Defend forward. Respond decisively.
Cyber resilience is a posture, not a product. Black Fox builds layered defenses, hunts threats inside your perimeter, and responds when the rest of the industry is still triaging tickets.
Each engagement combines a small senior team with the systems, tooling, and partner network the mission demands.
RMF, FedRAMP, CMMC 2.0, and SOC 2 packages produced by assessors who have signed packages on the federal side.
Managed detection and response with named analysts, custom hunt logic, and MITRE ATT&CK coverage maps.
Black-, gray-, and white-box assessments — including red-team engagements with rules of engagement signed by leadership, not the help desk.
Retained IR and forensic readiness with a 1-hour engagement SLA, on-prem and cloud evidence collection, and counsel-ready reporting.
Inventory the attack surface, the crown-jewel data, and the controls you actually have — not the controls listed in the SSP.
Identity, endpoint, network, and data tier hardening prioritized by exploitability, not vendor capability.
Continuous threat hunts informed by current adversary tradecraft and your specific business context.
Pre-built playbooks, tabletop rehearsals, and a retainer that activates inside one hour.
A representative slice of recent cybersecurity engagements across local, state, federal, quasi-government, and private clients. Signed past-performance references — including direct contracting officer phone numbers — are furnished on qualified inquiries.
Authored full SSP and produced control evidence for 421 NIST 800-53 Rev. 5 controls; package achieved FedRAMP High ATO at first JAB review with no major findings.
Closed 78 control gaps across 14 NIST SP 800-171 control families; client passed third-party C3PAO assessment on first attempt with zero findings.
Stood up a managed SOC with named analysts and ATT&CK-aligned hunt logic across 9,200 endpoints and OT segments; mean time to detect cut from 11 days to <30 minutes.
Full-scope red-team operation against external, internal, and physical attack surfaces; achieved domain dominance in 6 days and produced an evidence-grade remediation roadmap.
Activated under a 1-hour IR retainer following a Conti-variant intrusion; restored core services within 72 hours, preserved counsel-ready evidence, and led the post-incident lessons-learned report to the council.
Designed and operated the Type II control environment; achieved unqualified opinion across all five trust-services criteria with zero exceptions in two consecutive audit windows.
Tell us what you are trying to accomplish. We will tell you, in writing, whether we are the right team and how we would attack it.
Build With Us
