Linux Foundation Launches Research, Training, and Tools to Advance Adoption of Software Bill of Materials

My latest podcast topic contains thoughts on open source. This announcement from The Linux Foundation merges open source with the latest concerns about cybersecurity with several product launches regarding the Software Bill of Materials (SBOM). The industry continues to take small steps toward security. When a community gathers to work on a solution, it’s a big help.

Home to the industry’s most supported open standard for exchanging information about what is in software – SPDX – the Linux Foundation brings its complete resources to bear to support private and public sector supply chain security 

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced new industry research, a new training course, and new software tools to accelerate the adoption of Software Bill of Materials (SBOMs). 

President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity referenced the importance of SBOMs in protecting and securing the software supply chain.

The de-facto industry standard, and most widely used approach today, is called Software Package Data Exchange (SPDX). SPDX evolved organically over the last ten years to suit the software industry, covering issues like license compliance, security, and more. The community consists of hundreds of people from hundreds of companies, and the standard itself is the most robust, mature, and adopted SBOM in the market today. 

“As the architects of today’s digital infrastructure, the open-source community is in a position to advance the understanding and adoption of SBOMs across the public and private sectors,” said Mike Dolan, Senior Vice President and General Manager Linux Foundation Projects. “The rise in cybersecurity threats is driving a necessity that the open-source community anticipated many years ago to standardize on how we share what is in our software. The time has never been more pressing to surface new data and offer additional resources that help increase understanding about how to generate and adopt SBOMs.” 

An SBOM is an account of the components contained in a piece of software. It can be used to ensure developers understand what software is being shared throughout the supply chain and in their projects or products and supports the systematic review of each component’s licenses to clarify what obligations apply to the distribution of the supplied software.

SBOM Readiness Survey

Linux Foundation Research is conducting the SBOM Readiness Survey. It will examine obstacles to adoption for SBOMs and future actions required to overcome them related to the security of software supply chains. The recent US Executive Order on Cybersecurity emphasizes SBOMs, and this survey will help identify industry gaps in SBOM application. Survey questions address tooling, security measures, and industries leading in producing and consuming SBOMs, among other topics. For more information about the survey and to participate, please visit {Hilary blog}. 

New Course: Generating a Software Bill of Materials

The Linux Foundation is also announcing a free, online training course, Generating a Software Bill of Materials (LFC192). This course provides foundational knowledge about the options and the tools available for generating SBOMs and how to use them to improve the ability to respond to cybersecurity needs. It is designed for directors, product managers, open-source program office staff, security professionals, and developers in organizations building software. Participants will walk away with the ability to identify the minimum elements for an SBOM, how they can be assembled, and an understanding of some of the open-source tooling available to support the generation and consumption of an SBOM.

New Tools: SBOM Generator

Also announced today is the availability of the SPDX SBOM generator, which uses a command-line interface (CLI) to generate SBOM information, including components, licenses, copyrights, and security references of your software using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. Currently, the CLI supports GoMod (go), Cargo (Rust), Composer (PHP), DotNet (.NET), Maven (Java), NPM (Node.js), Yarn (Node.js), PIP (Python), Pipenv (Python), and Gems (Ruby). It is easily embeddable in automated processes. It is easy to embed in automated processes such as continuous integration (CI) pipelines and is available for Windows, MacOS, and Linux.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration.

Industrial Controls Market Partnership of Process Automation and Cybersecurity

Partnerships remain crucial for success in today’s industrial market. This seems especially true for cybersecurity firms who need ways into integrating security into operational technology. This is the story of one such partnership.

Horizon Controls Group, a global digital process automation solutions and consultancy company, has announced a formal agreement with Verve Industrial, a leader in operational technology and industrial control systems (OT/ICS) cyber security technology and consulting solutions. This partnership allows both companies to expand collaboratively into new areas of highly sophisticated service and technology delivery engagements with manufacturing and research organizations in pharmaceutical, biopharmaceutical, and other life sciences. 

The increased publicity and attention to the unprecedented achievements of the pharmaceutical industry during the global pandemic have significantly increased the potential cyber-related threats to this critical infrastructure. While energy and other utilities such as water treatment have historically been targets of advanced persistent threats (APTs) from highly resourced, nation-state, or terrorist-backed organizations, the value of the pharmaceutical sector is increasingly apparent and, in many cases, lags the security posture that has developed in these other industries. 

