Downloadable Cyber Resources

Readiness Checklist
Incident Playbook
Hardening Checklist

Try our iOS app

text

Frequently asked questions

What is Cybersmithing?

Cybersmithing is our unique approach to cybersecurity, an artful combination of proven methodologies, cutting-edge technology, and tailored strategy. We “forge” custom defenses around your organization’s most valuable digital asset: your data.

What is the difference between a vulnerability assessment and a penetration test?

A vulnerability assessment identifies and rates potential weaknesses.

A penetration test attempts to actively exploit those weaknesses.

What types of companies do you work with?

We support organizations of all sizes, from startups to enterprise environments and across various industries such as technology, finance, healthcare, retail, manufacturing, and more. If your business handles sensitive or regulated data, we can help secure it.

Do you offer continuous monitoring?

Yes.

We provide 24/7 Endpoint Detection & Response (EDR), Identity Threat Detection & Response (ITDR), and Security Information & Event Monitoring (SIEM) with alerting, triage, and reporting.

Do you only provide assessments, or do you help implement fixes too?

We do both.

In addition to detailed assessments, we also help remediate and implement most of the recommendations, ensuring your organization sees real improvements—not just reports.

What is a vCISO and do I need one?

A Virtual Chief Information Security Officer (vCISO) provides high-level security leadership without the cost of a full-time executive. This service is ideal for organizations that need strategic guidance, compliance alignment, policy development, or board-level reporting.

Can you help with compliance requirements?

Absolutely.

We support compliance readiness for frameworks such as:

  • NIST CSF / 800-53

  • ISO 27001

  • SOC 2

  • HIPAA

  • CIS Benchmarks

  • PCI-DSS

We help you understand gaps, implement controls, and maintain ongoing compliance.

Do you support cloud security services?

Yes.

We secure AWS, Azure, Google Cloud, and hybrid environments through:

  • Configuration reviews

  • Identity and access hardening

  • Monitoring and alerting

  • Logging and visibility improvements

  • Compliance alignment

  • Best-practice cloud architecture

Tech Terms

Cybersecurity

Simple Definition:
Protecting your computers, data, and systems from hackers, accidents, and misuse.

Think of it like:
A security system for your digital world, locks, alarms, cameras, and guards.

Malware

Simple Definition:
Bad software designed to cause harm, steal information, lock files, or damage devices.

Examples: viruses, spyware, ransomware.

Ransomware

Simple Definition:
A type of attack where hackers lock your files and demand money to unlock them.

Think of it like:
A criminal putting a padlock on your office door and asking for cash to give back the key.

Vulnerability

Simple Definition:
A weakness in your systems that hackers can take advantage of.

Think of it like:
A broken window that makes it easier for someone to get inside.

Patch / Update

Simple Definition:
A fix released by software companies to repair problems and block security holes.

Why it matters:
Unpatched systems are one of the easiest ways hackers break in.

Firewall

Simple Definition:
A digital barrier that decides what is allowed into or out of your network.

Think of it like:
A security guard checking IDs at the door.

Encryption

Simple Definition:
A method of scrambling data so only authorized people can read it.

Think of it like:
Locking documents in a safe and only giving keys to the right people.

Zero Trust

Simple Definition:
A security approach that trusts no one by default, inside or outside the company.

Think of it like:
Instead of assuming employees are “safe,” everyone must verify who they are every time.

Endpoint Detection & Response (EDR)

Simple Definition:
Security software that monitors your devices 24/7 to detect and stop threats in real time.

Think of it like:
A security guard assigned to every laptop and computer.

MFA (Multi-Factor Authentication)

Simple Definition:
A second step when logging in (code, text message, app confirmation) to verify it's really you.

Think of it like:
Using a key and a badge to get into a building.

Endpoint

Simple Definition:
Any device that connects to your network, laptop, phone, server, tablet.

Identity Threat Detection & Response (ITDR)

Simple Definition:
Systems that monitor for suspicious login activity or stolen accounts.

Think of it like:
Tracking if someone is using your name or badge to sneak in.

SIEM (Security Information and Event Management)

Simple Definition:
A tool that collects logs and alerts from across your technology to spot unusual activity.

Think of it like:
A central security office that watches all your cameras at once.

Phishing

Simple Definition:
Fake emails or messages pretending to be trustworthy to trick you into giving information or clicking harmful links.

Think of it like:
A scammer pretending to be your bank or IT department.

Cloud Security

Simple Definition:
Protecting data and systems stored in cloud platforms like AWS, Azure, or Google Cloud.

Think of it like:
Renting space in a building but still needing to lock your office door.

Backup

Simple Definition:
A copy of your important files stored somewhere safe.

Why it matters:
If your system gets hacked or breaks, you can restore everything.

Compliance

Simple Definition:
Following required rules or standards to keep data safe (like HIPAA, PCI, or ISO).

Think of it like:
Meeting safety and quality standards in your industry.

Endpoint Hardening

Simple Definition:
Strengthening a computer or device to make it harder for attackers to break in.

Think of it like:
Adding better locks, reinforced doors, and alarms to a house.

Access Control

Simple Definition:
Making sure only the right people can access certain systems or data.

Think of it like:
Different employees having different keys based on their role.

vCISO (Virtual Chief Information Security Officer)

Simple Definition:
A part-time cybersecurity executive who guides your security strategy.

Think of it like:
Hiring a highly experienced security leader without the full-time cost.

Incident Response

Simple Definition:
The steps taken after a cyberattack to contain, fix, and prevent future incidents.

Think of it like:
What your team does immediately after a break-in.

Social Engineering

Simple Definition:
Tricking people into giving up information or doing something unsafe.

Think of it like:
A con artist using persuasion instead of force.

DDoS Attack

Simple Definition:
Hackers flood a website or system with traffic to make it crash.

Think of it like:
A crowd blocking the entrance so customers can’t get in.

Threat Actor

Simple Definition:
A person or group attempting to breach your systems.

Examples:
Hackers, cybercriminals, insiders, nation-state groups.

Security Posture

Simple Definition:
The overall strength of your organization’s cybersecurity.

Think of it like:
Your business’s “security fitness level.”

Common tech terminology translations to help you be successful with your cybersecurity.

Contact
Connect

© 2020. All rights reserved.

Book time with us
Email us

Terms and Conditions

Privacy Policy

Cookie Policy