Tilson provides a comprehensive array of cybersecurity services focused on the development and execution of a complete cybersecurity program (CSP). We believe that proper cybersecurity is integrated into the organizational decision-making process, thereby enabling organizations to achieve their business objectives. Our methodology builds and matures cybersecurity programs via the implementation of effective governance and strategies, enterprise risk management, security controls and frameworks, audits and assurance testing, and ongoing measurement of the results. Tilson’s holistic approach prepares an organization to adequately prevent, detect, and respond to security events.
The Tilson methodology uses a lifecycle process that includes the following six iterative steps:
1) Business Awareness and Gap Analysis – Determine current state and desired future state.
2) Risk Analysis – Identify assets, potential threats and vulnerabilities, and assessing the probability and likelihood.
3) Governance and Policy – Information security policy creation, change control processes, steering committee.
4) Develop Strategy and Metrics – Define goals and objectives, define three-year strategic plan, consider budget, and identify metrics.
5) Implement Strategy – Implement and mature solutions (SIEM, SOAR), security controls, user education, and incident response plan.
6) Test and Monitor – Schedule and perform ongoing vulnerability assessments, penetration testing, and stakeholder reporting.
Tilson works in conjunction with senior leadership, information security officers and IT resources to guide an organization through all phases of CSP development. Additionally, Tilson works with organizations that have an immediate need to address a specific cybersecurity component, or to assist an organization experiencing a security event with incident response management services.
Director of IT and Cybersecurity
Stephen Hand is the Director of IT and Cybersecurity at Tilson, leading a team focused on delivering comprehensive cybersecurity solutions to mid-market and enterprise clients on a national basis. Steve was introduced to the IT world back in the 80’s with Retail Inventory Control and Point of Sale solutions and worked with many large national and niche retailers before founding Know Technology in 1998. Know Technology grew to be a well-known Systems Integrator in New England, servicing primarily financial services, healthcare and retail organizations. As an early provider of Managed IT & Security Services, Steve and Know Technology were also a leading Microsoft partner, winning Microsoft’s Global Partner of the Year Award in 2009. Steve sold Know Technology in 2013 and most recently provided independent consulting services to help organizations think critically about their operational issues, with a focus on technology and security, often utilizing Microsoft Office 365 and Azure solutions. Steve has BS in Business Management & Marketing from the University of Maine and has served on the boards of many tech and business development organizations including MTI, MTUG, ConnectME and MESDA.
Senior Consultant of Cybersecurity
Peter Fortunato is a Senior Consultant in the Cybersecurity division at Tilson focused on the delivery of vulnerability and risk assessment services. Peter is a seasoned IT and Information Security professional with over 30 years of managing teams, cybersecurity, and technology infrastructures. Prior to joining Tilson in 2019, Peter was a manager in the Risk and Business Advisory group at one of the top 100 accounting firms where he developed cybersecurity programs, performed security assessments and audits, and developed and implemented a vulnerability and network assessment service that was provided to numerous customers of the firm. Previously, Peter worked for an international managed service provider as vice president of technology and information security where he was responsible for architecting, deploying, and securing internal and client-related environments, including the MSP’s public cloud implementation. Peter has also led numerous NIST-related engagements, including a recent NIST 800-171 and NIST 800-53 engagement for an International Aerospace and Defense contractor.
Peter currently holds certifications for Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC), and Certified Information Security Auditor (CISA). He currently serves as the InfraGard Sector Chief for two areas, Information Technology and Communications, which is an FBI-related outreach program that serves to protect the nation's sixteen critical infrastructure sectors.
Connect on LinkedInSend an Email