Verve Industrial’s OT/ICS cyber security products and support services were selected by Horizon Controls Group as a powerful, targeted, and holistic solution to manage the sprawling ecosystem of myriad automation applications employed at any given pharmaceutical facility. 

“Horizon Controls Group provides consultation, design, execution, and support for the full project life cycle of automation process control systems (PCS), building automation systems (BAS), manufacturing execution systems (MES), and process historians, using industry standards and best practices,” said Youssef El-Bahtimy, Automation Information & Systems Manager at Horizon Controls Group. “Our team integrates data integrity, resiliency, manageability, and security principles into every project, not as an afterthought, bolt-on, or cost adder, but in a proactive quality by design (QbD) manner.”

El-Bahtimy continued: “We believe this is the new standard for a modern systems integrator, and a key differentiator to becoming more than just a service provider – being the trusted adviser that our clients require. We see the Verve Security Center (VSC) and the expertise of Verve Industrial’s team as an invaluable and versatile way to solve the challenges posed by the unique security, situational awareness, and manageability environment of the OT space.” 

“We are quite excited to join forces with Horizon Controls Group,” said Rick Kaun, VP of Solutions at Verve Industrial. “Their ‘trusted adviser’ status within their client base combined with their deep OT systems control abilities are a perfect match for the power and insight provided by our industry-leading VSC platform.”

About Horizon Controls Group
Horizon Controls Group is a full-service digital process automation company offering solutions including engineering design, systems integration, cyber security, and customized training. With corporate headquarters in Blue Bell, Pennsylvania, its European subsidiary is based in Cork, Ireland.

About Verve Industrial
Verve Industrial Protection has ensured reliable and secure industrial control systems for 25 years. Its principal offering, the Verve Security Center, is a unique, vendor-agnostic OT endpoint management platform that provides IT-OT asset inventory, vulnerability management, and the ability to remediate threats and vulnerabilities from its orchestration platform. Verve Industrial’s Design-4-Defense professional services support clients in ensuring their OT environments are designed and operated in a secure manner.

Claroty Unveils Zero-Infrastructure Cybersecurity Solution to Protect Industrial Enterprises

Finally, a cybersecurity news release that doesn’t try to jump on the latest cyber breach bandwagon. Interesting advance for cyber security.

New Claroty Edge and enhanced Continuous Threat Detection give customers faster, easier, more-flexible paths to achieve wide range of industrial cybersecurity objectives

Claroty has announced Claroty Edge, a patent-pending addition to The Claroty Platform that delivers 100% visibility into industrial networks in minutes without requiring network changes, utilizing sensors, or having any physical footprint. Combined with enhancements to its Continuous Threat Detection (CTD) solution – including CTD.Live, a SaaS-based deployment option, and new features for scalable deployments – Claroty now offers a complete portfolio of solutions that meet enterprises wherever they are on their industrial cybersecurity journey.

“Network security in operational technology (OT) and industrial Internet of Things (IIoT) environments means security products that can speak and understand the many proprietary industrial protocols and provide both security operations center staff with increased visibility of the full operations and OT personnel with actionable information,” said Romain Fouchereau, research manager, European Security at IDC. “The ability to perform comprehensive network monitoring without needing to invest in extra sensors or other supporting components can help maintain system resiliency, especially in large, highly distributed organizations.”

As there’s no such thing as a one-size-fits-all industrial network, organizations require cybersecurity solutions that can evolve with their objectives, without burdening their infrastructure or personnel with unnecessary hardware, complex configurations, lengthy deployments, or steep learning curves. The new and enhanced Claroty Platform achieves this by giving customers faster, easier, more-flexible paths to achieve the industrial cybersecurity objectives that are most important to them.

“The recent cyber incidents with Colonial Pipeline and the Oldsmar, Florida water supply have underscored the need for asset owners and operators to mature their cybersecurity programs and make ‘eyes wide open’ decisions about the risks to their critical and vulnerable assets,” said Grant Geyer, chief product officer of Claroty. “Cyber risks to industrial control systems have consequences not only for the organization, but also for public safety and the global supply chain, so every industrial enterprise has an obligation to start their cybersecurity journey. With Claroty’s enhanced platform, organizations can take advantage of the capabilities that are right for their needs today, and can evolve as the threat landscape changes and their cybersecurity programs mature.”

