Re: Security Assessment

[John Hoffoss <John.Hoffoss () CSU MNSCU EDU>]

> > > On Thu, Apr 5, 2007 at 12:32 PM, in message
<Pine.LNX.4.64.0704051222250.12804 () ren cc ndsu nodak edu>, Dick Jacobson
<Dick.Jacobson () NDSU NODAK EDU> wrote: 
> One of our entities is looking for "names of companies and/or
> consultants that could provide an overall security assessment -
> server, database, etc."
>
> If you have had experience with any (or heard stories of any)  we
> would appreciate your input.  You can contact me directly if you
> prefer.
>
> Thanks in advance for your help.

I performed assessments for three years with LarsonAllen, an upper-midwest CPA firm. They do good work, and hire 
excellent staff. They have experience in smaller, private colleges up to Big-10 universities, along with a wide breadth 
of experience in other industries.

The recommendation of Jefferson Wells I will not argue, but I will say this: based upon JW work that I reviewed with 
other prior clients, their quality depended *immensely* upon the individual who performed the work. They tend to take 
in great people who are sun-setting their careers, so lots of experience, but you may not have any specific individual 
for long. Of course, YMMV.

To be fair, I also have experience working with (not for) NetSPI in the twin cities. They also do top-notch work. I 
would steer clear of Berbee for security & assessment work, but certainly for other types of consulting.

-jth


John T. Hoffoss, GCIH
Information Security Specialist
Minnesota State Colleges and Universities
30 7th Street East, Suite 350
St. Paul, MN 55101
Email: john.hoffoss () csu mnscu edu
Mobile Email: jhoffoss () sprintpcs net
Office: 651.201.1453
Mobile: 612.558.3611