GLESEC

GLESEC

Speciality: Continuous Penetration Testing

Other 12 employees
Visit Website View on LinkedIn
[01] About

Cybersecurity company specializing in computer and network security; provides active penetration testing services including Penetration Testing as a Service (PTaaS) and external pentests; based in Orlando, Florida with $26.6M annual revenue and 3 employees, founded in 2013.

The GLESEC Group is an international security powerhouse delivering world-class information security through its information security companies. We offer best-of-breed security solutions based on emerging technology which compliment well established security programs, security and compliance audits and a full range of managed security services. Having integrated this full range of capabilities under a single umbrella organization, we reduce the inherent risk of disjointed teams and bring about the expertise and capabilities that our clients deserve. GLESEC, established in 2003 in Princeton, New Jersey is the first company in the group which includes GSS for managed services and GA&C for auditing and compliance. The GLESEC Group operates in the US, Caribbean and Latin America. Our clients range from large organizations to multinationals across the Americas with primary focus in the Financial, Government, and the Health Care sectors.
[02] Services
Penetration Testing
Vulnerability Management
Threat Mitigation
Data Leakage Prevention
Cybersecurity Training
Auditing And Compliance Services.
[03] Certifications
NIST

NIST Cybersecurity Framework


Origin and Development


The NIST Cybersecurity Framework was created by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the U.S. Department of Commerce. It was developed in response to Executive Order 13636, signed by President Obama in February 2013, which directed NIST to create a voluntary framework to help organizations manage cybersecurity risks. Released in February 2014 and updated in 2018 (version 1.1), the framework was designed to provide a common language and systematic approach for managing cybersecurity risks across critical infrastructure sectors.


Industry Value and Importance


The NIST Cybersecurity Framework is widely valued because it provides a flexible, cost-effective approach to managing cybersecurity risk that can be adapted by organizations of any size or sector. It has become a de facto standard in both the public and private sectors, often referenced in regulations, contracts, and compliance requirements. Organizations use it to assess their current security posture, communicate security requirements to vendors and partners, and demonstrate due diligence in protecting sensitive data. Its voluntary nature, combined with its comprehensive yet practical approach, has made it one of the most widely adopted cybersecurity frameworks globally.
HIPAA

HIPAA Compliance and Cybersecurity


HIPAA (Health Insurance Portability and Accountability Act) was enacted by the U.S. Congress and signed into law in 1996. The legislation was created to protect sensitive patient health information from being disclosed without patient consent or knowledge. The Security Rule, added in 2003, established national standards for protecting electronic personal health information (ePHI), requiring covered entities and their business associates to implement administrative, physical, and technical safeguards. While HIPAA itself is legislation rather than a certification, various organizations offer HIPAA compliance training and certification programs to help IT professionals understand and implement these requirements.


HIPAA compliance is critically important in healthcare IT because violations can result in severe penalties, ranging from $100 to $50,000 per violation, with annual maximums reaching $1.5 million. Beyond avoiding fines, HIPAA knowledge is valued because healthcare data breaches can expose sensitive patient information, damage organizational reputation, and erode patient trust. IT professionals with HIPAA expertise are highly sought after as healthcare organizations increasingly rely on digital systems for medical records, billing, and patient communication. Understanding HIPAA requirements helps ensure that healthcare systems are designed, implemented, and maintained with appropriate security controls to protect patient privacy in an era of growing cyber threats.
HITRUST

HITRUST Cybersecurity Certification


Origin


HITRUST (Health Information Trust Alliance) was founded in 2007 by a collaboration of healthcare, technology, and information security leaders. The organization created the HITRUST Common Security Framework (CSF) to address the fragmented landscape of security and privacy regulations facing the healthcare industry. Recognizing that healthcare organizations were struggling to comply with multiple frameworks like HIPAA, PCI-DSS, and ISO standards simultaneously, HITRUST developed a unified, certifiable framework that harmonizes these various requirements into a single comprehensive standard.


Industry Value and Importance


The HITRUST CSF certification has become the gold standard for demonstrating security and compliance in healthcare and beyond, now extending to financial services, retail, and other regulated industries. Organizations value HITRUST certification because it provides a standardized, risk-based approach that satisfies multiple regulatory requirements at once, reducing audit fatigue and compliance costs. The certification is particularly trusted by business partners and customers as third-party validation of an organization's security controls, often becoming a prerequisite for vendor relationships and contracts. Its prescriptive control requirements and rigorous assessment process make it more comprehensive than self-attestation models, giving stakeholders greater confidence in an organization's security posture.
[05] Notable Clients
  • Banking Organization