Support Site

Updates

Cybersecurity Internship Spotlight: Jonathan

by

Our Intern Spotlight is a series of posts throughout the summer highlighting the experiences of TDi’s cybersecurity interns as they develop their skills to be the next defenders of IT and OT operations. If you missed our first Intern Spotlight with Hector, our UI and UX intern, you can read it here.

To learn more about TDi’s internship program and how we are growing the next set of IT and OT security professionals, you can read our cybersecurity internship overview here.

Meet Jonathan, our Development Cybersecurity Intern

Jonathan is a computer science major and our intern on the development team. He has always enjoyed technology, especially computers and software. When he took his first computer science class in high school, he found himself drawn to the problem solving and logical aspects of coding.

He continued this path into college, picking up his initial internship with TDi during his first summer there. He wanted to learn more about the field of cybersecurity and software development, like how developing and delivering software really worked outside of the classroom.

Now a college senior, he’s also a veteran intern at TDi. Jonathan has interned with us during his summers and winters since 2019 and is preparing to enter the professional world. Below, we ask Jonathan about his experiences during the cybersecurity internship.

Intern Spotlight

What do you want to do when you graduate?

I think I like the software development path. I like working to solve problems and fixing them using logic and thinking, that sort of thing. That’s a pretty big branch in the field on its own, but if I could continue here at TDi, I would love that.

So, software development is the big answer. The smaller answer after that, I’m not quite so sure.

Has your cybersecurity internship experience helped you achieve your career goals?

Yea absolutely. My first month of my first summer, I learned just as much, if not more, about programming and coding than in school. Professional coding more specifically, instead of just textbook problems and things of that nature, which has been a really great experience.

Being able to work for 40 hours a week for 10 to 12 weeks of summer has really helped me learn exponentially faster than you do in the classroom. Being able to work with a team of people that have been in the industry for a long time, and that have a lot of experience that can guide me and tell me where to look and how to fix problems, has really helped my general problem-solving skills. That’s been really great to help me get set.

Initially going into the internship, I wasn’t 100 percent sure that I was going to be good enough to work in the industry or be good enough to do an engineering job or anything like that. This has really made me confident in my decision that this is something that I would want to do.

Is working in cybersecurity what you thought it would be or did something surprise you?

I was definitely surprised when I started working in cybersecurity. I didn’t have any knowledge of what professional cybersecurity looked like. I just had generic movie ideas of hackers and coding and trying to fight against people trying to come into your network.

But the real surprise for me came in developing a software to prevent that. I had never considered that a software like ConsoleWorks would be an effective cybersecurity measure because I had never been exposed to that kind of thing before.

What about working in software development, did something surprise you there?

I didn’t know what to expect coming in. I was expecting that it would be pretty hard to do. Generally, a lot of working with ConsoleWorks has been something I can pick up and learn faster than I thought I would be able to.

So that has been surprising for me. I didn’t think I would be useful to the company or the engineering department in the way that I have been – the projects I’ve been able to work on, the things I’ve been able to do.

What have you been working on?

Last summer, my biggest project was on a baseline script that monitored everything that happened in a section of time since the baseline’s previous run. It monitored everything that happened in ConsoleWorks. If you run this baseline on Tuesday and on Wednesday someone logs in, accesses consoles, adds two devices and deletes two others, they log out, and the next day you run the baseline again, everything is monitored there.

You can see the changes between the previous run and the current run. Which was really good for a customer to see, to give them an easier roadmap of what had been happening in a day, a week, or a month in ConsoleWorks or if anything major had changed.

The summer before that, I worked with engineering and devops on a Nozomi integration. I was working on writing scripts that would help capture data and integrate with ConsoleWorks, putting all of that inside of a dashboard. Those have been my biggest projects.

The first summer I got here was a lot of developing work. Learning about ConsoleWorks, what consoles are, how it relates to the software and everything that is tracked and monitored.

Since then, a lot of my work has been with baselines, like writing baselines and writing the example system for baselines. It was my job to familiarize myself with them and I wrote a small paper about effective ways to utilize baselines.

What’s the most challenging part of your cybersecurity internship?

One of the most challenging things has been adjusting from the instructor/teacher style of classes, to teaching myself and being self-reliant with a lot of things. That’s not to say I haven’t had help along the way, all of the team is there and helping me with any questions I have.

