Caffeine Security
Security Consulting



Custom Consulting and Subscriptions

Whether you're a large company or a start-up -  you require the right amount of security and no more.

Our custom consulting services can be used to:

  • Provide security architecture recommendations
  • Provide ongoing security advisory, regularly
  • Participate in IT and development project planning
  • Establish security policy with stakeholders
  • Remediate findings from any audit

Architecture Security Reviews & Technical Assessments

A good program is useless if the implementation of technical controls is deficient. Use experts at each of these technologies to perform assessments that go much beyond the typical "checbox audit".

Caffeine Security performs security reviews of systems and projects (business applications, IT systems, etc.) as well as reviews of the overall security architecture of an environment.

Our most common assessments consist of:

  • Active Directory and Office365 security reviews.
  • AWS / Azure Security / Cloud security and architecture security reviews.
  • Email security assessments. (Malware, phishing, spam, domain name configuration)
  • Endpoint security system configuration (Antivirus configuration, advanced endpoint tooling, credential hygiene)
  • System hardening reviews
  • Vulnerability assessments & Penetration testing
  • Network boundary reviews


Cyber Security is a complex topic.

To help you get the most out of your security program, and most of all, to know what you should be doing next, our Cyber Security Review focuses on assessing the current situation and providing actionable recommendations to truly reduce risk.

Our services are based on real-world issues, and as such our recommendations are not built only on the typical "best practices" often used, but rather, on practical advice that truly makes security stronger.

Custom consulting can be purchased when needed, in advance as a retainer with SLAs and lower hourly rates, or as a monthly subscription with advantageous carry-over policies.


Ransomware has brought back the days of destructive malware, with an economic twist.

While protecting a complex network from ransomware shares many similarities with malware prevention in general, preventing the spread, and being able to recover quickly from ransomware is often very different.

Our ransomware readiness assessment services consist of:

  • Technical assessment of email security, web security and endpoint security controls.
  • Technical assessment of the configuration of applications often leveraged for ransomware attacks, such as Microsoft Office, browsers, and PDF readers.
  • Review of backup and recovery plans.
  • Review of cloud storage configuration (Dropbox, OneDrive, etc.)
  • Review of lateral movement prevention capabilities.

At the end of the assessment, you will know what must be improved first in order to reduce the potential impact of a ransomware attack against your organization.

workstation security improvement program

A majority of cyber-attacks either originate, or leverage compromised workstations.

The Workstation Security Improvement Program achieves significant reductions in off-the-shelf malware infections and spread, and enhanced adversary resistance by focusing on:

  • Credential Security/Hygiene
  • Lateral Movement
  • Patch Management
  • Browser and Office Application Hardening
  • Leveraging Features of Products you Already Own

This will not only improve resistance to attacks, but improve response efficiency by dramatically reducing the amount of unimportant detections.

Threat Modeling

Threat modeling allows your entire team to view systems in the right mindset to discover potential issues with them.Our threat modeling services are offered with a full day of training during the first engagement, to ensure your team becomes self-sufficient. 

The typical threat modeling engagements that our consultants have performed can range from reviewing a specific mobile application, to complex payment systems, customer databases and more.

This service is highly recommended for new systems, or for customers with a maturity level that is already above average.

Vulnerability Management

Managing vulnerabilities is a never-ending challenge.

With our help, implement solid processes and leverage the tools you already have to properly prioritize and fix what really needs to be fixed.

For organizations without existing tooling, Caffeine Security will recommend the best possible tools, based on our experience, for your environment.

small/medium business security baseline

Leverage our experience in large organisations and with real-world attacks to implement the basics well in your small business.

The SMB security baseline focuses on:

  • Cloud / SaaS identity management.
  • Email and Domain Name security
  • Malware prevention
  • Secure configuration and endpoint hygiene

Security Metrics Program

Data is now being gathered and stored at an amazing rate. Using this data to properly measure the state of your cyber security program requires experience, proper interpretation of the data and the ability to present it in a simple manner.

How security metrics program services include:

  • Workshops to define what ultimate metrics would be useful to the security program in the short, medium and long term.
  • Review of the available data and tools that can be used to generate metrics.
  • Definition and implementation of metrics for which the data is already available.
  • Roadmap to prioritize data gathering for future metrics.

Most organizations already own or have access to tools that can be used for this, such as open source tools like R Studio or tools part of other offerings, like Microsoft Power Bi, part of some Office365 subscriptions. Organizations without the proper tooling will receive recommendations on the most appropriate toolkit for their specific needs.

Merger & Acquisition Security Due Diligence

Contact us for more information on our M&A services.