Frequently Asked Questions

Pricing & Value

  • We offer both subscription services (CISO as a Service) and traditional time and materials pricing models. 

  • PuzzleSec brings a high level of expertise and extensive experience to the market. All we do is security, and we strive to provide our services in an affordable, predictable manner. This means, with us, anyone can realize world class cybersecurity regardless of size or budget. 

  • Any organization could potentially benefit from a CISO as a service approach. However, at PuzzleSec, we recognize that there is a gap in coverage for many smaller organizations. Their traditional means of addressing cybersecurity challenges no longer seemed to work. Whether it be hiring a full time CISO, leveraging security vendors and partners or engaging a traditional consulting firm, these approaches have significant drawbacks. Our mission at PuzzleSec is to bring world class security services to every company in need regardless of size or budget. 

Services

  • Meeting with key stakeholders to determine your risk appetite, then following with staff and management to understand and codify your operational risks, enabling us to provide you with a report pointing out deficiencies and a plan for improvement.

  • Quite a lot. A thorough Business Impact Analysis (BIA) is the beginning, helping to understand the potential impact on your organization during a disruption. After meeting your team and working through the BIA, we will build a complete Business Continuity Plan, update Disaster Recovery Plan, develop an Incident Response Plan that includes a Crisis Communication Plan.

  • We will work with your key stakeholders to understand the approach and maturity level your organization wants to achieve in its cybersecurity posture. We will then educate you on the differences between policies, standards, guidelines, and procedures, and how to best use each one to achieve your cybersecurity goals and accelerate your organizational goals. 

  • Many times organizations go into an audit without fully understanding the breadth and depth of what is going to be in scope on the audit. Also receiving audit findings that are negative sometimes cause swift and unmeasured responses that are costly and only temporarily address a specific issue, rather than looking at holistic improvement. Assisted audit preparation is like getting the questions and potential answers prior to taking the exam and being given time to research if those are the best answers for your organization with your unique needs. Our practitioners have been through the audit process many times and have even been the one conducting the audit. We are well positioned to assist you in being ready for your audit.

  • While we do employ some of the same tools as other firms, we maximize the value by customizing the training not only to your organization, but by meeting your team where they are. Different people need distinct levels of cybersecurity awareness based on their organizational role. We work with you to categorize your team and develop custom training objectives that push some roles harder than others, increasing the complexity of training based on training objectives that have been mastered. Additionally, at your request, we can even utilize custom training environments to allow your team to see what it is like to approach cybersecurity from the attacking side, an approach that fantastic opportunity to raise engagement and awareness.