Cybersecurity for Oil & Gas
Asgard’s founders know a bit about the energy industry.
Our CEO, Pete Waldroop, worked in the oil and gas software industry for over 30 years founding both Quorum Software and W Energy Software before founding Asgard. Michael Hotchkiss, our CTO, has over 10 years of experience in cybersecurity specifically for the oil and gas industry having led major security efforts at both NGL Energy Partners and W Energy Software. Our VP of Sales, Tracey Radi, spent 15 years working closely with oil and gas companies of all sizes while helping to launch and establish W Energy. Having spent years working with so many upstream and midstream clients, Asgard Cyber Security brings a unique perspective to helping energy companies protect their digital assets.
We take a proactive approach to security, beginning with a customized penetration test that allows our clients to see the current security posture of the entire company. Our team takes a holistic view of both the IT and OT side of the business. SCADA systems can be a particularly vulnerable area for security breaches.
The well-documented pen test results can then be analyzed further to identify gaps and help our team make recommendations on specific ways our clients can strengthen their environments and help evolve the security of the company.
Beyond penetration testing, ongoing client engagements can include gap analysis, road map planning, budget prioritization, and tools assessments. It is often overwhelming to “fix everything”. Asgard can help you make a plan that is methodical and attainable and can be shown to investors and Boards of Directors as the topic of cyber security continues to work its way into the board room.
While we can absolutely help our clients after an attack has occurred, we can save our clients a lot of headaches and stress by being involved before any events or breaches occur. At Asgard, we believe the best defense is a good offense.
1. Pre-test interview with stakeholders
Before we begin our tests, we work with your organization to determine the Rules of Engagement, Scoping (which hosts to target or exclude), points of contact, timelines, milestones, and discuss any network or infrastructure details. This interview is usually limited to the IT department head and/or executives, as a large part of the test results depend on your team's response to our simulated attacks. During this meeting, we will discuss any NDA's or Waivers that may need to be signed.
2. Penetration Test
- Information Gathering
Our penetration testers will use various methods to gain information about your network, hardware, company, applications, and users. This information will be documented and potentially used during other phases of the test.
At this point in the test, Asgard penetration testers will scan your network and determine targets and vulnerabilities.
This phase is where Asgard penetration testers will attempt to exploit vulnerabilities found and gain control of your company's resources. This can include exploiting unpatched vulnerabilities in software, cracking passwords, and pivoting from low value targets to high value targets. During these tests, we are careful to ensure business operations are not impacted.
After our tests, we will compile an exhaustive report of our findings, along with recommendations to make your environment more secure. At this time, the Asgard penetration tester is made available to your IT team to go over specific details of the report to make certain your team understands the issues, and more importantly, how to resolve them.