FRSecure

BACKGROUND

Please describe your company and position.

I am the Systems Administrator of a healthcare company.

Describe what your company does in a single sentence.

Provides excellent health care to a rural demographic.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire FRSecure to accomplish?

• Build a more advanced foundation of Security.
• Elevate our knowledge in Cyber Security.

SOLUTION

How did you find FRSecure?

Referral

Why did you select FRSecure over others?

• High ratings
• Close to my geographic location
• Referred to me

How many teammates from FRSecure were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

Frsecure was hired to do risk assessments and provide valuable knowledge to our company. With the help of their vCISO staff member, we were able to gain the knowledge and better understand of our risk and what it would take to remediate different situations. We also were able to user their knowledge to start building a better cyber security program. Their table top exercises and team exercises helped expand on importance and awareness. They provide the support we need to feel like we have the technical capabilities and knowledge to keep growing and moving forward on our security journey. 

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

FRSecure was able to help identify the risks with the first assessment and by providing secondary risks assessments at a later date, we were able to see the improvement of our systems, documentation and team member's knowledge. Using a secondary platform we were able to visually see the improvements on a tasked based program. Each task completed gave us a new and improved score.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

FRSecure staff set up project management for each individual project we requested. There was a project manager that was clear and precise about the scope of the project. They keep the project on task, with clear deadlines. They also give clear expectations of roles and responsibilites and what is necessary to have a successful project. Questions were answered in a reasonable time frame. 

What was your primary form of communication with FRSecure?

Email or Messaging App

What did you find most impressive or unique about this company?

This company is designed by people who want to help. They want to make sure you have all your questions answered even the ones you didn't know to ask. The staff we have met have all been kind and professional and know their jobs very well. You can tell the company takes time to train their employees and they make sure the employee feels comfortable in their roles. 

Are there any areas for improvement or something FRSecure could have done differently?

FRSecure has provided us with everything they said they would. I cannot think of what could be done differently. 

BACKGROUND

Please describe your company and position.

I am the Deputy CISO of BigPanda

Describe what your company does in a single sentence.

BigPanda delivers artificial intelligence for ITOps and incident management teams in a single platform. 

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire FRSecure to accomplish?

• Incident Response Tabletop Exercise

SOLUTION

How did you find FRSecure?

Direct Communication

Why did you select FRSecure over others?

• Pricing fit our budget
• Great culture fit
• Good value for cost
• Company values aligned

How many teammates from FRSecure were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

The incident response tabletop exercise is focused on training and assurance. 

• Develop a mock incident response exercise
• Conduct the mock incident response exercise 
• Provide guidance throughout the mock incident response exercise
• Document the results of the mock incident response exercise, including observations (good and bad), recommendations for improvement, and overall lessons learned.

Deliverables:

• Mock Incident Response Test Report
• A detailed report containing the step-by-step process that was followed during the incident response test, including observations and recommendations for improvement.
• Scenario slides with notes.
• Project working papers and methodology documentation to assist BigPanda in maintaining the incident response plan.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

From the initial engagement, FRSecure took the time to fully understand our organization tailoring the exercise in a manner that was current, relevant, challenging, and engaging from start to finish. 

As such, the end result helped us gauge our IR capability level and identify areas of improvement to achieve next level maturity.

FRSecure's has continued this approach each year maintaining a comprehensive understanding of our platform as it continues to evolves.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

FRSecure provides a full outline of activities, associated owners, and timeline for the IR Tabletop exercise. I have found they are very responsive to our needs specifically meeting our timeline for completing the exercise as well as providing key deliverables to meet customer expectations. 

What was your primary form of communication with FRSecure?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

FRSecure maintained a consistent customer focus at all levels of their organization. It is evident that they are fully vested in forging a valuable customer relationship to ensure continued success year over year. 

Are there any areas for improvement or something FRSecure could have done differently?

I have found that FRSecure promptly addresses any concerns or requests I have communicated to them in real time and documenting what was done for future exercises. 

BACKGROUND

Please describe your company and position.

I am the CFO of Miner’s Incorporated

Describe what your company does in a single sentence.

