Capitol Security
and Risk Group
Making it Safer to do Business
Adversary
Simulation
LEARN MORE Simulation of an APT Targeting You
Adversary
Emulation
APT Emulation for Detection and Response Improvement LEARN MORE
Incident
Response
Assessment of your IR Capabilities, Procedures, and Organizational Readiness LEARN MORE
Meet Our Team
Our Team Has 80+ Years of Combined InfoSec Experience
Adversary Simulation
Can an Active Advanced Persistent Threat Breach Your Defensive Perimeter?
Adversary Emulation
Advanced Persistent Threat Emulation for Detection and Response Improvement
Incident Response
Assessment of your IR capabilities,
procedures, and organization readiness to
respond to a crisis.
THE CSRG TEAM
Argandona1
Daniel Argandoña
Founder

Daniel has over 25 years of management consulting and senior leadership experience with companies such as Booz Allen Hamilton, Deloitte Consulting, PwC, Fannie Mae, Gannett, HMSHost, and federal agencies (DHS, USCIS, ICE, TSA, FBI, U.S. Army, and others).

Key Experience:

  • Served as Managing Director, Commercial Practice for boutique cyber security firm in Washington, D.C. Grew practice size and revenue by more than 200% in one year.
  • Stood up Digital Innovation division team of resources in NYC, Toronto, and Krakow.
  • Director in Strategic Planning Office leading key digital media initiatives for Chief Marketing Officer, Chief Product Officer, and Branded Content executives.
  • Director of Strategic Initiatives, Program Operations responsible for program with budget of $140M across 600+ resources
  • Led practice team across Europe and South American with 110 practitioners spanning seven countries.
RHETT 1 (1)
Rhett Asher
Executive Advisor

Rhett has over twenty-five years of leadership in retail, operations, sales, business development and trade associations.

Key Experience:

  • Held Vice President positions at National Retail Foundation (NRF), Retail Industry Leaders Association (RILA), Food Marketing Institute (FMI).
  • Co-founded the Loss Prevention Foundation to create a robust industry certification for asset protection professionals.
  • Served on Commercial Facilities Sector Coordinating Council and the Food and Agriculture Sector Coordinating Council for the Department of Homeland Security.
  • Chairman, Board of Directors International Supply Chain Protection Organization (ISCPO).
walker
Steve Walker
Technical Lead

Steve leads the active cyber defense and counter-threat  program for the largest payment processor in the world.  Recognized cybersecurity and “hacking” expert. He has advised in investigative news segments, provided cyber weapon analysis for warfare planning options, and brings his unique combination of offensive and defensive expertise to bear in targeted adversary emulations, assessments and program development.

Key Experience:

  • 20 years of Cybersecurity experience across government, private sector, and managed services in both offensive and defensive roles.
  • Holds numerous certifications including the CISSP, OSCE, OSCP, GDAT, CEH, CEPT, and CCNA.
wanner
Brian Wanner
Technical Lead

Brian is a cybersecurity expert with over a decade of proven experience successfully defending highly targeted U.S. government departments and agencies.

Key Experience:

  • Security Operations Center (SOC) Lead at the Defense Advanced Research Projects Agency (DARPA), leading a team providing 24×7 security analysis and engineering services.
  • Executive Office of the President (EOP) as a Security Operations Branch Chief and Information Security Specialist.
  • IT security and engineering in support of the Executive Office of the President, White House Office, and OMB.
Linkedin_photo2
Zac Davis
Technical Lead

Zac is a penetration tester, red teamer, and security architect. Zac has over seven years of experience performing offensive information security assessments. His balanced skill set encompasses red team operations, threat simulation, network penetration testing, social engineering, physical security penetration testing, and information technology audit and consulting, and PCI compliance.  Zac has taught classes and presented on topics related to information security at industry events across the country including various BSides events, Secure360, and Defcon.

LoanDepot Headshots
Dan Lader
Executive Advisor

Dan is a Technology Executive with over 25 years of experience; he spent the first 10 years of his career in Technology Consulting at AMS (now CGI, Inc.) and KPMG, and the last 15+ years in roles of increasing responsibility within financial services firms – The Carlyle Group, Fannie Mae, loanDepot and Impac Mortgage, where he was CIO for two years.

Key Experience:

  • As CIO, Dan ran all aspects of Technology organization at a publicly traded mortgage originator and servicer.
  • Led team of 140 resources (110 FTEs and 30 consultants, on/off shore), representing more than 1/3 of Technology organization for the 2 nd largest nonbank provider of direct-to-consumer loans ($40-plus billion / year) in the US.
  • Managed team of 280-plus resources running an application portfolio of 250-plus systems supporting Finance, Enterprise Risk, Credit and Corporate functions, with annual budget of $77 million for a Fortune 50 company.
  • Directed program management and execution function for one year ($175 million/year strategic initiative) to re-engineer servicing, bond administration, issuance and disclosure systems and processes to integrate with Common Securitization Solutions (CSS).
Pilot
Aki Peritz
Technical Lead

Aki has 15 years of experience in government, academia, and in private strategic advisory.

