Advisory Services

Pondurance serves as a trusted security adviser so your cybersecurity program focuses on what's most important to you, and you can sleep at night. 

Virtual Chief Information Security Officer (vCISO) Services

While organizations need an experienced CISO to drive critical initiatives and oversee their security programs, not every organization has the budget for a full-time, top-level CISO.

With decades of experience in security consulting and advisory services, Pondurance delivers a vCISO service that applies expertise where it is needed most.

Incident Response Planning

Pondurance can help your organization to review and develop security incident response plans to ensure that your procedures are comprehensive, actionable and robust. Our methodology ensures that you have incident response plans that cover:



Establish management commitment, organizational accountability and allocation of resources to prepare.



Identify and detect an incident as soon as possible.



Develop procedures to help contain damage and restore affected systems to their normal operating state.



Help develop procedures focused on the removal of threats for infected systems. Pondurance may recommend eradication procedures that are designated for internal execution and others that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc.).



Develop procedures that provide a basis of recovery for minimum or normal operations.



Develop a process for validating the plan, facilitating tabletop exercises and adopting a lessons learned process from real-world events.

Security Testing

Pondurance offers external and internal testing. External testing is designed to represent the visibility and access that an external threat would have and is performed from the Pondurance Penetration Testing laboratory. Internal testing is designed to represent a malicious insider or attacker who has gained a foothold into the network via techniques such as phishing, malware or stolen credentials. The combination of these two methodologies provides enhanced insight into an organization’s defenses.

Penetration Testing

Information gathering

Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.

Verification and manual testing

Review and validate all identified vulnerabilities to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration Testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls. 

Vulnerability discovery

Perform detailed security analysis and vulnerability scanning using a comprehensive suite of tools.

Application Security Testing


Dynamic application testing​

Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of testing include, but are not limited to:


  • OWASP Top 10
  • Verification and manual testing


Static application security testing (SAST)

Pondurance will analyze your application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. Our SAST services analyze an application from the “inside out” in a nonrunning state via:
  • Information gathering and isolation
  • Automated methods verification and manual review

Red Team Exercise (Physical Penetration Testing)

Pondurance can help validate both digital and physical security to ensure that your organization has a clear understanding of risk. Whether the engagement begins with spear-phishing an employee or attempting to enter facilities, we’ll first discuss all scenarios with you during a rules of engagement meeting. This discussion ensures that your expectations will be met and our techniques are approved.

Some in-scope procedures for the physical Penetration Testing include:

  • Covert facility surveillance
  • Attempts to gain unauthorized entry (RFID cloning, lock picking, etc.)
  • Secure access via tailgating
  • Credential forgery/impersonation
  • Unauthorized access to sensitive materials
  • Clean desk check

A System That Delivers

Cybersecurity technology has improved, but bad actors continue to evolve. The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cybersecurity teams are stretched to keep their organizations safe, stable and resilient against attacks. At Pondurance, it’s our job to know the threat so we can provide you with the best service and protection.