Key Features and Functions

With these new additions and enhancements, The Claroty Platform has evolved to reveal, detect, protect, and connect any deployment structure, at any scale, in rapid time:

  • Claroty Edge is the industry’s first zero-infrastructure industrial cybersecurity solution, functioning as a highly flexible edge-data collector to deliver 100% visibility in minutes, with a simple, easy setup and absolutely no network footprint. It equips customers to discover a complete OT, IoT, and IIoT global asset inventory, as well as identify and manage the vulnerabilities and risks affecting those assets.

Claroty Edge is an optimal entry-point for those who are just beginning their industrial cybersecurity journey, as well as an exemplary scalable solution for those expanding their existing coverage to air-gapped, remote, smaller, or differently prioritized sites.

Beyond this, customers can leverage it to conduct audit requests and report compliance for industrial networks, M&A due diligence on target third-party environments, and faster and more effective incident response.

  • CTD.Live is a SaaS-based deployment option for enterprises embracing the cloud as a core component of their industrial cybersecurity strategy. It is uniquely suited to support robust digital transformation initiatives because it is fast, scalable, and ensures CTD’s visibility and threat detection capabilities are always up to date. CTD.Live also reduces total cost of ownership by eliminating certain hardware requirements and extending inventory, risk and vulnerability, and monitoring coverage to newly added assets automatically as customer networks expand.
  • CTD version 4.3 provides greater flexibility in how critical asset, alert, and risk data can be accessed, managed, and manipulated, both directly within CTD and via integrations with third-party SIEM providers. It includes new options for segmentation via Virtual Zones, enabling customers to further customize and fine-tune their segmentation and alerting policies for stronger, more accurate detection of risky communications and other indicators of malicious activity.
  • Secure Remote Access (SRA): The scalability of all of these capabilities increases by combining CTD.Live with Claroty’s SRA solution, which provides internal and third-party personnel with frictionless, reliable, and highly secure access to industrial networks. Customers can also use Claroty Edge to blueprint and optimize SRA deployments, thereby reducing the time and resources required for full implementation.

“We needed an OT tool that complements Claroty CTD’s real-time monitoring to reveal the unreachable blind spots in Pfizer’s main manufacturing environments. With Claroty Edge, we attained this faster than ever imagined,” said Jim LaBonty, head of global automation engineering at Pfizer. “Its unique offering and approach deliver a complete, detailed inventory of all OT and IoT assets in both integrated and standalone networks, in a matter of minutes and with a few clicks. This would have otherwise taken several weeks. Claroty Edge takes the heavy lifting out of managing the plethora of OT assets in production and empowers us to better secure our production environments.”

Claroty Edge is generally available now, while CTD.Live and CTD 4.3 will be available in July 2021. To learn more about The Claroty Platform, pleaserequest a demo.

RSA Security Conference And Security Thoughts

The first few weeks of May were Security weeks at The Manufacturing Connection. In preparation for the May 17-20 RSA Security Conference, I interviewed Ron Brash, Director of Cyber Security Insights at Verve Industrial. This was supposed to be an introduction to his talk at the security conference, so I didn’t take detailed notes. Unfortunately, 10 days later I discovered that my pass to the conference was “insecure”, and I could only view keynotes. I was blocked out of Brash’s presentation (which I’m sure was very good).

Verve Industrial

We talked about how control engineers and vendors were historically lazy about security. If anyone thought about it at all, they figured that not being connected outside was sufficient protection. (Although I might add as a side note a customer story. I sold a certain prominent brand of PLCs in the mid-90s. My top customer was a major automotive engine plant, who, unfortunately, used a rival PLC. However, I thought I might have an opening when I walked into the control engineering area of the office and saw everyone gathered around a PC. It seems that an update from my rival contained malware. It infected all the PCs. So, even in the early days there were security holes.)

Brash noted that the advent of IIoT to the Cloud punched a hole in the supposed safety gap opening up a potential security intrusion path.

