Arrakis Consulting, LLC
United States, Phoenix
Not all security companies are created equal and security is a collaborative effort by all parties.
Main Services:
Managed Services, Cybersecurity Services, Penetration Testing, Governance, Risk, and Compliance, vCISO, GDPR, Internal Audit, ISO27001 and SOC2 audit prep, BC\\DR, Training
Partnering with Arrakis will help reduce your stress level and solve problems faster.
Arrakis is uniquely positioned to provide the trusted advisor consultation services you need at an economical price point. Our personnel normally work closely with the “C” suite or Board of Directors to ensure complete visibility at all levels and reduce the risk profile to the client. Our personnel can also work closely with senior and mid-level managers to help that mission critical project become a success.
All clients are held to the highest levels of confidentiality and all contracts will have non-disclosure language to protect all parties.
Additionally, to protect our clients, we have no personnel that connect to us via social media where they appear as employees, contractors, or subcontractors. This reduces the potential for Arrakis to be used as an avenue into our clients environment. This protects Arrakis from potential attack as well as protect our clients when it comes to island hopping or target information gathering.
Our slogan is “Honor. Integrity. Excellence.” and anything less in unacceptable. All of our professionals have gone through extensive background checks to verify past history, ethics, and experience. While virtually anything in life, or business, can be earned or taken away…honor and integrity can only be retained or discarded on the individual level. Ethics violations are never acceptable, and all of our personnel are required to conform to the highest levels of industry standard ethics in order to retain their certifications. When an individual can retain their honor and integrity…doing the best they can at everything they do and at all times…then excellence is a positive outcome.
Our general methodology is quite simple. We generally have a three-phase approach with phase 1 being an assessment in order to understand gaps, phase 2 is fix discovered problems/gaps, and phase 3 is long term support to keep the client compliant and help prevent gaps from reoccurring. For any project longer than two weeks, weekly status reports/meetings are provided to the executive sponsor or their designee. Kick-off and close-out presentations are provided for the first and last week of the project or phase. Kick-off meetings and presentations are very detailed and specifically designed to ensure a complete understanding of the project and answer any questions that may come up. During the close-out the executive sponsor is provided with a finalized report of exceptional quality, any supporting documentation, and an actionable plan to move forward with. Depending on the type of service required, our contracts can either be T&M (Time and Material) or fixed cost.
Our reporting capabilities are second to none and are quite often used in their published format for consumption by senior managers, executives, and Board of Directors. Less sensitive reporting is also available, if needed, in order to provide reporting to 3rd parties for compliance or contractual purposes.
Our personnel are industry trained and certified. Just some of the certifications are CMMC-AB RP, ISO27001, ISO27005, ISO27032, ISO21502, PECB CMMC Foundations, PCI QSA, CIPT, CIPP, OCSP, CISA, CISM, CISSP, CCENT, CCNA, CCNP, CCDA, CCSP, A+, Cloud+, Network+, Internetwork+, Server+, Pentest+, Security+, Linux+, Project+, CSIS, CLNP, CIOS, CSSS, CNVP, CSCP, CCAP, PMP, CNA, CNE, CCA, SCP, MCSA, MCSE, CCDP, MCPS, MCPSI, CCA, LPIC-1, CLA, SixSigma, CHFI, and Itilv3. Arrakis also has a SecurityScorecard.com score of “A” as a company and is a CMMC-AB RPO.
Our website and any other Internet presence does not collect, nor store, sensitive information. Any dealings with sensitive information are entirely on our customers equipment or technology and Arrakis assumes no responsibility for the protection of that information. All Arrakis generated products are trademarked and copyrighted including if there is no distinct copyright symbol next to the image.
Some of the benefits of using Arrakis
Increased visibility – Our skilled professionals can show you methods and help implement technology to provide far more visibility into your network and security posture than you currently have. At the end of the day, if there is a breach, your visibility into the network is going to be questioned as well as your action/reaction to incidents. Failing to see deeply, both vertically and horizontally, into all aspects of the network and your user activities is a hit against you and your company.
