IT security consulting firm focused on application and infrastructure penetration testing.

1. Portcullis Informational
Presentation
Eric Christenson – Director of Sales North America
Oliver Gruskovnjak – Director of Penetration Testing Services
Portcullis Security Inc.
www.portcullis-security.com
http://labs.portcullis.co.uk/

2. Portcullis Background
•Established in 1986, Security Testing Services launched in 1992
•Over 60 Staff members including 38 Experienced Consultants:
– Quick response
– Large detailed projects can be delivered in shorter timescales
– Flexibility
– No sub contractors, all full time employees
•3 International Locations
– US Headquarters San Francisco, Ca
– UK Headquarters & Forensics Laboratory, London, England
– European Headquarters Madrid Spain.
•Our Client Base spans:
– Retail and eCommerce (Supermarket, Online Trade, Clothing / Fashion etc).
– Central & Local Government
– Health Care, Financial Services
– Technology and Gaming
– Utilities and Transportation
– Banking
– Non-Profit/Charity
– Defence Sector
•Accreditations and Experience
– CREST (Founding Members)
– FIRST Members
– OWASP Members
– PCI Accredited
– CHECK (Founding Members)

3. Portcullis Strengths and Values
• IT security focused – not sector or industry specific
• Broad experience, across sectors and industries
• Manual penetration testing expertise and focus
• Tool development, R&D efforts ongoing
• Risk based approach
• Multilingual staff with international experience and presence
• 5000+ assessments in the last 5 years

4. Portcullis Security Services include…
IT Security Testing (SPA)
Digital Forensics
Incident Response
CTADS
Secure Development
SRIE - RMDG

5. Security Posture Assessments
• SPA - External Infrastructure Assessment
– Geographically unbound
• SPA - Internal Infrastructure Assessment
–19 Locations
• SPA - Wireless Assessment
–Combined with Internal Infrastructure
Assessment, to save in travel expenses.

7. Security Testing and Auditing Services
– External or Internal Infrastructure – Build Reviews
Assessment – i.e. Penetration Testing > Desktop, Laptop, Server,
and Vulnerability Testing Database etc
– Web Application Assessment – Router Assessment
– Binary Application Assessment – Firewall Assessment
– Web Service Assessment – Switch Assessment
– Code Review – External or Internal Host Assessment
– PCI Security Testing – Data Exfiltration Assessment
– Layer 2 Traffic Analysis – Citrix Assessment
– DOS Assessment – VPN Assessment
– Social Engineering – Mobile Device Assessment
– Information Disclosure Review – VoIP Assessment
– Wireless Assessment – BlackBerry Assessment
– Wireless DoS Assessment – IOS Assessments (iPhone, iPad etc)
– PCI DSS Services – Android Assessment

8. Consultancy, Training and Knowledge Transfer
Consultancy Services Training and Knowledge
Includes: Transfer Includes:
– Risk Assessment and – Application Development
Review – System Hardening
– GAP Analysis of – Security Testing
Compliance – Build Reviews
– Management Summary – Bespoke Training
Reporting
– Best Practise Reviews – Presentations
> Documentation / – Test Observation
Policy
> Architecture
> Topology
– Research Projects

9. Reporting Formats
•Security Fault Notice Verbal /Email Report
•Summary Report
•Technical Report
•Email Support
•Management Summary
•Report Presentation / Conference Call
•Knowledge Transfer