Meristem Information Security is focused on enabling growth.  No matter what the starting point, and understanding the realities of corporate budgets, Meristem helps our clients rationally examine their current environment and select the activities that will provide the most growth towards “secure.”

Whether as a conversation during the engagement process or through a formal Threat Modeling contract, Meristem begins with helping each client assess the threats they are likely to face given their product offerings and place in the global marketplace.  That analysis is an input into the array of assessment services we offer to evaluate how assets such as web sites, mobile applications, and a client’s exposed network presence conform to industry standard sets of controls.  Meristem then integrates the threats, controls present, and likely targets to identify the highest risk points of attack. Every assessment results in specific recommendations, customized to the client environment, on how to improve the security posture of the assessed system.

Meristem also supports companies’ efforts to “shift security left” through innovative training offerings. Incorporating security into the culture of a development team can best be accomplished through hands-on activities that temporarily put the developers in the role of the attacker.  Single-day “capture-the-flag” events that guide developers through the exploitation of a deliberately vulnerable application are an ideal capstone to traditional secure development courses (also offered). Our “Vulnerability of the Month” program provides short, regular activities that not only educate, but give participants a chance to internalize each lesson as well as keeping security a topic of regular conversation rather than a one time event. 

Just as we encourage our customers to continue to grow, Meristem actively supports our employees in their development, whether that be in individual skills, tools to improve efficiency, or whole new service offerings.  Where practical, Meristem releases these advances according to open source principles.

Although open to consultants from anywhere, our current team is primarily based in Denver, Colorado.