Proactive and supportive response from Arrakis personnel – Quite simply we like positive momentum in our activities. Whatever projects you have that need help, we will be there to help you out. Emergencies are our forte as well so feel free to call on us for any size, or type, of situation to ensure your security and safety.
Flexible and intense testing services – Our testing services are extensive and detailed. Additionally, we will work around your schedule in order to test with the least impact to your organization that produces the desired results.
Extensive and detailed reporting – The reports from Arrakis are extensive and are designed to offer solutions to the discovered problems. Our reports follow a simple and consistent format of a 1-1.5 page over all executive summary (designed for true non-IT executives) that is easy to read and understand at all skill levels. Closely following that is an expansion of the executive summary with quite a bit more information specifically designed for more IT savvy persons at the managerial level. Last is the extreme technical portion designed for those that live, breath, and bleed technology where individual problems are discussed, and possible solutions offered. Our reports have, and most of the time are, used in their native form for all levels of the company including Board of Director meetings. The extreme technical portion is designed where you can treat each page like a tear sheet to hand to a remediation team/person and say “go fix this”. Additionally, our reports have also been used to provide direct 3rd party evidence to external auditors or regulators. Along with the final report detailing the project results is a 10-15 slide power point that covers the high-level items discovered and suggestions for improvement. Lastly, is an excel spreadsheet that has numerous tabbed areas detailing risk analysis based on our observations, vulnerabilities, etc… Before any report is finalized and issued a draft review is performed to ensure your complete understanding, agreement, as well as ensuring the report will conform to your political environment.
We get to know you – We always desire to completely understand your business, so our efforts are based around, not only, project success but also supportive of your business goals.
Consistent methodology and approach – Regardless of the type of project we follow a consistent methodology of project kick off, weekly status reports for any project over two weeks, draft report writing, internal QA of the report, draft review by client, and final report delivery and closeout. Our methodology provides for the most flexibility and we find it is the most agreeable for our clients.
Expedited delivery of services if needed – To put it simply, sometimes you need to work fast and have actionable answers quickly. The world of security isn’t slow and security situations require a fast response from all affected parties. If you are in a bind and need a quick solution, then we are here to help you.
Expansive understanding of regulatory and compliance frameworks – Our professionals have experience in every major framework and are in the loop for upcoming framework changes so you can be in the know before it is a requirement. Regardless of if it is CMMC, GDPR, CCPA, NIST, PCI, HIPAA, ISO, COBIT, etc…, it doesn’t matter, we can help with all of them. Additionally, we can provide an unbiased 3rd party opinion to your compliance to your selected or mandated framework to give you better visibility into your risk. Do you desire to be multi-framework compliant such as incorporating NIST 800-53 or ISO 27001 simultaneously? We can help make this a reality. Our professionals have been on all sides of compliance from auditors to auditees and fully understand all aspects of compliance.
Unbiased and objective advice – Similar to our slogan of “Honor, Integrity, Excellence”, we will offer you an unbiased (yet politically correct for your environment) opinion to provide the awareness you desire of the work asked of us or the possible opinion of an external regulator/auditor of your security posture. Our reports and advice are honest and direct as well as specifically designed to get the concept across in the most effective way possible.
Advantages of using experienced and certificated personnel – We don’t have personnel who are going to learn on the job. All of our team members have at least 10 years of experience, are certificated, and multi-talented in multiple skill sets. This means that we could realistically deploy a security engineer who also has the capabilities of a forensics professional or an auditor who also has experience at the “C” level as an auditee. We won’t send you someone who can tell you that you have a problem without being able to suggest possible solutions to fix that problem.
Experience working with clients of all sizes – Regardless of if the client is fortune 100 or 1000, compliance is compliance, and the methodology and solutions remain the same just on a varying scale. Smaller clients get the same level of attention and professionalism as a larger client.
Transformational and innovative approach to problems – Almost every time a client will benefit from the Arrakis “thinking outside of the box” viewpoint and asking “what if” questions to expand options. We don’t want to be viewed as just another security company, Arrakis is unique with our experiences and approach to problems.