But when I encounter a problem or I have a question, my first thought that I try to start with is “how can I fix this myself? Is there a solution I can find or something I can read that will help me fix this problem?” It’s been rewarding, because as I’ve gotten better, it’s made me more productive and less reliant on other people.

While it’s definitely been a challenge to learn at a different level and develop at a different level doing different types of work compared to textbook problems, it’s been equally rewarding.

What is your favorite thing about working at TDi?

Working in teams and being able to accomplish things bigger than what I would be able to do myself. And the general satisfaction and pride that you get from working on a project and putting a lot of time and effort into it, and then pushing that project out to customers who will use it and find it helpful for their business. It’s a really rewarding feeling.

That’s not something you quite get in the education system. It’s similar to getting a good grade or feedback, but people are paying for what I’m making, so they expect something quality and being able to provide that is a good thing.

What would you tell a student interested in an internship at TDi?

I would say just try not to be intimidated. Come in with coachability and stay openminded to learning and to taking challenges head on. Try to accomplish things that you never have before. At times it can seem difficult, but it’s equally rewarding in that aspect.

If you keep working at it and just keep chipping away, even if it means some days you don’t get much done, or feel like you wasted your time or day, if you come back and you make a breakthrough then you’ll forget about what happened and it’ll be worth it.

It’s a great company with a lot of great people. The engineering team, which I’ve been working with the most, has been extremely helpful in helping me learn and aren’t agitated when I ask 10 or 20 questions a day. It’s been a great experience.

Keep Watch for More Internship Spotlights

We have more on the way! Stay tuned to our updates page for the latest on our internship spotlights and other updates for cybersecurity in IT and OT operations.

To learn more about TDi’s internship program and how we are growing this country’s next set of IT and OT defenders, you can also read our cybersecurity internship overview here.

Cybersecurity Internship at TDi Technologies: Intern Spotlight

by

This summer we’re highlighting experiences from our cybersecurity internship. Our interns immerse in the world of cybersecurity for IT and OT operations and become part of the team at TDi. They contribute to projects and learn the soft and hard skills that help them succeed professionally.

If you missed it, you can read our cybersecurity internship program overview here to see our approach to cultivating the next group of leaders to protect  IT and OT operations.

Meet Hector, our Cybersecurity Intern for UI and UX Design

Meet Hector, our Cybersecurity Intern for UI and UX

For this intern spotlight we sat down with Hector to learn about his experiences at TDi working on user experience design and how his passion for all things graphic design landed him a spot in this summer’s cybersecurity internship program.

Hector initially found his love for graphic design by creating thumbnails for his YouTube videos. From there he pursued design courses in high school to learn more and build upon the fundamentals of graphic design.

Eventually he entered graphic design competitions, getting first in the DFW region, and even going all the way to the state championship, taking third place.

His focus in college is on UI and UX design and creating mobile app interfaces. We asked Hector some questions about his experience during the internship and his advice to other students who are considering an internship.

Intern Spotlight

What do you want to do when you graduate?

That’s definitely something I have been thinking about a lot recently, because I’m approaching my senior year. Ideally, I would want to do something very similar to what I’m doing at TDi, like UI development and UI design.

How has your experience in the cybersecurity internship at TDi helped you on your career track?

It definitely skyrocketed my progress toward wanting to do UI! Prior to this, my choices have been either general graphic design or working as a social media manager. With my Cybersecurity Internship here, I’ve learned so much about the process of designing user flows, wireframing and creating mockups at a much higher level.

I’m able to put a lot of thought into the things that I’m doing, especially since we’re working in advance for what we need to push out, so I’m not thinking “okay let’s just get something done.” I’m thinking a lot more about the quality of the product.

And in general, working with the engineering and devops teams has been super informative to understanding their thought process, and understanding the limitations of programming, so I’m not designing something extremely overboard. It’s nice to sit down and understand where the limitations are and where my priorities should be.

What have you learned about cybersecurity that surprised you?

I’ve learned a lot and there’s still so much I’m learning every day. Just working on the platform itself, working on all the dashboards [for ConsoleWorks] and realizing just how many devices and events there could potentially be.

There are things our team must consider for the ConsoleWorks user – if they’re a beginner or light user of ConsoleWorks, or a heavy user that has multiple devices and dozens of events for each of those devices. Regardless of the situation, it’s important that ConsoleWorks is user friendly and that all the performance and control is there at both levels.