Key Experience:

  • As Director of Open Source Intelligence (OSINT) at a cybersecurity firm, Aki led the team that investigated and tracked down cybercriminals, violent stalkers, extortionists, online conspiracists, and foreign state officers.
  • Former counterterrorism analyst and co-author of the book, Find Fix Finish: Inside the Counterterrorism Campaigns that Killed Bin Laden and Devastated Al Qaeda.
  • Published on intelligence and open-source subjects in many publications, including The New York Times, The Washington Post, The Atlantic, NPR, and Politico.
  • He frequently appears on Fox, CNN, MSNBC, and BBC as a commentator.
  • He starred as an intelligence analyst on the 2017 CBS show Hunted.
  • Teaches the intelligence and analysis graduate class at American University in Washington, D.C.
Drew-ProfilePic
Andrew Bonstrom
Technical Lead

Drew is a Cybersecurity professional with 8 years of experience managing and executing Offensive Security engagements across small, medium, and large organizations.

Key Experience:

  • Offensive Security engagements have spanned several industries, such as Finance and Critical Infrastructure, and involved:
    • Red teaming (e.g., Multi-month attack simulations)
    • Purple teaming (i.e., Joint exercises between Red & Blue)
    • Penetration Testing (e.g., Network, Application, Wireless, Social Engineering)
    • Vulnerability Assessments
    • Offensive Security program management, custom training, and tool development (e.g., Powershell, Python, Ruby, C#)
  • Drew has also received the below industry relevant certifications:
    • Offensive Security Certified Expert (OSCE)
    • Offensive Security Certified Professional (OSCP)
    • Offensive Security Wireless Professional (OSWP)
    • SANS GIAC Reverse Engineering Malware (GREM)

denato
Matt Donato
Executive Advisor

Matt Donato is a Managing Director of CyberSN – a global leader in Cyber Security Staffing and Talent Solutions – and previous Co-Founder & CEO of HuntSource- a Cyber Security, Data Privacy, IT Governance, Risk, & Compliance Executive Search and Staffing firm.

Matt possesses over 15 years of experience in IT and Cyber Security Executive Recruiting, Talent Management, Strategic Consulting, and Staffing experience; specifically focusing in value creation, integrating sales and recruitment strategies into the overall business strategy of an organization can help protect companies and provide the solid foundation they need to grow and transform. Matt received his BS in Economics from Roanoke College and his Executive MBA from Wake Forest School of Business.

Our Services
Adversary Simulation
S

We operate as a true attacker whose goal would be to disrupt your business operations.  When we begin our assessment, your business is a ‘black box’. We are focused on ensuring our evaluation of your detection and response capabilities are as realistic as they can be. At the outset, we develop rules of engagement with you to identify high value targets that could be most problematic if compromised.

Stealth Approach

Assessments with realistic time constraints (e.g., 1-6 months); Simulate attackers who are using current tactics, techniques, and procedures (TTPs) to actively avoid detection and response controls while pursing high value business targets.

00

Path of Least Resistance

Simulate adversary focused on achieving objectives; not a race to “Domain Admin”. We simulate hackers not just looking for access, but APTs looking for monetary or other business-related advantages to their attacks.

Social Engineering (OSINT)

We deploy complex, layered social engineering campaigns, often bridging across communication mediums (email, phone, etc.) as well as physical boundaries. Focus is placed on abusing weaknesses in business processes with information from public sources.

Adversary Emulation
E

We emulate selected Tactics, Techniques, and Procedures (TTPs) a sophisticated and patient APT (Advanced Persistent Threat) would use to attack your security infrastructure. We work with your security team to identify TTPs you’d like to focus on. You have the flexibility to focus your assessment on specific areas of your security infrastructure or see how vulnerable your business is to commonly accepted TTPs (e.g. MITRE framework, etc.).

‘Live fire’ collaboration

We conduct the assessment using a Defender and Attacker posture to provide your team with hand-on, real time training and experience. This provides defenders a unique experience and understanding of the attackers tools and techniques.

~~

Highly Controlled Execution

Our emulation is executed on a specific system(s) in a controlled manner. This provides insight into the effectiveness of your control environment.

11

Dynamic Testing Approach

We execute with real-time profile adjustments throughout the exercise allowing your team to modify defender tactics in real-time. The end results should be a robust control environment and better processes for continuing improvement in detection and response.

Incident Response PLanning
I

We assess your current IR procedures and organizational posture, and recommend how you can better respond to an incident. We leverage the IR assessment and guide your organization through table-top exercises. We simulate an incident in real time, and guide your IR team how to better detect, mitigate, and respond against an attack.

ll

Assess

We provide recommendations to improve your overall response posture, from procedures, policies, chain-of-command execution, and priority decision making.

Table-top exercises

We execute your Incident Response plan with your team; guide them through the procedures; develop clarity in who does what, when, and why.

Live Fire

We walk through executing your IR plan in a controlled sandbox or in a ‘live fire’ setting to test your team and IR plan.

info@csr.group