We build amazing security programs.


The Atredis Risk Management team blends management consulting with deep industry experience. Our key strength is our team of seasoned, highly-technical security practitioners with decades of experience in building security programs. Whether you're rebooting a security program from the ground up, or tuning an existing program for a modern threat landscape, we help executives achieve challenging risk management goals and build successful, mature security organizations.

Our practice focuses on two areas, program assessments and program development. The distinguishing factor is that while assessments end with a deliverable document our development work ends when you've achieved your end security goals. If you want to understand whether your current security programs are working effectively, we can provide actionable, pragmatic guidance to bring your security program to the next level. When you need the expertise to implement that actionable guidance, we invest in learning your organization in order to build relevant, real-world security mapped to your organizational needs.

Key Services - Risk Management

  • Security Program Assessments

    • Framework based program reviews (NIST 800 series, ISO 27000 series)

    • Quantitative or qualitative analyses (FAIR, ISO 27005, NIST SP-800-30)

    • Compliance and regulatory analyses (HIPAA, FedRAMP, RMF, CSF, etc)

    • Threat modeling for systems, applications, or products

    • Enterprise security architecture and design reviews

  • Security Program Development Areas

    • Risk-based Information Security program development

    • Medical device security program review and development

    • Program controls definition and controls mapping

    • Awareness, process, regulatory training and workshops