Cybersecurity is definitely a lot more intricate than I originally thought and it’s something I want to learn more about. I think that being in this position, I’m definitely learning every single day, which is exactly what I want to do.

What have you been working on?

I have been extensively working on designing both from the frontend, to creating documentation and going over other projects too.

The main priority has been on our dashboards. Creating new iconography for the widgets and giving it a facelift. We’re heavily considering the feedback from our customers about how they use the platform and how they ideally want to use the platform. I’m trying to design the platform around their wants and uses to fulfill their objectives when using ConsoleWorks.

What’s the most challenging part of your internship?

The most challenging so far has been that I’m so accustomed to that “get in and get out” type workflow from previous jobs. This is a lot more “take your time, make sure the product is good” so we get things in there without any issues.

I get to make my work professional and high quality before we’re pushing it out to users. Because we have huge companies using our product, we want to make sure that the platform is top quality.

What has been your favorite thing about the internship?

My favorite thing has been presenting my proposals or documentation and ideas to devops, my mentor and others throughout the internship. It has been really refreshing hearing great feedback from them and on my work so far. It has been really reassuring.

What would you tell a student interested in interning at TDi?

I would say just go for it!

I know a big thing, especially for college students, is the fear of rejection. I’ve had that same fear myself. I applied for this position knowing that I am capable of doing all of the tasks that are required and that I have plenty of experience. Both work but also in-school experience. So, I applied, but I still had doubts in myself. But look where I’m at now.

Just know that you’re more than capable of interning, whether it be here with TDi or wherever else your ventures take you. Just believe in yourself, that’s the main thing.

Stay tuned for more Internship Spotlights

Keep your eyes fixed on our updates page as we have more intern spotlights coming throughout the summer!

What is a Zero Trust Security Architecture?

by

Zero Trust security is a model and set of system design principles that assumes a breach in your network is inevitable or that a breach has already occurred.

A Zero Trust cybersecurity model uses a mixture of system monitoring, secure remote access and security automations to maintain the security of your environment and give a user the least-privileged access required to endpoints within your network.

Though Zero Trust isn’t something new – it was popularized by Forrester in the ‘00s – the calls for moving to a Zero Trust architecture this year have never sounded so urgent. Watching the breaches from the past twelve months, from the SolarWinds breach, Colonial Pipeline breach and Microsoft announcing a second attack from the same group who committed the SolarWinds breach, one can see why.

President Biden signed an executive order calling for the need to implement Zero Trust cybersecurity measures immediately to improve the nation’s security and protect federal government networks.

These recent attacks were significant. They were breaches permitting access to some of our nation’s most critical networks and infrastructure. They are the biggest warnings yet that cybersecurity infrastructure in this country is not ready to handle the sophistication of its adversaries.

Why Implement Zero Trust Cybersecurity

There are many reasons for implementing a Zero Trust security model. These past 12 months have only added more urgency to this move:

  • Increases in remote workers
  • Evolving and increasingly complex supply chains
  • Organizations moving to cloud and Software as a Service
  • Accelerated adoption of new technologies
  • Increases in the number of cyberattacks and in their sophistication
  • Aging operational technology

Viewed together, we can see we are already in an environment requiring stricter security measures. The traditional model does not work well against the sophisticated attacks we have recently seen.

Where a traditional cybersecurity approach takes a trust but verify view of allowing access, a Zero Trust approach never trusts the user and assumes worst intent. This moves an organization away from assuming someone within the network is verified and is a trusted, privileged actor who should be there.

Implementing Zero Trust Architecture

Zero Trust itself is not a technology, but a shift in design approach. Implementing a Zero Trust architecture requires buy in at all levels of your organization, in addition to technology enabling its core principles. You are moving from a perimeter-based defense to access-based defense, from a reactive defense to a proactive defense.

To begin a successful implementation, you must address the following:

  • Know your most valuable data, assets, applications and services. Where they are, who accesses them and how
  • Limiting and controlling access to endpoints
  • Threat detection in your environment
  • Your company’s current knowledge of cybersecurity best practices

With these key elements in mind, design your Zero Trust implementation to have:

  • Role-based, privileged access giving a user only the access needed to perform their role at the right time and in the right context.
  • Thorough system monitoring and logging of all users to know what is happening when, where, by whom and how.
  • Education and buy in at all levels of the business for a Zero Trust mentality

Privileged, secure remote access ensures a user receives only the level of access they need, and only when they need it, to perform their role and nothing more. Users receive no additional information about your network than is necessary. ConsoleWorks always checks who the user is, gathering contextual information about them every time.

