Secure Me KSA Request a consult

Independent IT security · est. 2019

Find the gaps before someone else does.

Independent security assessment, hardening, and incident response for teams that can't afford to guess. Vendor-neutral, hands-on, and accountable to you — not to a product line.

Request a consult See what I do

No trackers. No third-party scripts. This page loads nothing it doesn't serve itself.

verify — secure-me-ksa

$ verify --identity securemeksa

practitioner Ken — principal consultant

experience ~10 yrs MSP security mgmt · independent since 2019

education M.S. Information Security & Assurance · MBA

certs CEH · CHFI · EDRP · Security+ · Network+ · CISSP (in progress)

VERIFIED signature ok · chain trusted

01 / Services

What I'm engaged to do

Most work falls into one of these. Engagements are scoped to your environment — a single assessment, a remediation sprint, or ongoing advisory.

S-01

Security assessments & pen testing

External and internal testing, attack-path analysis, and a prioritized report that names what to fix first — written for the people who have to act on it.

S-02

Active Directory review

Privilege paths, GPO misuse, delegation sprawl, and stale trust. I look at AD the way an attacker does, then hand you the cleanup order.

S-03

Endpoint & EDR hardening

Closing the blind spots attackers count on — tamper protection, lateral-movement controls, and detections that fire before encryption starts.

S-04

Incident response & forensics

Containment, evidence handling, and root-cause analysis when something has already gone wrong — plus a recovery plan so it doesn't go wrong the same way twice.

S-05

Data protection & cryptography

Encryption-at-rest review, key handling, and implementation audits. Where crypto is used wrong, it's usually the implementation — not the algorithm.

S-06

Advisory & vCISO

Roadmaps, control frameworks, and vendor-neutral second opinions. On call for the decisions that don't fit a single engagement.

02 / Approach

How an engagement runs

A short, predictable arc. You know what's happening at every step and you own everything I produce.

  1. 01

    Scope

    A working call to define targets, rules of engagement, and what a good outcome looks like. Fixed scope, written down.

  2. 02

    Assess

    Hands-on testing and review against your real environment — not a checklist run on autopilot.

  3. 03

    Report

    Findings ranked by real risk, each with reproduction steps and a concrete fix. Plain language up top, full detail underneath.

  4. 04

    Verify

    Once you've remediated, I retest the findings that mattered and confirm they're actually closed.

03 / Credentials

On the record

Credentials are table stakes, not the point — but you should know who you're handing the keys to.

credentialissuerstatus
CISSPISC2in progress
CEH — Certified Ethical HackerEC-Councilactive
CHFI — Forensic InvestigatorEC-Councilactive
EDRP — Disaster Recovery ProEC-Councilactive
Security+CompTIAactive
Network+CompTIAactive
A+CompTIAactive
Project+CompTIAactive
MCSAMicrosoftactive
M.S. Information Security & AssuranceWGUdegree
M.B.A.WGUdegree

04 / About

A decade in the trenches, now independent

I spent roughly ten years running security for a managed services provider — the kind of role where you own everything from the firewall to the phishing report, for clients who can't carry a full security team of their own.

Since 2019 I've worked independently as a security researcher and consultant. That means no quota, no product I'm paid to push, and no incentive to oversell. You get an honest read on where you stand and a clear plan to fix it.

— Ken, principal consultant

05 / Contact

Start a conversation

Tell me what you're worried about and what you're protecting. I'll tell you whether I'm the right fit — and if I'm not, who is.

contact@securemeksa.com

Helpful to include:

  • — roughly what you're protecting (users, sites, regulated data)
  • — what prompted you to reach out
  • — any deadline you're working against