Thank you for your interest in our services.
For more information, please contact us at email@example.com or use the form below:
Stratum leverages deep experience securely building, deploying, and operating large enterprise-grade applications in the cloud to ensure your application’s foundation is secure.
Web applications have a complex and nuanced attack surface. As such, they require a custom approach by experienced professionals. Stratum consultants each have over 10 years of application security experience.
The Secure Source Code Review provides a 360º view into your application’s security posture. While dynamic application testing simulates a real-world attacker, examining an application’s source code can identify unseen risks.
Stratum brings the attacker’s mindset to your development organization, providing your developers with an out-of-the-box approach to secure software development.
Stratum Security designed, deployed, and operated an enterprise SaaS that scaled to the demands of over 2,000 enterprise customers in AWS while satisfying the most demanding customer security requirements.
Decrease in the number of findings for each assessment, with some assessments resulting in no issues that need to be addressed prior to launch.
Stratum has been able to meet surges in testing needs while still delivering quality work products within SLA and based on GSK’s risk appetite.
Stratum’s agility in performing tests, often in windows where other vendors could barely get a proposal executed, and ability to push forward the overall mobile security program.
“You guys are...quite good. We've had several security assessments and none caught the stuff you guys found. The team and I are glad you caught these findings before the bad guys did. Thank you. -Large US Consumer Brand
“For me personally, Stratum sets the standard. You guys are adaptable and have flexibility in your schedules, you’re responsive over email and you communicate the information well over the calls with our teams.” -Global Financial Services Organization (Active customer since 2011)”
“I wanted to provide a sincere thank you for your efforts and your willingness to work with us on the original test and the subsequent re-tests. Your flexibility and availability, specifically on the re-tests, allowed us to stay on schedule. This is a business critical application and it was imperative to resolve these issues in the current release given the pending blackout period. The Stratum team's efforts are much appreciated.” -Global Pharmaceutical Company (active customer since 2010)
Stratum provides services to clients world wide. Our list of customers include large multi-national enterprises to small start-ups in numerous industries including finance, insurance, retail, hospitality, health care, government, technology, energy, and telecommunications.
Stratum's goal is simple: Earn a customer's trust by being ridiculously easy to work with, do great work every single time, and know when to say no. We're a diverse group of security experts that advise customers on specific aspects of their information security program. To realize our goal Stratum has carefully grown our business, seeked to make the right hires, and developed a core set of values for our employees that starts at the top.
First, we built ThreatSim, a highly scalable and popular phishing simulation platform. Now XFIL, a breach simulation platform. Developing secure applications and operating secure environments that meet our expectations gives us great insight into relevant customer challenges.
It is those areas where we we focus our consulting efforts as we better understand the trade-offs and limitations in the real world.
Simulate how attackers exfiltrate data from an organization’s network. XFIL simulates the actions an attacker takes the moment after the exploit and exercises your organization's entire security apparatus.
Test and validate your network security controls such as firewalls, proxies, IDS/IPS, DLP, etc.
Emulate an attacker’s attempts to discover, gather, and exfiltrate sensitive data from your network.
Understand where things start to break. Begin with simple file transfers, then increase sophistication using non-standard ports and protocols, known C2 beaconing, and custom encryption.
Perform tests using encryption, advanced tunneling and customizable data strings specific to your industry or environment.
Identify blind spots from the inside of your network out to the Internet.
Above all else, you get to work with people that you like, who are just as dedicated to their work as you are, and who want you to succeed.
A: Stratum is comprised of some really smart security hackers who were tired of working for large companies. There are people here from MITRE, HP, Fortify, RSA, Verizon Business, Cybertrust, and others. We wanted to do the small company thing and it's worked well for us.
A: This is a remote position that is open to residents only located within the US or Canada. We understand that not everyone wants to move to DC so we let you work wherever you are most productive.
A: We generally work "normal" office hours but are flexible. We value results and customer happiness, so sometimes we work a lot. Other times we don't. Most of us have families, really likeable dogs, or value down time so we truly aim for a good work-life balance.
A: For people local to DC we try to get together for lunch every few weeks. For those that are remote we have a few events every year (company picnic, go-kart racing, paintball, holiday party, etc.)
A: The salary is competitive and depends on your experience. We offer the following:
950 Herndon Parkway, Suite 140 Herndon, VA 20170