Level Nine Service Catalog

Cybersecurity Program Development


Do you know why you’re doing what you’re doing? Level Nine strategy workshops empower individuals at all levels to strengthen cross-functional relationships, align to business imperatives and drive innovation.  As a result, team members develop a shared vision, personal ownership and sense of purpose that promotes program growth.

Prioritization & Roadmapping

With new cybersecurity challenges emerging daily it can be difficult to know where to start. Level Nine provides a practical approach to evaluating impact, estimating costs, and developing timelines for cybersecurity initiatives. Whether you’re looking to do rigorous investigation and project planning or develop a tactical “quick-win” program, Level Nine’s decades of industry experience ensures successful orchestration to achieve your goals.

Organization Design

How do you identify and leverage existing talent? Attract new talent? Cultivate new skills? One of the greatest challenges facing cybersecurity programs is getting the right people in the right roles. Whether you’re starting a new program or updating your organization model, Level Nine’s “teams that work” approach helps organizations match individuals with fulfilling roles and build team interactions that facilitate the new pace of technology.

Communication & Visualization

You’ve got a great idea and now you need to tell the world. Presentations, web-presence, marketing materials, infographics—getting funding, support, and adoption require clear, impactful language and striking visuals. With the expansion of information collection, sometimes the only way to present and gain insight from big data sets is through skillful, explorative data visualization. Level Nine’s expert copywriters and designers specialize in bringing complex ideas of cybersecurity and IT risk to a wide audience in a simple and engaging manner. Our renowned design team understands cybersecurity, ensuring your creative experience is simple, fast and on-message.

Interim CISO

For a variety of reasons organizations occasionally find themselves with a gap in critical leadership roles. Level Nine’s team includes experienced C-level cybersecurity executives that can help navigate an organization though these times. In addition to matching your organization with a temporary leader from our vast network, Level Nine will aid in screening permanent candidates and put together a transition plan to ensure continuity and stability for the organization.

Coaching and Advisory

Sometimes you just need to talk to an expert. Level Nine offers coaching to individuals in management, executive and board positions. Our team members worked one-on-one with leaders at top organizations to solve challenges, inspire new ideas and advance careers.

Cybersecurity Risk Assessment

Advanced Threat Simulation

Have you been phished? This service emulates real-world scenarios for measuring an organization’s effectiveness at detecting and responding to actual Tactics, Techniques and Procedures (TTP) used by advanced threat actors. We employ methodologies that accurately simulate a complete advanced threat lifecycle observed by targeted attacks against high profile organizations across the world. Level Nine will execute simulations against a target organization using zero prior knowledge, attempt to gain a foothold on the organization, and pivot through the internal network to simulate the devastating consequences advanced threats pose to highly regulated industries and organizations with mass amounts of sensitive data.

Embedded Device Security Assessment

Embedded devices from networked appliances to life saving medical devices have been neglected for far too long. Level Nine assists manufacturers to ensure their devices perform as expected with adequate security. Our practitioners reverse engineer these devices with an attacker mindset and identify vulnerabilities that can result in devastating data or life threatening consequences to users.

Application Security Assessment

Your applications may be serving more than just your customers and employees. It’s common for organizations to deploy applications both internally and externally that contain software vulnerabilities, providing attackers an avenue to compromise the application data or underlying systems. Level Nine’s application security assessments examine an application by exploring possible attacks by unauthenticated users and authenticated users alike. Our practitioners can also review the source code to assist in the comprehensive eradication of vulnerabilities. Level Nine practitioners work with your development team to provide a security perspective, enabling you to prevent exposure at the source. Regardless of where in the development cycle you are, we can help.

Penetration Testing

One of the greatest insights a cybersecurity program has is knowing how an attacker breaches their defenses. Don’t sit around and wait for an actual incident. Level Nine’s penetration testing team consists of experienced white-hat hackers that simulate the same attacks being used by malicious attackers to rapidly identify organizational weakness. By knowing the quickest, most effective means of compromising your network organizations can make targeted investment with greater value per dollar spent. Penetration testing quickly identifies the maturity level of organization without performing a comprehensive vulnerability or application assessment.