Retail grocery

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire FRSecure to accomplish?

• PCI Compliance
• Incident Response
• Virtual Chief Information Security Officer

SOLUTION

How did you find FRSecure?

Compudyne (MSP)

Why did you select FRSecure over others?

• Close to my geographic location
• Great culture fit
• Good value for cost
• Company values aligned

How many teammates from FRSecure were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

VCISO is an ongoing engagement.  FRSecure participates in all of our cyber related decisions as well as joins all of our executive cyber committee meetings.

Our PCI patrnership began in 2016 as FRSecure served as our QSA.  

Cyber table top exercises.  

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

PCI scores were to a level where we were able to qualify for the TIP program with Visa to where we are not required to submit an annual report of compliance.  We are still obligated to keep best practices that lign with PCI. 

VCISO program has assisted in our ability to navigate our secturity engagement for our 800 plus users to be far above what we have seen elsewhere.

Table top exercise was completed.  Feedback was delivered and well received to better serve others in future engagements.

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Their project management team has been impressive in their datailed approach and ability to accomidate our schedules and sometimes lack of knowledge.

What was your primary form of communication with FRSecure?

• In-Person Meeting
• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

FRSecure team members, at all levels and roles, have a superb knowledge of what they sell and provide.  

Are there any areas for improvement or something FRSecure could have done differently?

Over our 10 year partnership, I have never felt where either is relevant.

BACKGROUND

Please describe your company and position.

I am the Compliance Lead of PCI Academy

Describe what your company does in a single sentence.

We are a trade school serving the beauty and wellness industry.

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire FRSecure to accomplish?

• Make sure we are compliant with growing industry security standards.

SOLUTION

How did you find FRSecure?

Referral

Why did you select FRSecure over others?

• Great culture fit
• Company values aligned

How many teammates from FRSecure were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

We are a trade school and FRSecure helped us build the framework to ensure that our student records and files securely transitioned into a digital world.  Their help and guidance ensured that we were GLBA compliant before the regulations were in place.  We continue to use their services for ongoing support, including external and internal scanning, risk assessments, etc.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

Our risk assessment scores continue to increase each year.  We are compliant with all of our security based regulations.  

Describe their project management. Did they deliver items on time? How did they respond to your needs?

FRSecure is a team, they tag each other in when a 2nd opinion is needed.  Although we typically hit our deadlines on time, they are also flexible to the needs of our company which has meant adjusting timelines or areas of focus.  They pivot very well, while still being aware of what needs to be accomplished.

What was your primary form of communication with FRSecure?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

We are a small company and each person on our leadership team wears many hats.  I, by trade, am a cosmetology educator but when the need arrived, moved into the position who oversees compliance, which includes information security.  FRSecure has very patiently helped me grow into the one-man band that is IT for our company.  Not all companies have that kind of culture, FRSecure flexes their training/guidance/etc. to the person and company, they are working with.  

Are there any areas for improvement or something FRSecure could have done differently?

No

BACKGROUND

Please describe your company and position.

I am the Chief Information Security and Privacy Officer of North Memorial Health

Describe what your company does in a single sentence.

Healthcare Provider System - 2 hosptials/Level 1 Trauma and 14 clinics

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire FRSecure to accomplish?

• Provide us Cybersecurity expertise augmentation
• Partner with NMH on our Incident Response Program-High Level Support
• Perform an annual 3rd Party Information Security Risk Assessment

SOLUTION

How did you find FRSecure?

Word of mouth

Why did you select FRSecure over others?

• High ratings
• Close to my geographic location
• Pricing fit our budget
• Great culture fit
• Good value for cost
• Referred to me
• Company values aligned

How many teammates from FRSecure were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

FRSecure plays a vital role in our overall Information Security and Cybersecurity Program by augmenting our internal team with critical expertise that we do not maintain in house.  This expertise is leveraged primarily through bi-weekly interactions related to preventative work (vulnerability management consulting as needed) and cybersecurity incident response work.  
Our team represents the interal expert and FRSecure is the technical sme and has the resources needed if things get complex.  They also perform an annual pentest and risk assessment of our entire environment with the creation of a Risk Management Plan.   Lastly, they facilitate two 3rd party cybersecurity incident response table tops to test our program.  They are available to us 24x7x365 as needed.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

Risk reduction as evidenced on the Risk Assessment in scoring.