He also talked about the need for a good asset inventory, as well as, a solid management of change program.

Following are some notes from his blog:

Imagine for a moment flawless code.  Picture the most technologically complex system operating without issue.  Conjure a single, silver-bullet solution that will save humankind from itself. Hard to imagine, right?

Thanks to the way devices are designed, engineered, developed, maintained, and sold, embedded systems, like any other enterprise computing product, will be flawed.  While there have been major improvements in code analysis, fundamental software design problems continue to slip through into production. Most programmers remain woefully inept at making good security decisions in the development stage and profit-motivated vendors have little appetite to address that shortcoming.

If you’re now panicking at the scope of embedded systems insecurity, take heart.  Not all devices are easily exploitable or they are exploitable only under certain conditions largely affected by how you deploy and configure them.

One key to addressing the challenge is to get ahead of the embedded security problem before it gets a foothold in the organization. Owners must insist on robust security during procurement, design of solutions, and throughout cybersecurity factory acceptance and site testing. This way, OEMs and vendors will learn they cannot continue unchallenged.  Trust, but always verify.

As a community, we should not let poorly secured products gain traction in the market. We must demand security as a necessary feature.  Software engineers and developers take note – even if you are a cog in the machine, we are all affected; especially when embedded devices become integral to the systems responsible for our lights, our water, our health, our daily lives.

RSA Security Conference

Twice this month I have heard the famous World War II airplane analysis cited as an example. It seems that the Allies were losing a large number of bombers flying over Germany. So, the generals commissioned a study. The analysts studied the planes returning from their bombing runs plotting where all the bullet holes were. The thought was to add additional armor to those areas to protect the plane.

Then someone with a broader vision noted an obvious fact—all of these planes made it back. All the bullets had struck nonessential areas of the plane. What needed additional protection were the other areas.

The first keynote pointed out these important thoughts:

  • Use a risk-based approach—Protect the areas with the greatest risk
  • Zero trust
  • Segment networks
  • Prepare for chaos

This was followed by three points:

  • Security risk feature out of focus—prioritize
  • Legacy systems slowing us down, need for thought diversity
  • Security is not a solo sport

Or, as Angela Weinman of VMWare summarized:

  • Zoom Out
  • Throw Out
  • Reach Out

Plethora of News from Rockwell Automation

I received few news releases from Rockwell Automation for several years. Suddenly I gained a new friend, Jack, who sends something almost every week. It’s good to know that one of the largest control and automation suppliers in North America is still churning out updated products.

I’ve been saving these up for a bit. Included in this post:

  • CIP Security Proxy Device
  • Plant floor asset management
  • Stack light
  • Medium voltage drives
  • Connected Components Software Workbench
  • Managed Ethernet switch
  • Network security threat detection

CIP Security Proxy Device 

Industrial companies can now implement CIP Security expansively in their systems with the Allen-Bradley CIP Security Proxy. The CIP Security Proxy allows users to implement CIP Security on most devices on their network. 

The CIP Security Proxy works with EtherNet/IP-compliant devices. CIP Security is part of the defense in depth strategy, which can help defend against attacks where threat actors can remotely access a network and act maliciously. With the ability to provide CIP Security for a single device, a layer of security is added that can help protect the system.

Configuration for the proxy device can be achieved through FactoryTalk Policy Manager software and FactoryTalk system services. In addition, this device supports motion for Kinetix drives and offers a web server for viewing diagnostics. It allows for secure event generation syslog support and includes rotary switches for IP addressing. The proxy device also contains three one-gigabit EtherNet/IP ports and can operate in temperatures from -25° to +70° Celsius adding to the ease of use.

Plant-Floor Asset Management with Enhanced Software

Industrial workers can now more easily manage their hundreds or thousands of automation assets using the enhanced FactoryTalk AssetCentre software from Rockwell Automation. The latest release provides firmware and software lifecycle information for all assets in one place. This saves time because workers no longer need to connect to control cabinets and manually record information for each device. 

With the software’s enhanced asset inventory functionality, workers can quickly scan a network and see which devices are in a specific lifecycle state. Examples include devices running retired firmware or forecasted to be discontinued in the next six months. This helps identify products in the same lifecycle state and workers can better plan for replacements and upgrades. 

