ISSMs), performing Information Systems Security Officer (ISSO) roles, implementing the full suite of NIST security doctrine. Obsidian uses the Risk Management Framework (RMF) six-step process for DoD Information Technology and National Security systems
Incident Response (CDM, SOC)
Obsidian uses the NIST Cybersecurity Framework and MITRE Corrective Action Requests (CARs) as a key part of our process for hunting, identifying, assessing, and managing cybersecurity risk and incident response.
Obsidian has a proven penetration testing approach which focuses on locating and targeting exploitable defects in the design and implementation of applications, systems, or networks. . We use automated toolsets to reduce risk, and our expertise in manual testing allows us to complement automated results with targeted and precise tests that enhance the results.
High Value Assets (HVA), Security Architecture, and Systems Security Engineering
Obsidian tackles security issues by addressing protection requirements throughout the life cycle of the systems. We use the Systems Security Engineering Framework: the problem context, the solution context, and the trustworthiness context.
Obsidian provides offensive security operations support for responding to a crises or urgent situations to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.
Obsidian is leading the way in next generation CSSP (Cybersecurity Service Provider) solutions and IA architecture, development of next generation network operations security centers (NOSC) and aiding our customer’s in operational and service provider alignment.