NetSPI

NetSPI

NetSPI is a regional Information Security consulting firm that specializes in compliance management, penetration testing and application security, and is headquartered in Minneapolis, Minnesota.

History and Development

NetSPI was founded in 2001 by Seth Peter and Deke George. Both had previously worked at OnTrack Data Recovery, now part of Kroll, where they started and led the computer forensics part of the business. After some false starts in the Financial and banking sector, NetSPI has gained some limited success within health care organizations. As it is a regional firm, clients are principally located in the Midwest, and include BestBuy, Target and USBank.

Information Security Consulting

NetSPI provides Information Security services to organizations with compliance requirements such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, HIPAA, and Nuclear Regulatory Commission/NEI 08-09. The services provided encompass penetration testing including social engineering, web application security testing and consulting, compliance audit services, and the development of security plans. NetSPI has developed proprietary software for the correlation of results from a variety of automated software tools with the results of manual testing.

NetSPI consultants have been speakers at security conferences organized by the International Information Systems Security Certification Consortium--(ISC)2; ISSA—the Information Systems Security Association; LayerOne; Infragard; Secure360; the Open Web Application Security Project (OWASP); the Information Systems Audit and Control Association (ISACA); and Black Hat Briefings. In past years, a former employee of NetSPI had volunteered to help install and maintain the network at DEF CON. NetSPI personnel have chaired the Twin Cities chapter of ISSA. The company regularly works with other information-security firms, including Shavlik technologies, and it is active in helping healthcare organizations understand and implement the Common Security Framework, or CSF, developed by the HITRUST Alliance, though NetSPI is not licensed by the HITRUST Alliance as a CSF Assessor.

References

Bullock, David. "Inside the World's Most Hostile Network." Wired Magazine August 2009. Print and Web. 20 Oct. 2009.

Chickowski, Ericka. "Healthcare Not Up To Task of Securing Electronic Medical Records, Experts Say" Dark Reading. 30 April 2010. Web. 7 May 2010.

Clancy, Heather. "Tech Watch: security pros want strong policy for virtualization." Techtarget. 1 June 2009. Web. 20 Oct. 2009.

Millard, Elizabeth. Security Force. Minnesota Business. 1 July 2009: 26-29. Print and Web. 10 Oct. 2009.

Peter, Seth. "Fighting Vulnerable Payment Applications." Retail Information Systems News. 3 Feb. 2009. Web. 10 Oct. 2009.

Roiter, Neil. "PCI DSS implementation: how to get it right!" Techtarget ANZ. 26 November 2009. Web.

Roiter, Neil. "HITRUST CSF offers path through healthcare security maze." SearchSecurityChannel.com 7 December 2009. Web.

Youngblood, Dick. "Penetrating IT Security to Find the Weaknesses." Star Tribune. 19 Nov. 2008. Print and Web. 10 Oct. 2009.

External links

• NetSPI web site