Incident Response MTTR on many incidents in under 30 mins start to finish, measured on our clock (meaning when incident actually occured).

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Project manager is assigned and there is escalation if needed for any items that the project can't resolve.  They do respond to our needs and are very reasonable about out of control changes and very committed to try and figure out good solutions to problems that arise.

What was your primary form of communication with FRSecure?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

They have a very high drive to do what is right and count on that if they do that the rest will fall into place. 

Are there any areas for improvement or something FRSecure could have done differently?

None that come to mind.

BACKGROUND

Please describe your company and position.

I am the Chief Technology Officer (CTO) of Bank of the Rockies

Describe what your company does in a single sentence.

Bank of the Rockies is a community bank based in southwest Montana and we offer retail and lending services (consumer, real estate, and commercial including agriculture).

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire FRSecure to accomplish?

• Implement a solid vulnerability management program
• Determine what good looks like operationally and compliance-wise
• Establish metrics and manage to what good looks like

SOLUTION

How did you find FRSecure?

Networking

Why did you select FRSecure over others?

• Close to my geographic location
• Great culture fit
• Good value for cost
• Talented Resources

How many teammates from FRSecure were assigned to this project?

2-5 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

BOTR engaged FRSecure to perform an independent review of the people, process, and technology employed in the Vulnerability Management Function and to provide recommendations based on leading practices. These recommendations are intended to improve the function, to provide an understanding of what good looks like, and to provide a means to manage to what good looks like.

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

We were able to inventory the people, processes, and technology involved in our vulnerability management function, to determine what good looks like (based on qualitatitive and quantitative metrics), and manage to what good looks like. Specifically, we are using our MDR's scanning with FRSecure's tool and working with our technology managed services provider to implement changes. We have knocked out all of our critical vulnerabilities and are working our way down with our highs being our next focus. Great work!

Describe their project management. Did they deliver items on time? How did they respond to your needs?

FRSecure employed a lead and supporting engineer as well as customer success team. They were able to work together to really keep things moving and make sure we are on-track.

What was your primary form of communication with FRSecure?

Virtual Meeting

What did you find most impressive or unique about this company?

The people are what impresses me about FRSecure. They are smart, they work hard, and they take pride in ownership. They also like to have fun so I have to say I'm in line with all of that!

Are there any areas for improvement or something FRSecure could have done differently?

Not that I can think of.

BACKGROUND

Introduce your business and what you do there.

I’m the director of information systems and part of the executive team at FAC Services. We’re a shared services organization providing professional services that are mainly financial in nature to three clients operating in the architecture, engineering, and construction industries. 

Our company has a team of 60 people, who are mainly accountants, law people, and software developers. A fair amount of our tools are built in-house for ERP, labor management, and client building.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We had in-house software providing project accounting features as part of our services. It had a fairly wide scope and stored financial and sensitive data. When we pushed the software into production, we hired FRSecure to do penetration testing.

SOLUTION

What was the scope of their involvement?

One of FRSecure’s testers did manual and automated testing on the security of our software. They then created a report on any vulnerabilities they found. It was purely a consulting-style service; they didn’t purchase any software or hardware. The service was done completely off-site.

What is the team composition?

I worked with one person in sales at the onset of our engagement. Then, an account manager took care of the scope of work and proposal. The rest of the project was done directly with FRSecure’s tester. A project manager was also involved in the effort. 

How did you come to work with FRSecure?

The engagement started with a cold call. Our company liked to work with different testers to see different points of view. On top of that, I was also a part of the American Council for Engineering Companies. People in that organization had good things to say about FRSecure. As a result, we hired them.

What is the status of this engagement?

The engagement happened in July 2022. Before that, we had our first discussion in March 2022 and signed an agreement in May 2022. We’ve already completed our business with them.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement? 

The quality of FRSecure’s penetration testing report was much higher than we were used to; it was remarkably helpful. The debrief from the penetration tester was accurate. 

