Risk & Vulnerability Assessment (RVA)

Obsidian leads cybersecurity programs in advising Information Systems Security Managers to perform Information Systems Security Officer roles, implementing NIST security doctrine. Obsidian uses the Risk Management Framework process for DoD Information Technology and National Security systems.

 

Incident Response (CDM, SOC)

Obsidian uses the NIST Cybersecurity Framework and MITRE Corrective Action Requests (CARs) as a key part of our process for hunting, identifying, assessing, and managing cybersecurity risk and incident response. 

 

Penetration Testing

Obsidian has a proven penetration testing approach which focuses on locating and targeting exploitable defects in the design and implementation of applications, systems, or networks. . We use automated toolsets to reduce risk, and our expertise in manual testing allows us to complement automated results with targeted and precise tests that enhance the results. 

​

Cyber Hunt

​Obsidian provides offensive security operations support for responding to a crises or urgent situations to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems. 

​

High Value Assets (HVA), Security Architecture, and Systems Security Engineering

Obsidian tackles security issues by addressing protection requirements throughout the life cycle of the systems. We use the Systems Security Engineering Framework: the problem context, the solution context, and the trustworthiness context.