We build amazing security programs.


The Atredis risk and advisory team blends management consulting with deep industry experience. Our key strength is our team of seasoned, highly-technical security practitioners with decades of experience in building security programs. Whether you're rebooting a security program from the ground up, or tuning an existing program for a modern threat landscape, we help executives achieve challenging risk management goals and build successful, mature security organizations.

Our practice focuses on two areas, program assessments and program development. The distinguishing factor is that while assessments end with a deliverable document our development work ends when you've achieved your end security goals. If you want to understand whether your current security programs are working effectively, we can provide actionable, pragmatic guidance to bring your security program to the next level. When you need the expertise to implement that actionable guidance, we invest in learning your organization in order to build relevant, real-world security mapped to your organizational needs.

Key Services - Risk and Advisory

  • Security Program Assessments: 
    • Gap analysis using industry frameworks - NIST SP 800-based, ISO 27000 series
    • Risk analysis using quantitative and/or qualitative models - FAIR, ISO 27K5, NIST SP 800-30
    • Compliance and regulatory regimes - PCI DSS, HIPAA, NIST-based (FedRAMP, RMF, CSF) 
    • Threat modeling for systems, applications, or products
    • Enterprise security architecture review
    • Assessments tailored to any of the program areas below
  • Security Program Development Areas
    • Information security risk management
    • Medical device security program tailored either for providers or manufacturers
    • Program controls definition and mapping/Statement of Applicability development
    • Threat and vulnerability management
    • Incident response program
    • Security operations program 
    • Security awareness program