Starting with a goal several years ago to include more and varied products and services in our monthly Group Tests and First Looks, we established our U.S.-based testing team, which includes SC Lab staff and a network of external experts who are respected industrywide.
The diligence and commitment to excellence made by these staff and other members of our editorial team have made our Product Reviews one of the most well-read sections of our magazine and website. As a result, they remain the most objective, thorough and best in the industry.
In our Group Tests each month, we look at several products around a common theme based on a predetermined set of SC Labs standards (performance, ease of use, features, documentation, support, and value for money). There are roughly 50 individual criteria in the general test process. These criteria were developed by the SC Lab in cooperation with the Center for Regional and National Security at Eastern Michigan University.
We developed second sets of standards specifically for the groups under test and use the Common Criteria (ISO 1548) as a basis for the test plan. Group Test reviews focus on operational characteristics and are considered at evaluation assurance level (EAL) 1 (functionally tested) or, in some cases, EAL 2 (structurally tested) in Common Criteria-speak.
Our final conclusions and ratings are subject to the judgment and interpretation of the tester and are validated by the SC Media Reviews team. All reviews are vetted for consistency, correctness, and completeness by the team prior to being submitted for publication. All prices quoted are in American dollars.
Additionally, each December we select the past year's Innovators, those companies that have shown sustained innovation and performance and have contributed materially to the growth of our industry.
As well in December, among the Innovators, we honor a few companies with induction into the SC Magazine Hall of Fame. This is reserved for our best of the best. This is not a simple or knee-jerk decision, either. There are lots of organizations - large and small - that have cool products and, in fact, there are publications that address the "cool product" issue quite well. We, on the other hand, are concerned that, no matter how cool the product is, the company will be around in one form or another for a long time.
The recipient needs to be a demonstrated innovator. That is not a one-year proposition. This means sustained performance. The company also needs to show depth. Meaning the product or service is innovative, the organization itself must demonstrate an innovative approach to its business and the market. Third, the winners need to be responsive to real challenges, and those challenges need to be important over time to an identifiable segment of the market.
Finally, our Hall of Famers need to demonstrate in other ways - such as winning Best Buy, Recommended and other SC Media designations - that they have reached the level of excellence that belongs in the Hall of Fame and has sustained that level of excellence over time.
The SC Media Reviews team is aided by Judy Traub, SC Labs analyst, who oversees pre/post product review process with lab staff, security vendors and service providers. Judy is a technical professional with experience and educational background in networking, communications technology, computer information systems, and information technology for Homeland (Cyber) Security and compliance.
For the past 15 years, Rob has focused on helping organizations successfully protect against cyberattacks. At his former firm, he built a services organization that provided specialized security monitoring and vulnerability management programs, testing services, compliance assessments, and industry-leading technology solutions.
With over 30 years in tech, beginning with an operational background supporting, deploying, and managing a wide variety of IT systems for global outsource firms including EDS, Perot Systems, and Cap Gemini, Cote built a background in outsourcing provided critical insights for structuring the successful managed service offerings at VioPoint that provided the impetus for launching Compliance as a Service (CaaS) at Security Vitals in 2016.
The company represents a culmination of many years' experience reflected in the visionary CaaS offering, which takes critical process and technology solutions and bundles them into a monthly service that allows companies to focus on their core competencies while Security Vitals addresses the ongoing compliance requirements.
Rob has also contributed thought leadership in the field of security metrics. Developing a specialized framework for identifying risk and developing client-specific performance indicators, he has established Security Vitals as a recognized source for helping organizations identify and quantify meaningful information security metrics.
An IT professional with over 18 years of experience, four of which were spent working with
Managed Security Service Providers (MSSPs), Mike built his career with hands-on roles working as a network engineer, systems engineer, network architect, and help desk specialist. A natural problem solver, Mike takes a measured and deliberate approach to resolving technical challenges. He maintains a keen focus on developing and implementing a repeatable process to provide consistent and positive outcomes. These core beliefs provided the foundation for a successful transition to information security and compliance.
A key element in Mike's shift to information security were roles at MSSPs where he gained the knowledge and practical experience working with industry standard security frameworks including PCI, HIPAA, SANS, NIST. Assisting on the customer-side of PCI compliance, he worked with Qualified Security Assessors and Approved Scanning Vendors to finalize PCI reviews and answer self-assessment questionnaires.
