Enterprise Cyber Security
& Penetration Testing Experts

Who are we ...

Primary Area of Expertise:

  • Offensive Cyber Security Strategies - "Assume Breach"
  • Penetration Testing with Adversary Threat Simulation
  • Active in the Cyber Security Community

Service Disabled Veteran Owned Small Business

Full Stack Cyber Security Provider

  • Penetration Testing
  • Vulnerability Assessments
  • Vulnerability Research Exploit Development
  • Open Source Data Collection
  • Phishing
  • High Value Targets
  • Incident Response Testing
  • Incident Handling
  • Incident Response
  • Network Monitoring
  • Log Collection / Correlation
  • Threat Intelligence
  • End Point Protection
  • Automated Response
  • Policy / Consulting
  • Web Application Assessment
  • Software Assessment
  • Manual & Automated



ISO 9001:2015


  • CEH, Sec+
  • Splunk Certified Consultant I, II
  • Splunk Architect

Our Influences . . .

Influence 1

Developed the US Army's Threat Emulation (Cyber OPFOR), to simulate Cyber Attacks while Combat Arms units trained during War Games.

Influence 2

Created the Pentagon's Vulnerability Research & Exploit Development (VRED) Credited with 14 CVEs

Influence 3

Pentagon Red Team
Commercial Financial Sector

Influence 4

United States Cyber Commmand
Commercial SOC as a Service

Influence 5

Presentations at Security Conferences Training (Personalized) Blogs Software Sharing (GitHub)

Influence 6

Defense in Depth - Assume Breach Methodology


Product 6

Skillwerks is an on demand assessment platform to demonstrate individual computer skills and competencies.

SPLUNK Engineering

Splunk − Delivering & Developing powerful operational intelligence by providing real-time insight into your information systems through dashboards, charts, reports, and alerts.

  • Security & Compliance
  • Implementation
  • Operation Analytics
  • Assess & Design
  • Cloud
  • Development & Administration
Splunk Logo

Vulnerability Assessments Solutions

Vulnerability Assessments (VA) − Independent expert review for a diverse set of potential vulnerabilities across a wide range of technologies.

  • Assessment of adequacy and effectiveness of system security control measures
  • Evaluation of multiple technologies including:
    • Network & Operating Systems
    • Applications (Web & Thick Client)
    • Databases
  • Vulnerability
  • Threat
  • Asset

Penetration Testing Solution

Penetration Testing Graph

Penetration Testing (PT) − Implementation of proven testing methodology and lifecycle emulating modern threats

  • Independent assessment of systems using perspective of external malicious attacker and informed insider
  • Assessment of business impact and access to organizational vulnerabilities (technical/non-technical) of successful attack
  • Test perimeter defenses, internal attack mitigation defenses, and information security detection and response capabilities

Application Security Assessments Solution

Assessment of security posture of 3rd party or custom developed applications across a wide range of operating platforms and attack perspectives.

  • Web Application Vulnerability Assessments/Penetration Tests
  • Mobile Device Application Testing
  • Application Vulnerability Assessments
  • Vulnerability Research & Exploit Development

Credited with over 15 CVEs for discovered vulnerabilities


Social Engineer Assessments Solutions

Impact analysis of a successfully executed social engineering campaign in a controlled environment

  • Open Source Intelligence/Information Gathering (OSINT)
  • Spear-Phishing, Pretexting Campaigns
  • Non-Technical Tests including Baiting, Tailgating, Dumpster Diving, among others
  • Training
Social Engineer Assessments Solutions

Red Team Assessments Solutions

Red Team Assessments Solutions

Emulation of advanced attack profiles (e.g., nation-state, highly funded criminal organization, Hacktivism)

  • Assessment of advanced defense and detection capabilities

Insider Threat Program

Red Team Assessments Solutions

Identifies potential ways an insider could threaten your organization

  • Know what is at stake
  • Align insider threat with business continuity
  • Know your critical systems
  • Trust but verify
  • Prevent breaches

Cyber Hygiene (CyHy)

Red Team Assessments Solutions

Gray Tier’s own developed variety of proactive services which evaluates an organization’s external security posture

  • Open Source Intelligence/Information Gathering (OSINT)
  • Spear-Phishing, Pretexting Campaigns
  • Continual Vulnerability Identification
  • Dark Web, Credential Leaks, Domain Masquerading

Security Operations Center as a Service (SOCaaS)

Security Information and Event Management(SIEM)

Security Information and Event Managementas a Service
Gray Tier

Contact us for an overview of our capabilities and examples of how clients have benefited from our consultation.