"Imagination without boundaries,"
By humans, for humans.
We offer a range of security services focused on technical expertise and practical assessment. We combine these assessments with strategic understanding and analysis to show how misconfigurations, exploits, and a lack of hardening impact your IT environment and the overall risk to your business.
25 Certifications
2 BSides presentations
5 CVEs
"Get hacked!" - Practical cybersecurity assessment of your IT network.
Enhance the security posture of your organisation by conducting a simulated compromise of your internal network.
This is a hands-on review of the organisation's security posture. During the engagement, we will perform lateral movement and escalate privileges to demonstrate how cybercriminals might compromise key parts of your organisation.
The final product is a report with all issues found and recommendations for remediation, mitigation, and risk reduction.
All findings are provided with CIS 18 and MITRE ATT&CK references wherever applicable.
Practical cyber security assessment of your IT network and IT security governance structures.
Understand the overall maturity of your security controls from governance to technical implementation.
This engagement starts with an assumed breach engagement to gather knowledge about the organisation's technical cybersecurity maturity. The technical background is combined with a review of the governance structures and documents to inform an evaluation of the overall maturity of your organisation.
The final product is a report detailing issues and areas of improvement, along with Business Impact Assessments (BIAs) of a couple of key systems.
We use the NIS2 or NIST CSF framework for the overall governance structure, the CIS18 framework for the assessment of security controls and CMMI for the maturity level.
Other frameworks can be used on request.
Practical cybersecurity assessment of multiple companies with reporting to group management.
Gain insight into the security posture across a portfolio of companies and subsidiaries.
Multiple "Assumed Breach Assessments" or "Governance Security Assessments" will be combined across multiple companies. To assess the individual security of entities.
These will be combined into an overall assessment of the portfolio as a whole. Resulting in a report for each entity and a report for the parent company detailing the individual risks and the risks as a whole.
Enterprise Softproducts ApS does not have any investors, no board of directors, and no dreams of a sell off or exit. We exist to help organisations secure their businesses and fulfil regulatory requirements. This section shed light of our mission and how we go about our business.
| [ MISSION STATEMENT ] | Our purpose is to help organisations secure their IT environments and ensure they have the governance structures to facilitate and maintain a secure and mature business. |
| [ PROBLEM STATEMENT ] | Governance and technical cybersecurity often lie far from each other. Management often has difficulties in assessing the status of technical security controls, and technicians/sysadmins often have issues understanding management priorities. Often, the overlap between these two groups is minimal, which leads to misunderstandings and conflicts. |
| [ SECURITY BRUTALISM ] |
"Security brutalism" focuses on clarity, fundamentals, and purposeful design. This is a core tenet of our approach to security; we prioritise strong fundamentals and secure baselines, instead of increased complexity and a product-based approach, where solutions come in the form of new products instead of addressing root causes. So in short, "On and off the court, straight fundamentals, no funny business". |
| [ AN ATTEMPTED SOLUTION ] |
Boring basics, strong foundations, and a bottom level you can be proud of. We leave the fancy stuff to our competitors and focus on helping you create a strong cybersecurity foundation that can support your business. By focusing on first principles, we help you gain insight into your IT infrastructure and help you create strong systems that support strong cybersecurity practices from the ground up. We don't aim for perfect, we aim for effective and "good enough". When you get to "good enough", we aim for "super good enough". Our goal is to help you wherever on your security journey our paths cross. |
| [ THE END PRODUCT ] |
Clear communication of issues facing an organisation, with holistic recommendations and a focus on maintainable foundations. We strive for an end product that is easily understandable, relevant, and immediately applicable. Our main job is to help you discover, prioritise, remediate, and mitigate security issues. To affect positive changes in your IT security posture. |
Each step in our process was created to facilitate easy collaboration, high-quality deliverables, and measureble improvement in your organizations security posture.
Together, we will clarify your needs and determine if our expertise is the right fit to solve your problem. Afterwards, we define the goals and success criteria and propose a solution. The result will be a business proposal (also sometimes called an engagement letter) matching your needs.
The chosen assessment(s) are conducted together with you and your colleagues. For all our services, we will maintain ongoing communications and ensure that your requirements are fulfilled.
Once the engagement is completed. The draft of the final report(s) will be provided for your review. Once we have addressed any comments, the report goes through quality assurance and the final version will be delivered and presented.
Everything we do is centred on the Japanese idea of "kaizen" (改善), which strives for small incremental improvements. Therefore, after every engagement, we invite you to a short feedback session.
Our guiding values help shape how we approach our work and ensure we deliver a product we can be proud of. Tools and security products can be great, but at our core, we believe knowledge about systems and the business processes they support is what makes a company secure.
We believe that the best way of getting repeat business and new customers is by doing a good job. That's our core philosophy, and how we plan to make the business successful. We therefore allow room in our calendar for change of plans, and enough time to produce a piece of work that we can be proud of.
Offensive cybersecurity is an inherently creative endeavour. The foundations of which are taking rules and expectations, combining these in new and unusual ways to achieve unexpected results. We use this approach to challenge and reevaluate structures, procedures, and technology in order to show how technology can be used and abused in unconventional ways.
Integrity is a core part of our DNA. We wish to be a trusted cybersecurity partner, and we cannot do that if we have hidden agendas or are trying to sell you products/licens. We are therefore fully independent and do not have any other revenue streams other than consulting and freelance work.
If any of the above sounds interesting and you want to discuss how we can help you strengthen your cybersecurity posture, please reach out to our founder and principal consultant, Mark Steenberg.