Mobile Risk Assessment

The proliferation of mobile applications and BYOD programs pushes enterprise data to mobile endpoints controlled by customers and employees. How do you ensure your data and reputation when it extends beyond what you own, manage and can secure? Level Nine recognized the increased risk moving to mobile created, and developed extensive expertise in assessment of individual mobile applications and entire Mobile Device Management (MDM/EMM) solutions.  Our practitioners consistently demonstrated vulnerabilities and improper configurations in the mobile ecosystems of organizations that thought they were secure. These could have resulted in data breach and compromise of additional systems.

Incident Response Breach Investigation

You’ve been breached. What now? Level Nine’s practitioners investigated some of the most prolific attacks against Fortune 500 organizations. We have vast experience investigating attacks across healthcare, retail, and manufacturing industries targeted for intellectual property, financial data, personally identifiable information, and portable health information. After cursory analysis of a suspected breach, our incident response experts provide recommendations for further investigation and eradication of malware, attacker tools, and other unwanted presence. We identify the extent of the breach, recommend a clean-up process, and assist in preventing re-entry.  You’re not alone—our team of experienced executives and communication professionals help you collect and present the facts of the breach to manage stakeholder expectations and generate insight to prevent future attacks.

Vulnerability Assessment

Want to find ALL your vulnerabilities? Penetration testing is great for simulating real-world attacks and testing detection and response, but when it comes to eliminating possible attack vectors there is no substitute for vulnerability assessment. Level Nine’s vulnerability assessment employs automated tools to identify a high number of vulnerabilities even if there are detective controls that may identify the attack. This constructive service provides big-picture vulnerability identification and remediation efforts to protect your company from a wide variety of potential attacks.

Cybersecurity Operational Efficiency

Control Validation & Verification

Do you have the right controls in place? Are they working as expected? Level Nine Control Validation & Verification uses a combination of our proprietary security framework and applicable industry regulations to evaluate the correctness and effectiveness of an organization’s technical, management and operational controls. Our team performed hundreds of audits at leading organizations and provides clear, concise findings for both best practice and compliance cybersecurity issues.

Process & Technical Documentation

One of the largest drivers of cost and risk in modern organization is ad-hoc workflows and poor knowledge management. Our documentation team ensures information is consistent, available and easy to use by developing templates, information architectures, and knowledge management programs. While some firms provide pages of jargon that would confuse even the most seasoned subject matter expert, we aim to provide you with practical assets that capture what your audience needs in a way that enhances your operations.

Metrics & Reporting

How do you measure cybersecurity? At Level Nine we don’t believe in reporting for reporting’s sake. Level Nine’s experienced executives know what data is needed to make decisions. Our metrics and reporting service will help you develop meaningful measurement methodologies, set key performance indicators, and develop powerful dashboard and reports.

Cybersecurity Solution Development

Solution Design

Controlling and monitoring data requires enterprise-scale solutions. From implementing Data Loss Prevention tools to crafting data classification standards, Level Nine’s cybersecurity architects help organizations seeking better control over their information by implementing best practice policy, process, and technology toreduce the impact of malicious and non-malicious behavior.

Solution Engineering

Get your security built by an expert. Level Nine’s team have built enterprise grade solutions for emerging technologies in data-protection, threat management, encryption and identity, and access management. Whether you need an entire engineering team or just a subject matter expert to guide your project team, Level Nine can provide experienced engineers to ensure successful execution.

Solution Selection & Integration

With an ever-expanding number of security vendors (and non-security vendors), it can be difficult to know who to select. Level Nine helps develop RFIs, selection criteria and security assurance profiles to standardize and optimize vendor selection. Once you’ve selected a vendor we’ll ensure a smooth on-boarding and secure integrations with the future in mind.



  • P&C Insurance
  • Life Insurance
  • Health Insurance

Financial Services

  • Banking & Capital Markets
  • Broker Dealer
  • Cardservices & Payment


  • Pharmaceutical
  • Medical Devices

© 2019 Level Nine Group