
Product Security Group
Security & Privacy Consulting
Product Security Group knows product and risk. Whether you are an early angel round startup or a publicly traded $2B company, we are here to help organizations build secure products and services.
Text
ASSESSING
Program Maturity Assessments
Barndoor Flash Assessment
Information Security
Privacy
Application Security
Legal
Physical Security
Product Architecture
Security & Privacy Product Features
Threat Models
Team & Talent
Capability Assessment
Career Progression
BUILDING
Programs
Information Security
Privacy
Application Security
Physical Security
Technical Capabilities
DevSecOps Tooling
Security Champions
Azure & AWS Security Landing Zones
Critical Response Capabilities
General Security Incident Response Tabletops
PSIRT Processes
ADVISING
Strategic Retainer
Unlimited access across all security & privacy disciplines
We are NOT a vCISO
Transitional Assistance
Team stabilization
New CISO on-boarding
Product/Market Readiness
US Federal
EU/UK
Hiring
Senior Leadership [CISO/CPO]
Security & Privacy Managers & ICs
Staff Augmentation Resources
Articles
VIDEO SPOTLIGHTS
Contact us
Email
Phone
+1 508-217-3330
Visit us
139 Main St Suite #4 Sturbridge, MA 01566
Talk to us
mentoring
If you are interested in participating in the PSG mentoring program, please fill out the details below and we will get back to as soon as we can.
Security Policy
LAST UPDATED: January 1, 2023
Product Security Group establishes this security policy to protect employees, our company, and our customers.It is important to know:
All employees, contractors, visitors, and vendors are responsible for following this policy.
Violations of this policy may be subject to actions in our Sanctions standard.
To send questions about this policy to the security team.
Company's Security Goals
C1 - To maintain a standards-based program to manage security.
C2 - Strive to build only secure applications.
C3 - Strive to deploy and operate secure systems and networks.
C4 - Strive to ensure everyone has the ability to work in the case of a disaster.
Everyone's Security Goals
E1 - To complete security training at least once a year.
E2 - To handle all data according to our standards.
E3 - To use the company's assets according to our acceptable use standards.
E4 - To ensure a secure and safe work environment.
E5 - To help us meet all our legal, compliance, contractual, and regulatory requirements.
E6 - To report insecure or suspicious activity to the security team.
E7 - To maintain the privacy of the information they may use.
E8 - To report risks to the security team who will manage them.
E9 - To undergo background screening before starting employment at the company.
E10 - To use only approved methods to access company assets.
E11 - To have all new technology or services reviewed by the security team.
E12 - To use their own device for business purposes as long as they follow our standards.
E13 - To read and attest to the security policies every year.
Exception Management
The security team's exception management process handles exceptions to this policy.
PRIVACY policy
LAST UPDATED: January 1, 2023
What do we collect?
Fullname, Email Address, Phone Number
Session Token/Cookie
How do we collect it?
Buy a product or service
Contact us
Complete a survey or poll
Use or view our website
How will we use it?
Process an order or manage your account
Contact you back
Improve our products
Improve our website
How do we store it?
Stored in Microsoft Data Centers in the USA.
Retained for 6-months past the last contact.
What are your rights?
Note: All of these rights may not apply in all conditions
Access: You can request the data we have on you for a small fee: $10 USD
Rectification: You can update the data we have on you
Erasure: You can erase your data
Restrict Processing: You can restrict processing of your data
Object to Processing: You can object to processing
Portability: You can request an export of your data
Response: We will respond to these requests within 30 days and may require proof of identity or charge an additional fee if the request is excessive.
Children
This site is not for children and we will erase their information if notified.
California folks
We do not sell your personal information
We are too small to qualify under CCPA/CPRA but adhere to many of the tenets since they are the right things to do.
EU/UK/Swiss folks
Data Protection Officer: Marc French, CISO & Managing Director is the DPO.
Legal Basis: Contractual:To fulfill your order for a product or service, Consent: To fulfill your request to contact you, Legitimate Interest: To maintain the website, Compliance To fulfill legal obligations.
Subprocessors: Microsoft, Google
Transfers to 3rd parties: When required by law or legal process, to fulfill your contract, defend our legal interests, or to investigate and prevent illegal/unsafe activities.
cookie policy
LAST UPDATED: January 1, 2023
What is a cookie?
A cookie is a small text file that is placed on your hard drive by a web page server
Do we use cookies?
Yes
Why do we use them?
We use cookies to manage your website session and user experience.
What cookies do we use?
Our use is limited to 3rd party cookies from Google Analytics: utma, utmb, utmc, utmv, utmz
Do Not Track
We do not process DNT signals