Usually, such reports either had too much jargon that I would have a hard time reading or were too long and had too much to look into — by contrast, FRSecure made sure that I understood every aspect of the report as an engineering manager. 

Moreover, the report included steps for my technical team to reproduce the findings. In other words, their deliverable was truly actionable and useful to my team.  

How did FRSecure perform from a project management standpoint?

FRSecure finished the project 100% per the targeted deadline and within our budget. In terms of tools, they shared documents with us via SharePoint. Everything was simple because there were only 2–3 people involved. There was no need for any milestone-based report. All of our communication was done via Zoom. 

What did you find most impressive about them?

The FRSecure team was truly cost-effective. A lot of opportunistic vendors existed in this field, but I found them to be reasonable. They were forthright, and their commercial practices were refreshing in that they were upfront and clear. We didn’t feel that money was wasted on things other than penetration testing. 

Are there any areas they could improve?

No, there weren’t any. They were an ideal vendor, and I’d highly recommend them. 

Do you have any advice for potential customers?

Take the time to present the software to FRSecure, and meet the penetration tester. Provide use cases for the tester. 

For example, I provided a matrix of different users with different permissions. This allowed the tester to focus on areas where we could escalate privileges to make the software more productive and enjoyable.

BACKGROUND

Introduce your business and what you do there.

I’m the CTO for a high school district in Park Ridge, Illinois that has about 6,500 students in three schools. We’re the first school district to ever adopt Google; our schools are among the best in Illinois. As the CTO, I’m in charge of all the technology used in the district; I’m responsible for everything from data systems and infrastructure to classroom equipment.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

Prior to my arrival at the district, there were no security efforts. As a result, I needed some help to get a better cybersecurity program.

SOLUTION

What was the scope of their involvement?

FRSecure gives me high-level advice and recommendations on how our organization can move forward in terms of establishing a security program. They essentially serve as our virtual chief information security officer (vCISO). They do most of their work for us remotely. The FRSecure team also offers penetration testing services, and I plan to take them up on that offer for our network. 

What is the team composition?

I work with two people from FRSecure. One of them is a customer representative; he’s in charge of the company’s relationship with me. The other person is a project manager’s who’s highly familiar with security programs. 

How did you come to work with FRSecure?

I found FRSecure’s contact information after I underwent a free Certified Information Systems Security Professional (CISSP) training program. That was how I first engaged with them. During that time, I acquired a favorable opinion of their organization — I became convinced of their expertise and alignment with our group’s mission. Their integrity stood out to me. As a result, I hired them. 

How much have you invested with them?

We’ve spent around $24,000 on their vCISO service; I also pay around $10,000 for their retainer. 

What is the status of this engagement?

We started the engagement in August 2021, and it's ongoing. 

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement? 

FRSecure has successfully provided me with the foundational documents that I need to start our district’s cybersecurity program. Those documents include policy templates, disaster recovery plans, business continuity plans, and business impact analysis templates.  

How did FRSecure perform from a project management standpoint?

Their management skills are outstanding. Our engagement isn’t project-based; they simply provide the expertise that I don’t have. However, they offer great tools in terms of helping me do the foundational work necessary to start our security programs. In terms of communication, we talk on a bimonthly basis over the phone.

What did you find most impressive about them?

The team is more interested in their mission than money — that’s reflected in the fact that they offer free CISSP certification. They’re essentially donating their expertise to the profession, which is incredibly impressive for me. In other words, their integrity and relevance have been outstanding. Overall, the team is truly passionate about security and helping organizations. While they also need to make money, they’re truly more dedicated to making others secure. 

Are there any areas they could improve?

No, there aren’t any. The team has been responsive to my needs; they tailored their work around such needs. 

Do you have any advice for potential customers?

Know what you need. On top of that, somebody from your leadership team should handle the engagement with FRSecure. That person should be able to look into the relationship strategically. 

In my experience, many organizations jump directly to the day-to-day security operations. They buy the latest technologies that the vendor assures them will protect their organization — without analyzing their risks first. However, you can’t have a security program without doing some foundational work first, such as getting sign-offs from the executive team. FRSecure can help with this and lay a good groundwork for cybersecurity governance. 

