What We Do
​Old Pueblo Security Group LLC was founded to help companies like yours navigate the complexities of cybersecurity and compliance by offering comprehensive, industry-focused solutions that align specifically with each organization’s unique goals and objectives.
In an era of digitalization and fueled by emerging technology, organizations today have the opportunity to grow and scale in unprecedented ways. But mirroring your opportunity is a new era of government regulations and consumer pressure to protect their data. For the first time, to experience your full growth potential, businesses in all verticals must make information security part of their initial critical strategies. Sadly executive professionals are expensive, big firms won’t sign them, and internal resources are already stretched thin focused on business objectives.
​
We want to consult like a start up, offer services in modern packages, and build foundations of security and compliance that enable success well into the future. Rather than our predecessors (MSSPS) whose growth techniques relied on deep roots of service based pricing, was segmented into siloed projects that drive up cost, and utilized hefty outsourcing of skilled labor, Old Pueblo Security Group takes a radical approach that mimics the way our target market of startups and small to medium business radically transformed their industries. ​
​
We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives and leveraging current subject matter experts in the field working the tradecraft as security engineers, assurance professionals, and senior executive security leaders.
​The bottom line – we exist to make a difference with seamless Integration, outstanding results. One of the greatest strengths of Old Pueblo security Group's VCISO service is its ability to integrate seamlessly with your existing operations. We understand that while security is essential, it should never disrupt your core business activities. Our team works in harmony with yours, ensuring that you get all the benefits of top-tier security without any of the potential inconveniences.
​
​What are those three lines of Defense for Information Security and Governance?
​
1st line of Defense – This is also called as the Operational Management of an organization. All the front line managers are responsible for implementing the controls, developing the policy, manage the day-to-day risks, and ensuring that the policies are supplemented by appropriate procedures that employees can follow in their processes. For example, while complying the SOX 404 regulation, also called Internal Controls Over Financial Reporting (ICFR) is implemented at the first line of defense. An example of this control includes implementing appropriate Segregation of Duties, information security policies, conduct penetration testing, etc. Old Pueblo Security Group speaks with organizational leadership, collaborates to understand and ask the right questions, in order to move us into the next line of defense.
​
2nd Line of Defense – The 2nd LoD is also called as the Risk Management, Compliance and Oversight. The second line of defense oversees the administrative and technical controls implemented by the first line of defense and performs routine monitoring of the risk. The Information Security and Risk Management typically resides in the 2nd LoD. These monitoring and oversight functions ensure that controls are properly designed and operating effectively. This is where Old Pueblo Security Group operates primarily.
​
3rd Line of Defense – The 3rd LoD is the Audit function and ideally should be independent of the influence of the 1st and 2nd LoD. This is truly where 3rd party independent auditors come into play. Security attestations that have gone in an conducted a thorough audit against an organizations administrative and technical controls. Old Pueblo Security Group will work with our customers to ensure that your information security program will pass a rigorous audit such as; HiTrust or FedRamp. Not all customer need this, as not all customers work in a highly regulated vertical.