About Praetorian

Praetorian® enables clients to identify and manage information security risk. Our services include security assessments, penetration testing, code reviews, secure software development lifecycle reviews, regulatory compliance solutions, and incident response. We deliver actionable, accurate assessments that produce tangible security improvements. Further, Praetorian partners with clients throughout the entire security lifecycle to ensure mitigation and remediation.

Praetorian is a collective of highly technical engineers and developers with decades of industry experience. Our singular focus on information security consulting delivers unbiased expertise. The value we provide stems directly from our engineering culture – a continuous pursuit of efficiency and improvement in all operations. From proprietary methodologies and toolsets to project management and back office operations, we deliver quality results while decreasing your costs.

Trusted by hundreds of today's leading organizations, including:

Qualcomm HBO DOW Jones Silicon Labs Wall Street Journal Allianz WWE Academy Awards Cloudera Dell GameStop Johnson & Johnson

A collective of security expertise

Praetorian is a collective of highly technical engineers and developers with decades of security industry experience. Our people are the top 5% – software developers, computer scientists, and electrical engineers recognized as researchers, open source developers, speakers, and authors. Our enthusiasm for security is tangible and is a major reason our team stays together – another benefit to our clients who value having consistency in service delivery year after year.

Powered by an engineering culture

The value we provide stems directly from our engineering culture – a relentless pursuit of efficiency and continuous improvement in all operations. Much of that value is on display during engagements through our proprietary methodologies, industry leading toolsets, and comprehensive deliverables. Further, our operational efficiencies allow us to pass on cost-savings to you, our client.

Delivering unbiased expertise

Our singular focus on information security consulting delivers unbiased expertise. We do not sell or develop products – when you hire Praetorian for a security engagement you will receive a truly independent third party opinion. Further, as a profitable since inception, privately held corporation with no outside investors, Praetorian answers only to our clients.

Tactical Assessments Overview

Obtain an accurate understanding of your security and risk posture, while ensuring compliance with industry regulators and information security best practices. Praetorian engineers come from strong software development and network security backgrounds. This experience brings the proper insight and perspective to bear on your unique environment.

Through, thorough methodologies, our engineers assess your security exposure and provide mitigation strategies, and assist in remediation efforts. We deliver comprehensive reporting, relevant to your organization and stakeholders.

Praetorian takes a highly-customizable approach to security testing. We combine our in-depth knowledge with the use of industry standards, applicable regulatory requirements, and your specific business goals. Engagements are scoped to include one or more service lines depending on the needs of the client.

Strategic Consulting Overview

Every organizational leader should be concerned about the integrity, confidentiality, and availability of their key information assets and resources. However, many organizations lack the internal expertise required to properly develop and implement unique security policies, standards, and guidelines that are tailored to specific organizational needs. As operational environments change, these organizations will also benefit from a strong partner to assist them through an ongoing risk management lifecycle.

Praetorian delivers specialized policy and controls for organizations at every security maturity level. Our engineers leverage their in-depth knowledge of industry standards and best practices to help deploy a baseline set of security controls across all systems within your organization and then specialize that security plan for the specific mission, environment of operation, or technology.

Our aim is to develop policy and control sets driven by a customized risk management framework that serves the unique needs of each client, while helping their organization defend its systems to the greatest extent possible.

We make security our business, so you don't have to make it yours.

As threats evolve and grow increasingly sophisticated, it is difficult for organizations to keep pace with the rapidly changing security landscape. Securing an enterprise demands proactive and ongoing vigilance by your IT staff. Such complex environments also require your organization to forge relationships with trusted service and product providers, so you can focus on what's important—your core business.

security assessment advisory services

Today, creating a truly secure IT infrastructure requires access to highly specialized knowledge, intelligence, and expertise in order to stay at least one step ahead of the evolving risks. Because Praetorian is an authority on information security, your business can leverage our subject matter expertise to solve these challenging business problems. We offer a comprehensive portfolio of security services and solutions tailored to meet specific client requirements. At Praetorian, we make security our business, so you don't have to make it yours.

Praetorian's risk assessment and management solutions use an optimal balance between people, process, and technology. Risk management is the key to a successful security strategy. We help organizations identify risks to their information security and prioritize those risks so that they can allocate resources in the most cost effective way. We also work with organizations to identify an appropriate risk management strategy, which is usually a blend of the following:

Risk Management Strategy

  1. Risk Mitigation Mitigate risk through security remediation and countermeasures

  2. Risk Transfer Transfer risk contractually to a 3rd party, or insurance provider

  3. Risk Avoidance Avoid risk by eliminating an existing online or network capability

  4. Risk Acceptance Accept risk based on clear understanding of exposure and companies appetite for risk

During each engagement, Praetorian engineers meet with you regularly and communicate high-risk findings immediately. At the end of each engagement, we deliver a comprehensive report that is valuable to both the technical and executive levels. For technical staff, we detail the immediate threats across your enterprise and recommend the appropriate responses. For executives, we clearly communicate systemic issues and solutions, prioritizing risk management strategies based on resource constraints and risk goals.

Project Management

Alongside Praetorian's technical prowess and detailed assessment methodology, Praetorian also implements a standardized project management plan to ensure quality and on time results. The following list and corresponding diagram represent the typical workflow of an engagement.

Engagement Workflow and Project Management

Engagement Workflow

  1. The process begins with a response to a client proposal.

  2. Once the proposal is accepted, mutually agreeable start and end dates are decided between Praetorian and the client and a Master Service Agreement (MSA), Mutual Non-Disclosure Agreement (NDA), and Statement of Work (SOW) are executed.

  3. A pre-engagement call is conducted with the client at least one week prior to the engagement's scheduled kick off. The purpose of the call is to introduce team members, exchange contact information, and discuss logistics. This will help ensure consultant utilization is maximized once the engagement is underway.

  4. The engagement begins on the scheduled start date. Weekly updates are provided over the course of the project.

  5. Once testing has completed, a draft report is delivered to the client one week after the engagement's conclusion.

  6. The client has ten business days to review the draft report and provide comments.

  7. At the close of the review window, comments are incorporated and a final draft is submitted to the client in PDF format.

  8. A final closeout meeting is held to discuss the results of the assessment and answer any outstanding questions.

  9. The process concludes with the submission of feedback forms and invoices.