Does MSI hire hackers to perform security testing?

No. Our ethical compass doesn’t allow us to hire convicted criminals, even “reformed” ones. All assessments are completed by MSI employees (not contractors) who undergo deep background checks and corporate bonding. They are also covered under our corporate insurance.

Does MicroSolved do security research to find new software bugs?

Absolutely! We routinely contribute new bugs and vulnerabilities to both commercial software vendors and open source projects. However, we DO NOT release advisories, exploit code or hacker tools to the public. We have participated in some forms of responsible disclosure in coordination with certain vendors, but we prefer to let the vendors handle their notifications. MSI is focused on TRUST and our ethical compass does not let us protect our customers by day and help hackers at night. We believe that the trust our clients give us is sacred, so we work to protect it!

Are MSI engineers certified?

Many of our team members are certified by a variety of groups and organizations. Members of our team hold various security clearances, certifications in Homeland Security, CISSP, SSCP and a myriad of product certifications. Members of our team truly represent thought leaders in the field of information security and go well beyond simple “certifications”. Team members are required to routinely speak, write and teach about various emerging threats, hacker techniques and security tools on a global basis. Google our team and learn more about why our clients call us “invaluable”!

Can MicroSolved help me with PCI or other certifications?

If you are seeking baseline compliance (PCI, etc.) certification or the like, let’s chat. We can often prep you for audits and the like and even point you to the lowest cost “scan and forget” vendors to get your certificate. We see compliance as “the minimum”, so we don’t advise clients to focus on it as a goal. We treat compliance as another form of risk to be managed in accordance with business needs. Our experience shows best practices and threat-focused security to be more effective and less costly than compliance with a given baseline. Usually, building on this basis exceeds all of the common compliance baselines anyway. That said, yes, we can help you.

How can I find out more about Microsolved, your past and present projects and your capabilities?

The first way is to Google “MicroSolved” and “Brent Huston”. You will find a lot of information out there that shows our history, commitment to information security and ethics. You can also read our blog (stateofsecurity.com) to stay current on what we are working on, follow Brent on Twitter (@lbhuston) and sign up for our monthly newsletter at our web site. LinkedIn also demonstrates our resume, skills and recommendations. The easiest way though, is to give us a call. We would be happy to discuss it with you!

Why is MicroSolved more expensive than this or that other security vendor?

At MSI, we are committed to value. We focus on doing the best job at the best possible price. However, our idea of what the “job” is often varies from many of the “scan and forget” security vendors. We’re focused on building relationships with our clients and helping them long term. Our trained analysts and engineers do the work, not just verifying the output of a security scanner, but leveraging many tools and applications to footprint, probe and test your environment. The expert application of the human brain in combination with our correlative multiple product assessment platform creates a better report, fewer false positives and deeper insight to help your team than many other vendors. Not surprisingly, this deeper, richer approach and better deliverables sometimes costs a bit more.

Wondering if an Application Security Assessment is right for your organization? Learn more by checking these FAQ’s, then give us a call.