Users log into ConsoleWorks, which manages the connections to the endpoints and keeps sensitive information like passwords to your devices out of the hands of potential threats.

User activity is logged while accessing the environment and the endpoint’s configuration is monitored, ensuring inputs or changes have not been made by the user that would indicate a threat or attack.

You should also ensure all your partners are doing their best to maintain secure environments within their own operations. With compromises to many companies happening from supply chain breaches, TDi Technologies completed its SOC for Supply Chain examination to be a secure link in our partners’ chains.

 Zero Trust Model Benefits

A Zero Trust environment gives you more opportunities to detect threat actors in addition to giving more response options to quickly deploy and address the threat. This, together with a company-wide mindset around the Zero Trust mentality, primes you from top to bottom to notice the subtle threat indicators that many companies miss during an attack.

With the level of sophistication in attacks now surpassing traditional defensive capabilities of many companies in the United States, and critical industrial control systems in our country facing these new threats, a Zero Trust approach is more important than ever.

Transitioning your IT or OT operations to Zero Trust? ConsoleWorks simplifies your access, logging and monitoring needs in one secure operations platform. Talk to us about your Zero Trust needs here to make sure you’re doing it right.

Summer Internship Program at TDi Technologies

by

This summer we are hiring interns who will immerse in the world of cybersecurity and operations in information technology and operations technology applications. TDi Technologies’ Summer Internship Program is a deeply technical, higher education program firmly grounded in computer science and cybersecurity and operations disciplines, with extensive hands-on applications in IT and OT.

With the shortage of skills in the market, TDi is doing its part to encourage students entering higher education to consider careers in cybersecurity.

We believe in the value a great internship program gives to students. It’s important to cultivate career development and personal growth opportunities that help students gain applicable knowledge and abilities to give them a competitive edge and hone critical soft skills.

Each year we hire five interns to work on projects at TDi. These projects develop an understanding of cybersecurity for IT and OT, industry challenges and real-world experience. We match the projects with the students based on their current skill level.

As they learn more and acquire more abilities, we continue putting them on projects that challenge them in new ways and allow them to grow further. In addition to future careers at TDi, our interns have  gone on to have internships with the NSA and Department of Defense – a testament, in part, to the quality of our program.

This Year’s Internship Opportunities

TDi has two types of internship opportunities: high school or college internships, which can receive classroom credit, and independent internships.

TDi recruits students from a number of resources: directly from college career centers, from people within the cybersecurity industry as well as from the CyberPatriot program, which TDi has sponsored.

Interns can focus their experience this year on the following key areas:

  • Product development
  • UI / UX design
  • Graphic design
  • DevOps

We’re eager to help this summer’s interns develop their abilities and professional networks while learning key skills that lead them into careers in cybersecurity.

Looking at the future growth of this industry, we will see more job openings than there are people to fill these roles. It is important that we all do our part to make sure we are contributing to a more secure future, especially as cybersecurity for critical infrastructure becomes a key focus for the country.

“It’s all of our responsibilities to encourage the future talent coming into college to have a career in cybersecurity,” Pam Johnson, Vice President of Operations and Customer Experience at TDi Technologies said, “we are doing our part to cultivate their beginnings.”

TDi’s Learning Environment

Our learning environment is geared toward immersing students in the world of cybersecurity and IT and OT operations. There are on-going teachings from TDi’s experts, providing the background and understanding needed to be successful while learning the ins and outs of applying ConsoleWorks to solve cybersecurity and operations issues.

Each student communicates his or her goals for the internship before beginning a project. This ensures students are working on projects that fulfill their individual objectives and priorities during their time with us.

Everyone is a part of the team here. Each intern receives a mentor, who will guide and help them along for the duration of their internship. They also have access to the resources, people and calendars they need to make sure they’re getting the most out of their experience.

There are both mid-summer and exit evaluations, so students can review how their skills are developing as they reach key milestones throughout the summer program. At the conclusion of the internship, students will have the opportunity to demonstrate their efforts with a presentation showing their work and accomplishments. Various awards are given to interns for completing their projects with us over the summer months.