The roles with MSSPs provided in-depth experience working with clients of all sizes including large franchises with multiple locations. During this tenure, Mike served as both an induvial contributor and team leader where he consulted with information security stakeholders regarding vulnerabilities, network architecture (segmentation), and proper firewall rulesets to ensure clients would achieve PCI compliance.
Another key role was working with a communications company as the Technical Services and Compliance Manager. There he was responsible for the day-to-day IT operations as well as SOC-2, HIIPA, and PCI compliance. Mike served a lead role in all vendor and customer security audits keeping the organization in continuous compliance with PCI-DSS 2.x-3.x and SOC-2 Type 2 certifications.
Matt has dedicated a career to assembling the foundational elements necessary to become a foremost security technologist. As an active U.S. Navy reservist, he reinforces IT operational skills with ongoing field exercises that require focused IT infrastructure and logistic support.
Working with a regional healthcare provider, Matt focused his efforts on isolating and resolving a wide variety of technology issues ranging from network connectivity to Windows Operating System malfunctions. With resolution time as a key driver, Matt focused his energies on prioritizing activities and balancing workload across a staff of more than 1000 internal employees.
Additional infrastructure knowledge and experience was developed supporting a tier-1 automotive supplier as well as a global automotive manufacturer. Working across a variety of platforms and applications, Matt alternated between field operations support and the corporate headquarters locations; it was during this time that he developed both an affiliation and first-hand experience with information security. Acting in a variety of administrator roles, Matt was responsible for managing Virtual Private Networks, two-factor authentication, LDAP, and Microsoft Exchange. He also conducted ongoing audits for application access, user accounts, privileged access, and server groups in support of ongoing compliance requirements.
In his role at Security Vitals, Matt supports a variety of client engagements where he conducts risk-based assessments, evaluates compliance with required security frameworks, and implements technical controls (and technology) to address gaps in security.
Dan brings more than ten years of professional experience developing, editing and publishing IT-security related content. His journey as a writer, however, began not as a practitioner but as an educator. After several years of successfully transferring knowledge to young individuals, he drew upon his teaching experiences to segue into the world of writing for technology-oriented organizational development and change.
Dan initially joined a long-distance telephony reseller as a content creator and trainer. There, he witnessed the challenges of observing federally and industry-mandated regulatory compliance. Like that of many other small startups made possible by the telecom boom of the late nineties, this challenge required drafting policies, training operations personnel on new procedures and protocols, and other communications related to compliance. In that initial writer's role, Dan established himself as a key resource for effectively bridging the gap between centralized policy and end-user knowledge across the organization.
A more notable achievement was serving on a two-person team tasked with designing and directing the development, from the ground up, of an internal LMS and LCMS e-learning application. This project supported on-going security awareness and other PCI DSS standards compliance for sales and customer service departments handling personal credit and account information.
Over the years, Dan honed his information mapping and visual content development skills. In various roles, Dan has designed and written end-user guides for web-based SQL application interfaces for OEM automotive manufacturers; developed and administered a knowledge base for contact center processes, agents, and SMEs; developed, edited and contributed to IT policy manuals; developed a risk assessment auditing report related for PCI DSS compliance re-certification; and scripted and produced video tutorials among other media resources.
As part of the Security Vitals team, Dan provides ongoing support to develop policies, write incident response plans, develop awareness training, and establish process/procedural documentation for clients.
She has worked for companies such as HP, MCI, SBC, and AT&T in the areas of project, team and resource management, client relationship management, and communication services consulting. As a business manager with AT&T, Judy received national recognition for her individual and team contribution to the financial success and overall customer satisfaction within the Midwest region.
In 2006, she returned to the small business sector joining CDFS Lab in the role of project manager with a focus on information security product testing, specifically managing project constraints, stakeholder relationships, deliverables development and distribution, quality and risk management, and crises resolution. In addition to her project management role with CDFS and SC Labs, Judy is also an active member of Project Management Institute and PMI Troubled Projects Community of Practice, providing new ideas to resolve and/or avoid troubled project situations.