Services


This is Monte Toren, the owner of Cyrptix Security.  I was the only security person at Netflix during my 10 year tenure there, and was with them from their 
start up through SOX compliance, PCI Level 1 compliance, and their migration to the Amazon cloud.  I did this all myself. There are very few people in the world that have this kind of hands on experience.

As an architect and an auditor, I understand that a security and compliance program needs senior guidance and leadership.  Without it, your company can spend tens of millions of dollars preparing for a specific audit, and even pass that audit – all while not being any more secure, in a practical sense, than it was when it started.  And to make things worse, if people can’t see, or be made to understand the value of the new systems and processes, and know that every effort was made to solicit their input and minimize the negative impact the changes will have on their ability to work and do their jobs, it will all simply be ignored until the next audit.  

Much better is to plan farther ahead, be realistic with goals, and approach security as an area for iterative improvement, and not for trendy, expensive technologies that don’t even work.  Your company can spend almost nothing fixing processes, and make your business more secure, more efficient, and more competitive at the same time.  But this can only happen with the cooperation of your own staff.  And the truth is, despite being a strategic architect; many of the actual solutions I propose do end up being extremely technical.  Luckily, with my technical background as both a senior Linux and network administrator, I am able to work easily with even the most technical Ops and development teams.  I pride myself in my ability to connect and quickly build credibility with technical staff, all while being able to present coherent strategies, roadmaps, budgets, status, etc., to senior management.  I have a true passion and excitement for security, which people can’t help but feel, and it brings a freshness and energy to what is typically a mind numbingly dull subject for others.

I conduct business with the highest degree of integrity and honesty.  I don’t believe that security has to be a game of fear, uncertainty, and doubt.  To me, security truly is a positive enabler, and a business differentiator.  It doesn’t need to be sold, because when it’s done right, it sells itself. 

I also highly enjoy web application penetration testing, and have developed many of my own proprietary tools to do so.  I offer a discounted rate for this, as I can do it completely remotely, and it keeps me up on the latest web technologies. 

I have recently been researching data leakage from major websites, and have found that an alarming number of both public and private companies leak sensitive, and often material information.  The data I find most often leaked are total orders, total users, and new user sign-ups per hour.  I can audit your website for this, and if your lawyers allow it, I can even take a completely passive and unobtrusive (i.e. legal) peek at your competitors' websites. 

Lastly, I have years of experience in e-commerce fraud and payment systems, and can offer simple, actionable advice in these areas.

I also have several extremely talented security engineers that I can use for specialized areas, such as Malware construction / de-construction, advanced forensics, etc.