More Internship Updates

Keep your eyes on our company updates page! As the summer months progress and our interns start tackling new projects and immersing in the world of cybersecurity, we’ll be highlighting their experiences on this page.

 

 

Preventing Industrial Control System Cyber Attacks

by

The worst cyber attack to date against an industrial control system (ICS) in the US just happened on Friday. The United States’ largest pipeline for oil and gas has been shut down after a group infiltrated Colonial Pipeline’s network and locked data on its computers and servers, demanding a ransom payment to get it back.

The attack was made possible by engineers accessing the pipeline remotely from home. This is a situation many companies now find themselves in. With the pandemic moving to a remote work setting, it has opened new vulnerabilities.

As many companies choose to keep their employees remote, even post-COVID, this vulnerability will add to one of many ways bad actors gain access to IT and OT infrastructure. Organizations must consider vulnerabilities on home networks as part of their overall cybersecurity strategy.

Though the motive for this attack seems related to profit, state-sponsored attacks have happened in other countries. These attacks are devastating, and one can imagine the level of damage an attack could create with such access to critical infrastructure. It could cripple a country.

Ransomware attacks have been increasing in recent years, with many high-profile attacks happening just recently. Our blog on the importance of supply chain security highlighted a few of those.

The Cybersecurity and Infrastructure Security Agency (CISA) last year also warned of ransomware attacks affecting pipeline operations and for all asset owner operators across critical infrastructure to ensure corresponding mitigations were applied.

A ransomware attack’s damage is so severe that you are left with only two options once affected: pay the ransom to get your access back or rebuild the system. These are both terrible choices to be forced to make. The best choice is preventing it from happening in the first place.

In the case of the attack so far, the US has issued emergency legislation loosening regulations so the supply of petroleum will not be further disrupted, and Colonial’s systems have been offline for days while they are fixing the fallout from the attack.

ICS Cybersecurity Best Practices

Many companies are not adequately protecting their ICS environment. This is putting the infrastructure of America at risk, as these threats will only grow in number as electric and water utilities, or transport and gas companies are targeted.

As the operational technology of our critical infrastructure, like those of industrial control systems, become fresh targets for attack, it’s important that we review what can be done to prevent it from happening.

In the case of Colonial Pipeline, they needed a secure remote access solution, creating a barrier between the attacker and the end point. This is done by creating a protocol break, which prevents ransomware, malware or viruses from moving from your home network into the critical infrastructure.

This is taken a step further with role-based access control, which ensures that even a legitimate actor is only given access to specific assets and only when they have a legitimate need to access said asset.

This access is recorded, and the configuration of the asset is checked after the user has made changes, alerting someone immediately if its configuration has changed.

Follow these ICS cybersecurity best practices below to ensure you are prepared to defend against attacks on your industrial control system:

  • Employ a secure access control technology that provides a protocol break between the user and the assets to which he is accessing.
  • Continue to monitor your critical infrastructure for unexpected configuration changes such as ports that have been opened, privileged accounts that may have been added.
  • Ensure your security programs, anti-malware and other software are up to date.
  • Consider refreshing your wi-fi routers every few years as some older ones have vulnerabilities that are never patched.
  • Make sure your routers are not configured to have an open wi-fi and have encrypted passwords and you know which firewall ports and services are active.
  • Password protect all devices with difficult passwords and incorporate two-factor authentication and role-based access control.
  • Have awareness of who is logged in to a device and what they did, providing real-time and after-the-fact forensic evidence that can be used for investigation.

With ConsoleWorks, you’re not just getting one piece from this list of best practices, you’re getting a complete, secure operations platform that ensures you are protected against security threats to your IT and OT environments.

With Colonial now shutdown for days, the nation having to loosen regulations of transport of petroleum products on highways to avoid disruptions to the fuel supply and prices of fuel potentially increasing, we cannot afford anything less than the most up-to-date defense against these outside threats.

They will continue to grow in number and in sophistication. The time to be prepared was yesterday.

The Importance of Supply Chain Security

by

A global pandemic hit organizations across the world hard, but many of us were able to continue doing business, even amid this uncertainty. Because of that, it’s probable you are reading this while working from your home office.  That’s thanks in part to today’s technology, which has become increasingly intricate and decentralized, and opened doors to global markets and new supply chain relationships.

