Security consulting firm Cerberus Cyber Sentinel Corporation has acquired St. Louis, Missouri-based penetration testing company Alpine Security, part of a continuing play to beef up their penetration testing and regulatory compliance offerings.
Alpine Security, which offers penetration testing, medical device testing, security auditing, trainings and “CISO-as-a-Service” to its clients, will become part of Cerberus. Alpine president and founder Christian Espinosa will take on a strategy role at the company, per an announcement of the deal.
Alpine Security also has a presence in the government contracting market, offering trainings and assessments around the General Services Administration’s Schedule 70 contract as well as the Cybersecurity Maturity Model Certification and the Defense Federal Acquisition Regulations Supplement programs for defense contractors.
In addition to Espinosa’s new role, Alpine’s penetration testing team will be integrated into Cerberus existing capabilities crew, where they will continue to focus on the health care market and medical device testing.
“Alpine is an excellent fit for the Cerberus portfolio of companies,” said David Jemmett, the company’s CEO and founder, in a statement. “The demand for quality compliance, training, and penetration testing talent continues to grow, and we are pleased to have them join us.”
The release does not list the price of the acquisition, but days before the announcement, Cerberus notified the Securities and Exchange Commission that they had taken a $3 million loan from Hensley and Company at a 6 percent interest rate “to provide funding for the Company’s prospective acquisitions and other general corporate purposes.” Andrew McCain, chief operating officer for Hensley, also sits on the board of directors for Cerberus.
The deal, and implication of more to come, hint at increased hunger for third-party security auditing services in the face of worsening cybercrime, and an increasingly complex regulatory compliance landscape.
A survey of 100 North American chief information security officers conducted this past year found that security teams faced an average of 3.3. audits over the next year, with the sudden shift to telework in the wake of COVID-19 creating a host of new non-compliance concerns. Two-thirds reported dissatisfaction with the security tools they had in place to prepare. In another survey of 900 CISOs conducted by Thycotic earlier this year, 77 percent reported that fear of failing a security audit was one of the primary drivers pushing their boards to make new security investments.
The move marks the second acquisition by Cerberus, which offers consulting and managed security services, of a cybersecurity-focused, penetration testing company in the last three months. In September, the company purchased Atlanta-based Clear Skies Security, also on the strength of their penetration testing work.