The FactoryTalk AssetCentre software also has a new security feature called archive management of change, which automates the process of authorizing who can change files and what they can change. It requires workers to explain why files need to be changed and verifies that only necessary files are being checked out. It also locks a file until changes are approved and escalates approval requests when needed. 

This helps enhance system security, which is particularly useful for some industries such as oil and gas, that require added levels of control over when changes are permitted. For example, one major food company reduced its downtime events from unknown or unauthorized changes by 7% using FactoryTalk AssetCentre software. It can also reduce downtime due to change management.

These updates add to the software’s existing ability to report discontinuation dates and the availability of replacement products. The enhanced software now also provides disaster-recovery support for more Rockwell Automation devices as well as third-party devices.

Stack Light

The new Allen-Bradley 856T Control Tower Stack Light system uses a modular design that incorporates brighter LED illumination and a broad offering of sound technologies. All signals in the system are 24V AC/DC powered, which means that just three power modules can cover the entire system. The latest additions to the 856T Control Tower Stack Light family are IO-Link enabled versions that provide diagnostic information and ease integration into a Connected Enterprise. 

IO-Link enabled versions of Bulletin 856T Control Tower Stack Lights enable users to monitor tower light and machine status in real-time, while allowing for simple remote set-up and troubleshooting.

Medium Voltage Drives

Allen-Bradley PowerFlex 6000T medium voltage drives now include TotalFORCE technology from Rockwell Automation, which provides precise control of speed and torque, diagnostic information for tracking system health and automatic adjustments to keep operations running smoothly.

The PowerFlex 6000T drives follow speed or torque commands closely in both open- and closed-loop vector control modes to deliver the precise control required for high performance and large loads.

The drives also continuously monitor operations to track the health of electrical components in the drive and motor and provide real-time diagnostic information to the control system.

Additionally, adaptive control features within the PowerFlex 6000T drives help isolate potentially harmful vibration and resonances, and automatically compensate for variances to help keep applications running. With load-observer technology, they also effectively reject disturbances when loads change suddenly, helping to keep operations running smoothly and increasing output.

Connected Components Software Workbench

Industrial engineers can more efficiently design and configure stand-alone machines using the latest release of Connected Components Workbench software from Rockwell Automation. With several new and enhanced features, the software improves download and build performance to create more efficient, user-friendly design processes.

Highlights of what’s new in version 13 of Connected Components Workbench software include:

  • A new Global and Local variable data grid that delivers capabilities to help engineers develop projects faster. For example, a quick declaration feature allows users to create multiple variables with the same prefix, suffix and data type in one click. An intuitive filter bar allows users to find tags quickly.
  • An enhanced Run Mode Change (RMC) capability that enables users to make edits without downloading project source code. This can speed up online edits and create smoother, more seamless design experiences.
  • A new Controller Organizer view that gives engineers the option to switch to a Logix Theme programming experience. This allows them to work in a more familiar environment and use copy-and-paste ladder logic from the Studio 5000 Logix Designer application.
  • An enhanced Global Connection capability on existing system tags in the PanelView 800 DesignStation that gives users greater flexibility to configure remote system connections.

The Connected Components Workbench software helps simplify the development of stand-alone machines that are built with the Rockwell Automation Micro Control system. Engineers can configure, program and visualize the major control components of their stand-alone machines in a single software environment. They can also use tools like the Micro800 Simulator to validate their application code without the need for hardware.

Managed Ethernet Switch

Allen-Bradley Stratix 5800 managed industrial Ethernet switch  supports layer 2 access switching and layer 3 routing for use in multiple layers of the architecture. Robust security capabilities and ISA/IEC 62443-4-2 certification help enhance network security.

The Stratix 5800 switch has fixed and modular designs, giving users flexibility to configure it based on application needs. It offers combinations of copper, fiber and Power over Ethernet (PoE) ports to support a wide range of architectures.

The switch helps ease integration by addressing the needs of both operations (OT) and IT teams. Studio 5000 Add-on Profiles enable premier integration into the Rockwell Automation Integrated Architecture. And the Cisco IOS-XE operating system helps ease integration to the enterprise.