Technology produced by our supply chains today is more effective, efficient and complex than at any point previously. Innovations in technology continue to propel it forward. With AI, machine learning, predictive analytics, the internet of things and more, we can expect a rapid rate of adoption for the foreseeable future.

The benefits of these innovations have been incredible, but as technology improves and allows us to work in ways previously unseen, we introduce new areas of opportunity and potential vulnerabilities for bad actors to exploit.

High-Profile Supply Chain Breaches

A breach at one point in your supply chain has the potential to spread to other points within your organization’s infrastructure. Supply chain breaches will cost you more than just money, but reputation, litigation, time and even lives. This threat is increasing more and more – just last year we saw a historic supply chain breach with the SolarWinds attack.

SolarWinds estimates up to 18,000 customers downloaded the tainted code that enabled the breaches.  With the investigation still being conducted, the extent and impact of the damage from the breach is still unknown.

What is known, is the effect of this breach is significant and potentially long lasting. Knowing the true depth of the damage caused will take a long time. We could see future news stories linking new breaches back to the initial attack.

Because of the access these actors had, and the length of time they had it, it is hard to know just how much damage was done and if they left something behind permitting a backdoor that can be exploited in the future.

There have been other serious breaches to start the new year also. Accellion, hacked in December, resulted in the theft of personal information and blocked system access of many high-profile government entities, companies and universities who use their secure file transfer software. SITA, a vendor for airlines, was breached and passenger data stored on the company’s servers was compromised. Microsoft suffered Exchange Server attacks in January, opening companies up to data theft and ransomware attacks.

You Are Only as Strong as the Weakest Link in Your Chain

These supply chain breaches can threaten more than just privacy of information, they can be life threatening. Like in 2017, when hackers disabled a Saudi refinery with code they implanted, enabling access from the corporate network down to system controls. A bug prevented the code from executing properly and causing an explosion, but this breach could have cost lives.

The theme in all these breaches is a link in the supply chain being compromised, opening companies up to attack through their third-party partners’ technologies. This is a growing challenge as corporations’ IT or OT networks continue to grow in complexity and expand to include many third-party partners, each needing access to various data and controls within the business.

It is one thing to ensure your company is secure, but to ensure every company working with you is secure is another challenge entirely. How are you certain your partners are doing their best to manage their vulnerabilities as well?

Improving Supply Chain Security

As companies are introducing more touchpoints in their supply chains, diligence is needed to ensure risk is assessed and mitigated. Each time a company adds a new technology or service provider, a new element of risk is also added. This creates a greater need for a new level of insight into the security and reliability of partners.

Ensuring that best practices like penetration testing, security assessments, modernization of processes, secure remote access with role-based access control and the ability to prove due diligence of your security and controls are important not just for you to do, but for your partners as well.

As a cybersecurity provider in the IT/OT space, and as a partner dedicated to being a secure, reliable link in your supply chain, we understand the necessity to be forward-thinking and staying ahead when it comes to supply chain security and controls.

That’s why we became the first software company to complete the SOC for Supply Chain examination. “As our technology protects and secures critical infrastructure, TDi has to make sure it protects our customers that use our technology,” CEO of TDi Technologies, Bill Johnson, said.

In April 2020, the American Institute of CPAs (AICPA) introduced a new standard for risk mitigation: The SOC for Supply Chain examination. Formally called the “Report on Controls Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy in a Production, Manufacturing, or Distribution System,” its intent is to help organizations and business partners identify, assess and address supply chain risks.

“Although the SOC for Supply Chain is the latest SOC reporting option, we have seen growing interest in the marketplace similar to the early days of the SOC 2,” Principal at Schellman & Company, LLC Ryan Buckner said. “Only time will tell, but the SOC for Supply Chain report may grow to become the de facto SOC report for software products.”

The AICPA says it developed the solution to “foster greater transparency in the supply chain —a market-driven, flexible, and voluntary reporting framework.  This resource helps organizations communicate certain information about the supply chain risk management efforts and assess the effectiveness of system controls that mitigate those risks.”

With a SOC for Supply Chain examination, you can be assured that your partner is doing its part to ensure the effectiveness of its controls and security are in place to properly protect against bad actors within the supply chain. This transparency is crucial, as threats to supply chains will continue to grow in sophistication and our supply chains will continue to grow in complexity.

It’s up to each business to ensure it is doing its part to proactively defend against and ensure that not only is it keeping itself secure, but it is being a strong link in its partner’s supply chains.

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us