Product Security Group

Security & Privacy Consulting


What we do

We help businesses fulfill their promises to stakeholders & customers on security, privacy, and data ethics by pragmatically advising our clients on how these investments can create significant value to the business and its investors.
PSG provides a wide array of security & privacy services to assist our clients on this journey.
The panels below outline our various offerings. If you cannot find what you are looking for or need more info, schedule sometime below to chat with us.



Security Programs

We help organizations of all sizes build security programs. Whether it is a tune-up of a program at a $1B+ publicly-traded company or bootstrapping a program at a small start-up, we take pride in providing pragmatic advice on what type of security program you may need and how to realistically achieve your security goals. Some of the services we provide are:

  • Program Assessments- Using our proprietary model, we will review your security program against a variety of standards and provide an assessment versus your peer groups, an opinion on your risks, and a pragmatic roadmap to reduce these risks to an acceptable level to your business.

  • Advisory Services- If you are not sure what you need or just need a knowledgeable person to check an idea/approach, we can provide small advisory retainers to assist.

  • Certification Readiness- Whether it is SOC2, PCI, HITRUST, or ISO27001, we can prepare your organization to undergo these certification processes. If you are already certified, we can assist you by providing an independent internal audit of your controls.

  • Cyber Insurance Review- We can assist your organization in reviewing a prospective or current policy to ensure the organization has the coverage they need based on the risks they have.



Application Security

Shift left security. Devsecops. These concepts are driving security into the product development process at an accelerated rate. With 100% of our delivery staff having been developers, QA analysts, or product managers in past lives, we are uniquely positioned to assist you in embedding security into your product development processes. Some of these services we provide are:

  • Appsec Program Assessments- Using our proprietary model, we will review your appsec program against a variety of standards and provide an assessment versus your peer groups and a realistic roadmap to embed security into your product development processes.

  • Product Security & Privacy Assessment- Security & privacy expectations of your customers are on the rise. Using our proprietary model, we will review the security & privacy features of your product against your target customer base and provide a pragmatic roadmap of new features you may need to ensure that your product meets your customers' trust expectations.

  • Appsec Projects- Whether it is pipeline security tool deployments, architecture reviews of your firmware, or instructor-led training of your staff on sql injection, we can provide the expertise you need to drive your appsec projects.

  • PSIRT Response Services- A researcher just reported a security finding to your security@ inbox and you are not sure what to do. We can assist in the response process from remediation to communication coordination. If your organization wants to get ahead of this potential issue, we can assist by proactively running your team through a targeted tabletop exercise.

  • Threat Modeling- Not sure what threats you may have and how to mitigate them? Let us assist you in conducting a threat review of your product. Our team has extensive experience across a variety of products from SaaS websites to sports wearables and the odd autonomous marine vehicle. Not sure what threat modeling is or how it can help? Click on the link below to the Threat Modeling manifesto for more details.



Transitional CISO Services

What are transitional CISO services? Many of our clients have had security programs but now find themselves either without a leader or team members. We can provide transitional CISO staffing services to these organizations, which include:

  • Running the Team- For a short duration (typically less than 4 months), we can function as your CISO. We will run the team and function from a day-to-day basis.

  • Hiring- Working with your People Operations and Leadership team, we can assist in hiring the security professionals you need. This includes creating job descriptions, vetting resumes, interviewing candidates and on-boarding the team as they get hired.

  • Team Analysis- We will review all current security team members, career ladders, job descriptions, salary bands, and team functions with a goal to provide practical opinions on potential enhancements. To support this effort, we have gone ahead and open-sourced some of our materials for folks. Click on the button below to access them.



Privacy & Data

Not only is data the foundation of the modern company, the expectations around its proper use are expanding at an exponential rate. With this rise come more comprehensive requirements around the privacy and ethical use of the customers' data. We can assist your organization in navigating this change with some of the services listed below:

  • Privacy Assessments- Using our proprietary privacy model, we will review your program against a variety of standards/laws and provide an assessment versus your peer groups, an opinion on your risks, and a realistic roadmap to reduce these risks to an acceptable level to your business.

  • Privacy Projects- Whether it is performing a privacy threat model, reviewing your DSAR process, selecting a cookie management tool, or finding a data protection officer in Europe, we can provide the expertise you need to drive your privacy projects.

  • Data Ethics- With the rise of social platforms and AI, there is an increasing need for organizations to establish a position on the ethical use of data within their products and platforms. Whether it is creating a generative AI AUP, a content moderation process, or establishing an ethics review process at the board-level, we can assist you. Take a look at some of our free content at the link below.



Physical Security

We found out early on that our clients wanted a one stop shop for all things related to security. As a result, we formed a wholly owned subsidiary Personal Security Group, LLC that supports our clients' needs in the physical security space. Services include everything from physical security & safety assessments, drone operations, maritime/aviation security, protective details, and customer protective training. If you would like to learn more, click on the link above or stop by at our location found by clicking the button below.