“Kenneth brings outstanding expertise to the complex subject of
information security. He has the breadth and depth of skill to analyze
the big picture, produce detailed reports, and make well prioritized
recommendations.”—Paul Caskey, Information services
director at Applied Research Associates (ARA), September 9, 2009.
Kenneth Ingham Consulting has been helping customers since 1990. We can
help you with:
Training, both prepared and custom
We offer instructor-led onsite,
on security and GNU/Linux systems. Because everybody
working at Kenneth Ingham Consulting is also a practicing professional,
the training is not just theoretical.
Network and system administration
We can help you with managing your systems and networks of systems.
With our extensive background in security and system administration, we
can assist with planning, implementing, deploying, and running your
network. We work with servers and desktop/laptop clients. We can
assist you with secure remote access solutions.
- System development
Security is necessary throughout the entire software development
lifecycle, and we help in all phases. We have worked with many customers
on identifying the security requirements for a system. Once these
are known, we help with secure design techniques. Given a good
design, the programmers need to code securely. As coding takes
place, security testing occurs. Finally, the system must be
securely deployed and regularly audited. We have experience in
all of these phases and can help you in any or all of them.
We can help your developers avoid the CWE/SANS Top 25 security errors.
If you develop web applications, remember that the security and reputation
of your company is riding on the quality of your web applications (both
Internet-facing and intranet). We can work with developers on avoiding
the OWASP Top Ten web application security errors.
- Security preaudits
If you are about to be audited for compliance (PCI, HIPPA, SOX,
FERPA, etc), we can do a pre-audit to identify problems the auditors
will find, giving you time to fix them before they affect your
- System purchases
You first identify requirements for the new system. We can help you
identify security requirements for the new system. Because of our
practical experience, we also ensure that the requirements can be met with
today's technology. You then work with vendors to see what they offer
that meet your needs; we can assist you by independently verifying
vendor security claims. The best system in the world is insecure
unless properly deployed, so we will also help you securely deploy
the new system and help you develop procedures to ensure that it
continues to work securely.
Since we do not sell products, our work and recommendations are
independent and unbiased. We help you get what you need instead of what
the salesperson wants to sell you.
- Secure system and network design
Are you designing a new network? We can work with you to ensure that
your security requirements are met in the architecture.