Putting Cyber Security Into Action
C2 Labs has extensive cyber security experience, shifting security left in our customer environments. Our Vice-President of Engineering and Professional Services served as the CISO for two U.S. nuclear weapons plants with some of the most stringent cyber security requirements in government. Additionally, our leadership team has over 50 years of experience within highly regulated industries where we have served as thought leaders and implemented the latest technologies in a secure manner.
Thought Leadership
-
Support creation of new NIST Standards such SP 800-180 and OSCAL
-
Create Cyber Security Baselines where industry baselines did not exist
-
Leverage our broad security experience across traditional IT systems, ICS, Cloud, Mobile, and IoT to solve complex customer problems
-
Co-Chair the Cloud Security Alliance (CSA) Application Container and Microservices (ACM) Working Group
-
Lead the CSA-DC Metro Chapter
-
Use Security-as-Code to implement and assess cyber security baselines
-
Identify market gaps and invent new technologies such as ATLAS to drive continuous compliance
-
Integrate security into DevSecOps pipelines
Proven Cyber Security Expertise
1. Security-as-Code
Implemented Ansible playbooks to increase the frequency and lower the cost of automated security assessments. We configured and audited security settings on new technologies with baselines created by C2 Labs in the absence of existing industry standards.
2. DevSecOps
Implemented a DevSecOps CI/CD pipeline replete with static source code scanning, vulnerability scanning of containers/packages, and formal code reviews prior to Pull Request approval. We leveraged the CI/
CD pipeline and sophisticated DevSecOps techniques to integrate customer security tools, overcome complex customer proxy issues, and run recurring scripts securely and reliably. Employing automated, enforced code scanning prior to merge or deployment to identify code vulnerabilities, bugs, smells, reliability, and Section 508 accessibility issues ensured vulnerabilities did not enter the production environment.
3. Next-Generation Technologies
Developed and deployed scalable, next- generation technology reference architectures such as network virtualization and segmentation that can be implemented in alignment with your overall security architecture and risk tolerance. We’ve also invented innovative next- generation software to drive continuous compliance.
4. Security Plan Development
Created security plans for numerous customers tailored to meet their specific risk tolerance and maturity level.
5. Standards Development
Contracted by NIST to support the development of OSCAL (Open Security Controls Assessment Language), a new machine- and human readable language for information security practitioners and compliance auditors alike to dynamically attest to the state of implemented security controls against standards such as NIST 800.53, COBIT 5, PCI, HIPAA, etc.
6. Continuous Compliance
Invented a next generation Governance, Risk and Compliance platform, ATLAS, to allow users to easily create artifacts dynamically tied to compliance standards and frameworks such as NIST 800.53, NIST RMF, CMMC, CCPA, PCI, HIPAA and others while simultaneously lowering costs, improving quality, and ensuring audit defensibility.
We apply sophisticated and modern DevSecOps techniques to lower the cost of operating container/cloud environments while simultaneously increasing quality, resiliency, and security. The security-related benefits include:
​
-
Improved security with clean container builds performed for each deployment versus traditional patching​
-
Allowing developers to repeatably and securely move code from their laptop to multiple environments including Production with no reliance on manual operations support; unlocking maximum developer productivity while also improving deployment reliability and security​
-
Demonstrated ability to quickly and easily rollback application versions; improving availability and enhancing Incident Response (IR) processes
Additionally, we have created actionable System Security Plans (SSPs) for our customers with the following benefits:
​
-
Created industry standard SSPs for organizations that had no existing templates or mature processes​
-
Created usable Test Plans that include the security control, expected result, how to test the control, and associated test evidence​
-
Prioritized a graded-approach to security controls for immature cyber security organizations​
-
Created security baselines for new technology where no existing standard existed​
-
Implemented security settings from baselines via automated methods leveraging a Security-as-Code approach​​
-
Drove Continuous Compliance monitoring of the security settings to provide a near real-time view of the risk posture for the organization​
-
Created a modern, continuous authorization approach for mature organizations based on their existing SSPs
Improving Cyber Security for Your Organization
C2 Labs has extensive experience designing and implementing leading-edge Cyber Security solutions in both commercial and government environments. We have implemented multiple Security/DevSecOps tool chains and are consistently able to “shift left” our customers’ schedules in order to deploy reliable, scalable, and secure solutions. We also understand that cultural change is a key aspect of any project and we accelerate this change through hands-on training, detailed documentation, workshops, the ADKAR framework, and demonstration of rapid delivery of business value.
​
We believe cyber security is an integral part of every project and we always leave a customer environment more secure than we found it. No project is a success until we have fully documented and tested security controls and the risks of that new technology in your environment.
​
​Contact us today at sales@c2labs.com for a free, no cost consultation.