Core Services

Kestrel Information Security, Inc. is a unique and innovative Information Security consulting firm. Our core specialization is "Security Testing" and "Secure" Systems Development Life Cycles; In other words, Penetration Testing and Risk Remediation.

Penetration Testing

Be it a web application penetration test, external (internet) based penetration test, or internal (trusted) penetration test, you’ll find this is our strength and, not surprisingly, our 2nd-most popular offering.

Product Security Assesment

At hardware, software, firmware, radio, and web/cloud infrastructure levels, using either a strictly blackbox or more towards a trusted, near-whitebox approach, we assess nearly anything connected. This is our specialty.

Security Development Life Cycle (SDLC)

Having worked on several multi-million dollar development projects and developed “Secure” Systems Development Life Cycles for multiple clients, we are uniquely positioned to bring your systems development to the next level.

Security Program Development

At large, international scale or on a lean small budget: we have built many security programs from scratch, refined others that became stalled or stagnate, and have joined up existing teams to establish or grow greater capabilities. 

Other Specializations

In support of our core competencies, our primary service portfolio also includes Web Application Security Review, Vulnerability Assessments, Compliance Reviews, Security Program Development, Incident Response, Forensics, and Security Research of Emerging Technologies and Threats.

Web Application Security Assessment

We perform a wide assortment of Web
Application Security Assessment. We can follow the OWASP (Open Web Application Security Project) or go beyond that or other frameworks.

Application Security Assessment

Using extensively experience in full-stack application development and security assessment methodologies, our approach to this service includes static, dynamic, 
analytical components. 

Mobile Application Security Assessment

In addition to producing courseware on digital and mobile device forensics, we can assess your mobile applications and supporting web/cloud infrastructures.

Security Code Review

We are very detailed oriented and enjoy coding. We often perform code reviews to pinpoint and provide vulnerability remediation, as well as, performing these reviews in support of product 
lifecycles and development.

Security Threat Modeling

Security threat modeling has become in integral part of risk management. Several frameworks can be used, and we can support your efforts.

Reverse Engineering

Do you have a product that you acquired rights to and have no idea how it works? Do you want to interoperate with a technology? Do you want to know how resilient your product is to deconstruction? We perform ethical reverse engineering.

Infrastructure and Network Assessment

Does your cloud or more traditional networking and infrastructure need an assessment? Are you merging or acquiring technology and need it assessed? We can independently attest your posture.

Incident Response, Malware Analysis, and Digital Forensics

Crime and insider risk continue to be a threat. In addition to developing and providing incident response and forensic courseware, we conduct real casework.

Compliance Assessment and Framework Implementations

Confused by all the compliance and frameworks out there? Or just need some assistance or validation of your implementation? Our security specialists can assist or lead you in reaching your business goals. 

Security Awareness and Education

We create internal coursework for our services, which we offer clients, as well as, use for internal quality assurance and controls. One of the popular requests is conducting security awareness exercises, followed by customized material for your business using those as  demonstrations.

Firmware Development

Having worked with large manufactures and many physical computing devices, we can perform a large range of security firmware functions. These include design, validation, code review, and in some cases code engineering.

Legal, Security Investigation, and Threat Hunting

Do you need to perform a security
investigation? Do you need an expert witness? Do you need to hunt down a threat? Our experts can.

Data Compromise Assessment

We can test your networks for information leakage and evidence of compromise.


We perform policy, implementation, and design review work in the area of encryption. 

Security Staff Augmentation

As a trusted partner, we provide various levels of retainer services (part-time, or near fulltime resources) to augment and expand your teams' capabilities.

Security Recruiting

If you are looking for new staff members and need help vetting candidates, we can conduct technical reviews and skill validation for you.

Our Approach

Our adoptable methodologies allow us to create a customized scope based on your budget and testing needs. Be it a “white”, “grey”, or “black” box test, our security professionals will directly work with you to design an appropriate test for your specific requirements.

Having worked on several multi-million dollar development projects and developed “Secure” Systems Development Life Cycles for multiple clients, we are uniquely positioned to bring your systems development to the next level.

For over a decade, we have been delivering practical IT Security solutions to our clients and transferring our "know-how" in application to their unique businesses. This includes fortune 50 businesses, both local and internationally, throughout the public, private, and government sectors. Some examples include: utilities, medical, pharmaceutical, government, banking, academic, retail, and manufactoring; as well as, medium and small sized businesses.

Look to our security experts for strategic guidance and "hands-on" answers to your specific security concerns. Invite us to augment your Information Security efforts. Kestrel Information Security, Inc. understands that "one-size doesn't always fit all", so we provide cost-efficient and, in many cases, custom solutions that simply make good business sense.