Key12 Consulting

Projects

Here some sample projects:

Security Analysis of a Cloud Architecture

For a startup company, under NDA, I carried out an architectural security analysis of their cloud-based networking solution.

The solution is a containerized platform based on open-source services, such as grafana, kibana, postgres, zookeeper and others, as well as custom developed container services. Those cloud-based containers connect to widely distributed physical servers. This resulted is a highly meshed, complex network infrastructure.

The project provided a security roadmap, with practical suggestions to improve overall security:

  • A proposed new architecture: The overall solution had “grown” over time to become a complex mesh of interconnected services. The proposed architecture introduced a new grouping and segmentation of the services, to allow for well-defined security zones, and reduced overall complexity.
  • Operational procedures, such as vulnerability management and security best practices for hardening the solution.
  • Security implementation guidelines, for example to reduce the overall attack surface of the solution.
  • Recommended follow-up projects to further harden the solution.

The project delivered 37 practical and implementable security recommendations, to allow prioritization and an overall sound project management.

Security Analysis of an Industrial Network

Many industrial networks are not built on a solid network architecture, but developed organically, in many cases as mostly flat layer 2 networks without security boundaries. A security analysis is “hands-on” and typically involves the following steps:

  • Preparatory meeting and project management: Important to define the precise goals and the areas of the network that should be scanned and examined. A strict NDA is typically required.
  • Passive data collection via a temporarily installed industrial scanner, for example Cisco Cyber Vision. This allows to map network connections, to spot undesirable activity and to improve the network architecture.
  • Analysis of the data: Seeing all network activity, it is in most cases easy to improve the network, for example by segmenting the network, by disabling unused protocols or by better organizing remote access to the plant.
  • Finally, a detailed report is created to list all observations, and propose actionable improvements to network security.

Operators of industrial networks often prefer independent consultants for this work, to get vendor-independent advice.

Sales Enablement for an SD-WAN Service

A European service provider had developed an innovative SD-WAN service. While technical and commercial details were clear, the marketing, positioning and sales enablement for the new service still had to be worked out. This project involved:

  • Developing the core value proposition of the service, including competitive differentiation, to be able to optimally position the new service.
  • Creating a sales deck, to be used by the sales force in customer meetings. A prototype existed, but was not sufficiently focused on the core value add.
  • Creating a “train-the-trainer” deck that explained how to position the service, and provide background on the marketing strategy.
  • A set of initial “train-the-trainer” sessions across Europe to get the first wave of sales managers (commercial and technical) introduced to the marketing strategy.

Competitive Analysis

I carried out a number of competitive analysis for specific product ranges and relevant competitors. Those included a SWAT matrix, technical pros and cons of the competitor’s solution (h/w and s/w), details about management and programmability (APIs), usability, and other competitive details.

The results were each time summarized in a short paper, to help the sales force and their partners to quickly understand how to best position their products in a specific situation, and which pitfalls to avoid.

Custom Training Development

I never deliver the same training twice. Every training is customized for its specific audience. This may involve providing additional introductory materials, taking out irrelevant specifics, or adding a module for the deployment this particular group is using.

Good training is highly customized, avoids unnecessary details, and puts everything into the global context.