TechBento’s cyber security evaluation process is designed to help organizations identify vulnerabilities and improve the overall cybersecurity posture. Based on Bento Cyber Security Framework, we work with stakeholders through a series of questions that represent network security requirements and best practices. The presented requirement questionnaires are based on selected industry standards, common requirements, and network topology. The result is a formal report with a prioritized list of recommendations for improving the cybersecurity posture.

We offer up to a 1-hour assessment to potential new customers at no cost.  Beyond that we charge hourly rates for services which are scoped through agreement or work-order.  The difference is breadth and depth of the assessment.  

Cyber security assurance is a process of reviewing your organization’s information technology, understanding what processes or tools your company uses to protect information systems and data, and then evaluating those protections for their effectiveness.  While there are many cyber security standards available (including Bento Cyber Security Framework), the breadth and depth of a cyber security program depends on entirely on you.  Your organization decides what information to protect and how to do it and there is ultimately no right or wrong way. What is important is that your policies are working as you expect them to work. Assurance takes your information technology management and validates that it is as effective as you think it is.

Your IT provider’s primary role is managing, monitoring, and administering information systems. Information security is fundamentally a separate and ideally segregated role.  We work with your IT to evaluate your cyber security resilience and then provide expertise, engineering, and governance to the extent your organization decides is appropriate.  TechBento’s team has the engineering knowledge to implement and manage information systems; we also have the confidence to operate with your IT collaboratively to make your business more resilient.

TechBento is a modern information security and systems company which means we solve many of the same issues that an IT provider might, but do it in a way that is integrated with cyber security policy. While managed service providers and IT consultants focus on system operations (SysOps) such as managing/maintaining desktops and servers, our primary responsibility is security operations (SecOps).  Security operations come before and also after system operations.  The “before” is generally related to planning/protecting/designing information security systems and the “after” is verifying that the system operations are working as designed.  We serve some clients by purely operating an information security provider (or a Security Operations Center), and for others we also extend our system engineering services to support operations.  Historically system operations were the key ingredient in IT, today they play a smaller part as planning and compliance have become integral to operational excellence.

  • Contributes to an organization’s risk management and decision-making process.
  • Raises awareness and facilitates discussion on cybersecurity within the organization.
  • Highlights vulnerabilities in the organization’s systems and provides recommendations on ways to address the vulnerability.
  • Identifies areas of strength and best practices being followed in the organization.
  • Provides a method to systematically compare and monitor improvement in the cyber systems.
  • Provides a common industry-wide tool for assessing cyber systems.

Yes!  Our framework and governance program is based on NIST-800 53 Draft 5, the latest standard in cyber security management.  It pairs well with FIRNA, SOC, and FISMA requirements.

Why choose TechBento?

SOC 2 Compliance Readiness

If your company is embarking on a SOC 2 Type II journey you likely need guidance.  We offer direct support not just for the program aspects, but in-depth engineering and security support for control development and implementation.  TechBento’s cyber security engineering team is equally comfortable with the technical solutions as we are with policy and governance.  While your auditors may offer help, an unaffiliated third-party is your organization’s best choice at reducing costs, expediting SOC2 preparedness, and navigating the AICPA SOC for Service Organizations: Trust Services Criteria.  Your organization may be ready for SOC 2 observation in as little as 90 days with our help.

Referral by Incident

TechBento primarily onboards customers through referral.  Unfortunately, the referrals often come after an incident.  We have worked with dozens of companies to recover from ransomware, identity compromise, data breaches, disasters, and compliance failures.  Our methodical, mindful, and infinitely curious approach to cyber security helps our clients restore order and trust in systems. We have a proven success rate for restoring mission critical systems, helping companies navigate security incidents, and emerge more competent and resilient.

Modernizing Cybersecurity

Your organization is likely a Google Workspace or a Microsoft 365 organization.  Both companies have developed extensive security products and tools which are often part of higher-tiered plans and exponentially more complex security operations. If your organization has failed to change with the modernization of these systems then you are at greater risk today for failing to adapt.  TechBento’s cybersecurity evaluation looks at your licensing, service usage, and competency as part of our overall risk evaluation process.

Legacy Protocols and Authentication

All major cloud providers have began their journey to phase out legacy protocols that companies have relied on for decades. Among them are Authenticated SMTP (Used by POP and IMAP clients to send email messages), Exchange ActiveSync  (Used to connect to mailboxes in Exchange Online), IMAP4  (Used by IMAP email clients) and many more.  In order to leverage the latest in modern authentication technologies these legacy protocols must be retired. The change, however, is not easy as the documentation is a minefield.  While we may not be able to make the process completely smooth, we understand the intricate complexity and that understanding is fundamental to successful transition.

Zero Trust Architecture

Microsoft has been on the forefront of Zero Trust Architecture for a few years, but two major events in 2021 have sealed the fate:  the Kaseya breach and the US Government’s directive to move to ZTA in the next three years.  This means that ZTA – whether your organization understands it or not – will be the standard for securing information systems.  ZTA is not a tool, it is not a technology, it is an architecture that takes many forms and has many solutions.  From device to service authentication to explicit authorization, your organization will likely need guidance from experts to transition into the future.

Bento Cyber Security Framework

Transparency is a key component of our operations. We developed our own cyber security framework, supplemented it with controls and guidance, and made it available for small companies to use via https://www.bentosecurity.org.  Bento Cyber Security Framework – BCSF – is a developed on common standards but adapted to small business.  It is equally effective at guiding companies build a minimum amount of security as it is at preparing companies for certification.