With decades of experience architecting and managing IT, business and cyber for mid-sized to Fortune companies, we are equipped with the knowledge and experience to help you:
Tom is a security principal at Core Technology Advisors, where he draws on two decades of experience to help clients strengthen their cyber posture. As a first-generation Vietnamese American, he grew up under a corrupt Communist state, where human rights abuses and disinformation were used to manipulate and suppress the populace. Having lived through this brutal past, Tom finds his passion for helping companies and organizations strengthen their cyber posture so that the ideals of democracy can flourish.
Before joining Core Technology Advisors, Tom led multiple global cyber teams at PwC focused on cyber governance, vulnerability engineering, network security, and endpoint security. While at PwC, he championed the creation of a robust cybersecurity infrastructure and architecture, as well as provided guidance on the development of cyber policies and procedures. Before PwC, Tom was a master consultant at Forsythe Solutions Group, where he advised Fortune companies on the implementation and management of large scale, enterprise information systems. He received Forsythe’s Outstanding Performer Awards for 2004, 2005, 2007, 2011, 2012, and 2013.
Tom holds an Honors Bachelor of Science in Electrical Engineering from Penn State University and is fluent in English and Vietnamese.
Provides CISOs with the insight to handle cyber management challenges.
High-level assessment of an organization’s cybersecurity program.
Comprehensive assessment of an organization’s cybersecurity posture (attack surfaces, cyber defenses).
This service uses Qualys to detect and find vulnerabilities in an organization’s IT footprint.
Mobile devices, remediation support.
Out of scope:
This service uses Qualys VM product to scan and find internal and external vulnerabilities in an organization’s IT assets that an attacker may exploit.
1. Kickoff meeting
- Service overview: review scope, requirements, milestones, timeline, and next steps.
- Organizational and technical interviews.
- Gain stakeholders commitment.
2. Staff meetings to review scope, requirements, milestones, timeline, next steps.
3. Scanner setup.
4. Scan executions.
5. Scan result analysis & tuning.
6. Report generation.
7. Report review.
- Found external, severity 4,5 vulnerabilities
- Found internal, severity 4,5 vulnerabilities
8. Next steps.
9. Schedule follow-up assessment.