Information Security Consulting

Trusted experts that care about your security.

Expertise, whenever you need it.

Cybersecurity is fundamentally a business problem.

CI Security approaches our engagements with a focus on reducing risk, limiting liability, and ensuring that your company can succeed under the scrutiny of customers, shareholders, business partners, and regulators. When you need to extend your team with deep cybersecurity expertise, CI Security can help your business to remain secure, compliant, and resilient.


Keep your focus on patient care, and we'll handle the cyber.

The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with the privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). Critical Informatics conducts these assessments as an authorized HIPAA Business Associate, as well as providing managed detection and response to comply with specific requirements.

Download the consulting services menu

State & Local Government

Protecting the networks of those who serve our communities.

Traffic management, 9-1-1, water purification, waste treatment, communication systems for law enforcement/public safety are all examples of the critical infrastructure operated by the public sector and operated at the local scale. CI Security has deep roots in state and local government, and works with budgeting, procurement, and federated agencies to deliver cost-effective solutions to the public sector.

Download the consulting services menu

Financial Services

We take pride in protecting the customers, assets, and systems of our Financial Services clients.

Subject to the requirements of the Federal Financial Institutions Examination Council (FFIEC), state data breach reporting statutes, and significant customer expectations, the Financial industry is required to conduct network security monitoring and effective incident response. Additionally, compliance obligations include routine examination of firewall rules, review of security policies, and conducting penetration testing and security awareness training. CI Security provides all these services, from a security operation center that is certified as compliant with the SSAE-16 requirements.

Download the consulting services menu

Maritime Ports

Our critical infrastructure background and experience assessing and securing Ports, Port Districts and their facilities ensures we understand that protecting the operational technologies you rely on is every bit as important as securing the IT infrastructure that supports it.

The high economic impact associated with a disruption in port operations makes it especially important and increasingly required (by the US Coast Guard as the sector specific agency) to monitor port networks and provide rapid response to compromised assets. With significant Port experience and customers, CI Security provides assessment, National Institute of Standards and Technology framework compliance and monitoring for port authorities.

Download the consulting services menu

Small & Medium Businesses

Our "Zero to 60" suite of security consulting offerings were specifically designed to assist small businesses and growing startups assess, plan and execute on building and maintaining a robust information security program.

CI Security provides end-to-end Cybersecurity-As-A-Service (CAAS) to the SMB. In addition to managed detection and response, compliance consulting services may be contracted on a subscription basis to perform periodic tasks: firewall rules review, policy development, security awareness training, vulnerability assessment and penetration testing – for less than the cost of a single full-time employee. Our consulting services also assist with business partner compliance for HIPAA, DFARS and others, so that your business may continue to operate.

Some of our Healthcare Services include:

Download the consulting services menu


NERC CIP, the ESP, SCADA, ICS, PLC, DarkEnergy - you know what all of these mean and so do we.

The Critical Insight system for event collection may be used in the Operational Technology (OT) environment, and inside the electronic security perimeter. This provides energy utilities with a solution to managing these events in compliance with critical infrastructure protection standards, without hiring expensive resources. The Critical Insight solution is a good fit for both public and investor-owned utilities.

Download the consulting services menu

What cybersecurity risks exist within your organization?

Learn how to assess the cyber risks in your security program with CISO Mike Hamilton's white paper, "InfoSec Risk Management: a Primer to Assessing Technical Risk."

Get the White Paper