About SystemExperts – Leadership in Security & Compliance

SystemExperts™ is different from other IT security consulting firms. One difference is that we don’t hire “consultants.” We hire experts who have established long-term, successful track records actually doing IT work, not just talking about it. For some, that meant designing and developing sophisticated middleware technologies or applications. For others, it meant planning, implementing, and managing large production data centers.

Contact us to get started solving your security and compliance problems today.

We focus on what is important.

In the world of security, not all problems are equal. Based on our understanding of our clients’ businesses, we distill problems to their root causes. We help them to prioritize and to focus on solving the problems that could jeopardize the business itself. We help our clients to see the big picture.

We respect our customers.

In large companies and in small, we invariably find several members of the technical staff who genuinely know what they are doing. Our methodologies enables us to build on the client’s strengths. Once we have a sense of the client’s level of technical skill, we tailor our recommendations, so that the client will be successful in improving its security or compliance.

We have no junior staff.

We shift the burden away from the client and onto ourselves. We make sure we can handle this burden by hiring only experts. That allows us to produce outstanding results with little preparation. We believe that IT security is more than just technology and that security cannot be separated from the business. That’s why we have assembled a team of consultants who are well-rounded business people, experienced project leaders, and outstanding technologists.

We play for the long term.

Our business is characterized by long-term relationships with our clients. We are a privately held company and have no outside investors imposing external revenue or profitability goals. This gives us the freedom to do what is best for our clients. They appreciate the difference of working with genuine experts who are committed to earning a long-term partnership with them by over-delivering and providing unmatched personal attention.

We are independent.

Unlike most IT security consultants, we are not afraid to tell our clients what they need to know but don’t necessarily want to hear. We have no vested interest in any software company, hardware company, professional services company, or any particular solution. We recommend what’s appropriate for you.

Our contracts and Statements of Work are short, simple, and straightforward.

We make it easy for clients to hire us by using a three page contract. Like our technical reports, it contains all the essential elements but without the legal hand waving. Then, we write Statements of Work that make it crystal clear exactly what measurable work product clients will get for the professional fees they pay.

Business requirements drive security – not the other way around.

Too many network security consulting firms come in with a standard set of predetermined recommendations and they fail to take into account what actually drives any particular client’s business. Our methodology starts by focusing on our client’s business. Only when you understand how the systems, applications, and networks are used, the value and sensitivity of the information on them, and the client’s budget and time constraints, can you even begin to make meaningful technical recommendations.

Clients need easily consumed advice; long reports are yet another burden on people who are too busy already.

Our reports are typically eight to fifteen pages. They provide straight answers to the important questions and concrete prioritized recommendations. We challenge ourselves to produce findings and recommendations that are concise, easy to understand, and straightforward to implement – and our clients appreciate it.

Our methodologies avoid the classic “audit” problems.

The very name “Security Audit” sets the wrong tone for most security projects. Audits generally focus on finding and cataloging symptoms, not causes, and are first and foremost about assessing blame. Also, inherent in that name is an adversarial relationship that undermines rather than supports problem resolution. All of our methodologies are structured to ensure that we work as a partner with our clients to make things better.

Clients are always too busy to prepare, and technical documents are always obsolete.

Our methodologies are designed to minimize the burden they put on our clients. Invariably, whenever clients hand us detailed system or network diagrams, that is a prelude to hours spent discussing how one part or another has subsequently changed or was never implemented the way the diagram indicated. We find that if we have the right people in a room, they can draw whatever diagrams we need on a whiteboard to a sufficient level to explore the security or compliance issues.

Every dollar a client spends should produce results, not consulting process.

Our methodology produces insightful results quickly and economically. Consulting dollars are efficiently transformed into consulting findings and recommendations.