“Reducing the complexity of IT/OT convergence is a priority today as companies need to connect their operations while managing challenges like skills shortages and security threats,” said Mark Devonshire, product manager, Rockwell Automation. “The Stratix 5800 managed switch helps simplify the jobs of IT and OT teams, and helps improve security and high performance for industrial environments.”

Certification to ISA/IEC 62443-4-2 verifies that the switch meets the standard’s technical requirements to security level 2 for industrial automation and control systems. This continues the efforts of Rockwell Automation to help secure industrial operations through certifications, expertise, products and services.

Rockwell Automation Expands Threat Detection Services with Cisco Cyber Vision

The longstanding alliance between Rockwell Automation and Cisco continues to find new ways to provide customer value with the announcement that Rockwell Automation is adding Cisco’s Cyber Vision solution to its existing LifecycleIQ Services portfolio of cybersecurity threat detection offerings.

While convergence is essential to a digital transformation, it also presents challenges such as siloed networks, cybersecurity threats, skills shortages, and an abundance of production data and solutions. The leaders in their respective industries have worked together to offer jointly developed architectures, services and products to help companies address these challenges as they work toward building a Connected Enterprise.

As this deeper integration between IT, cloud and industrial networks creates security issues that become digitization obstacles, Cyber Vision provides full visibility into industrial control systems to build secure infrastructures and enforce security policies – achieving the continuity, resilience, and safety of industrial operations. The addition of Cyber Vision to the LifecycleIQ Services threat detection offerings provides a unique switch-based architecture for customers with existing Cisco solutions, greenfield networks or those updating their Cisco network infrastructure.

Red Balloon Security Introduces Embedded Security Solutions

This news release is about three weeks old. The topic is embedded security. This week’s news on a security hack is an entirely different animal. However, protecting our industrial control embedded systems from intrusion and hacking remains a priority. I do realize convincing top financial management to invest in this area is tough because you cannot prove a negative. Convince them, we must.

Red Balloon Security announced an expanded and customizable set of offerings for critical infrastructure and a range of industries –– including energy, industrial control systems (ICS), building management systems (BMS), automotive, and telecommunications.

Embedded devices and firmware have proven to be an attractive target for threat actors given the disruption and damage that can be caused and the multiple ways vulnerabilities can be exploited. In 2019, the National Vulnerability Database reported that firmware vulnerabilities increased more than 30% year-over-year – and are now becoming staples in the arsenals of nation-state APTs. By injecting malicious code into the firmware of electrical grid devices, industrial control devices or automotive ECUs, either though the supply chain or directly into deployed devices, bad actors can compromise critical systems, enabling espionage and sabotaging campaigns.

Red Balloon Security is launching a portfolio of solutions combining its world-class expertise with its advanced suite of technologies for embedded devices. The core components of its Embedded Defense suite will be available as individual offerings, including Firmware Hardening, Embedded Security Consulting, Runtime Protection, and Runtime Monitoring. This provides organizations with the option to choose the security capabilities that best fit the needs of their enterprise, delivering tailored guidance and customized protections for customers.

“Red Balloon Security has the deepest stack of technologies to secure embedded devices along with the world’s best embedded defense engineers,” said Dr. Ang Cui, founder and CEO of Red Balloon Security. “Our expanded solutions have been accessible to the U.S. government to advance the state of embedded security for the devices that matter most. As more organizations prioritize securing embedded devices, Red Balloon Security is now ensuring that this capability is easily accessible to commercial vendors to give them access to one of the only proven solutions available on the market today that can protect against exploits at the firmware level.”

Red Balloon Security’s offerings include:

  • Firmware Hardening with Autotomic Binary Reduction (ABR) and Binary Structure Randomization (BSR): Removes unused features from embedded device firmware and randomizes code layout and data at a binary level to minimize attack surface.
  • Runtime Protection with Symbiotes: Continuously monitors for modifications to critical conditions of the device to prevent attacks that weaponize both known vulnerabilities and zero-days.
  • Runtime Monitoring with Advanced Embedded Security Ops (AESOP): Utilizes a continuous flow of telemetry data to provide detailed visibility and analysis of attempted attacks.
  • Security Consulting with Embedded Security Experts: Complements existing security personnel with consulting capabilities that include experienced and bespoke security support, as well as assistance developing new security protections customized to organizational needs.