BACKGROUND

Introduce your business and what you do there.

I’m the general manager of Brin Glass, a multi-location glass company across Minnesota. 

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We needed help in cybersecurity. 

SOLUTION

What was the scope of their involvement?

FRSecure provided us with a cybersecurity assessment. They conducted ethical network attacks, and their team prepared reports that detailed how we can improve our security. They gave suggestions on what we needed to close down and open up. 

What is the team composition?

I’ve worked with 7–8 teammates. Kelly (Client Success Manager) is our project manager. 

How did you come to work with FRSecure?

I had worked with FRSecure in the past. Their reputation was outstanding due to their high-quality work. When my current company needed the services they offered, it was an easy decision for me to lean towards FRSecure. 

What is the status of this engagement?

We worked together from October–December 2021.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement? 

FRSecure touched on over 150 items throughout our network. I had been 100% satisfied with their work, and they had exceeded expectations. 

How did FRSecure perform from a project management standpoint?

FRSecure was perfect when it came to project management. They even waited for me a few different times. Nonetheless, they had been on top of the engagement — they were always on time, and their deliveries were spot on. We communicated through emails, phone calls, and Zoom meetings.

What did you find most impressive about them?

The thoroughness and completeness of FRSecure’s work were impressive. In addition, their team was incredibly professional and had all the necessary certifications. They were efficient and did a very good job. They overperformed and gave us more than we asked for.

Are there any areas they could improve?

I can’t think of anything. 

Do you have any advice for potential customers?

Be open and candid — the more information you provide, the better their work will become. Be honest with them, and they’ll work with you to create a solution. 

BACKGROUND

Introduce your business and what you do there.

I’m the VP of information security of a SaaS company that provides merger and acquisition life cycle support.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with FRSecure?

We needed a company that could help us improve our security posture by providing testing and monitoring services.

SOLUTION

What was the scope of their involvement?

FRSecure handled our organization’s security assessment in 2019, and we worked with them again in 2020 to test the improvements in our security controls.

This year, FRSecure provided three distinct services for us. They started the project by conducting an external penetration test, where they tested the external perimeter of our public-facing assets. After that, they did an internal penetration test wherein they tested our internal security controls.

The third service they provided was a risk assessment, which was essentially a miniature internal audit that was done to test the quality of the security program controls that protects our organization. They assessed our policies, procedures, and overall security controls.

What is the team composition?

We worked with three project managers, each of whom was assigned to the three separate engagements, a lead analyst, and an additional FRSecure employee who was our primary contact.

How did you come to work with FRSecure?

FRSecure was recommended to us by our previous chief security officer.

How much have you invested with them?

We invest $60,000 per year in FRSecure.

What is the status of this engagement?

We started working together in April 2019, and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We have seen an improvement in our security controls, which have moved up a classification from fair to good. That was definitely a positive step for our company.

How did FRSecure perform from a project management standpoint?

FRSecure performed very well in terms of project management — they were incredibly responsive to any requests or questions that we had.

We primarily communicated with them via email or phone.

What did you find most impressive about them?

I’m really impressed with FRSecure’s focus on our needs and the removal of barriers. They are always willing to engage and empower us by providing constructive criticism and functional improvements that we could employ. They don’t just give us reports and tell us to do better next time — they actually provide us actionable feedback to help us improve ourselves and secure our organization.

Another thing that I like about them is that they don’t upsell themselves. Typically, vendors just want to sell you as much as they can, but that has never been the case with FRSecure. When we were looking into recommendations for some services that FRSecure doesn’t offer, they actually helped us connect with another vendor who could provide those services for us. 

They are very transparent about what they can or can’t do, and they’re willing to really work with us to determine our needs and get those solved, no matter what.

Are there any areas they could improve?

We asked them to provide us with a mapping of the international standards that the risk assessment program they performed is built on, but they haven’t delivered that yet. Other than that, there isn’t really anything I think they could improve on.

Do you have any advice for potential customers?

Make sure to be as open and transparent as you can be so they can help you in the best way they can.