inner header

About Us

About Lavalley Consulting

lavalley Consulting

Founded in 2006, LaValley Consulting brings our unique experience along with the latest tools and techniques to address our client's vital security needs. During the engagement we work closely with the customer with strong collaboration to understand their needs without impacting operations and overall production.

lavalley Consulting

Our expertise is based on close to two decades in the Information Technology and Security industry, previously the founder served as the Chief Security Architect for a leading Massachusetts based consulting organization. In addition, Jim was responsible for creating and enhancing security testing and management methodologies and practices for the consulting organization. He has led and participated in over 200 security assessments and penetration tests over the last 12 years and has designed and architected security solutions, performed incident response and forensics work, and created security policies for more than 4 dozen organizations.

LaValley Consulting is highly skilled in penetration testing and security auditing and has won professional contests at national industry events in these areas. Jim is well versed in industry standards and best practices frameworks, including the ISO-IEC 27002 security standard, the COBiT model and various regulatory compliance requirements including the Gramm-Leach-Bliley Act (GLBA), Family Education Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), The Health Information Technology for Economic and Clinical Health (HITECH) Act, USA PATRIOT Act, Children's Internet Protection Act (CIPA), Sarbanes Oxley (SOX), and the Massachusetts Regulation 201 CMR 17.00 - Standards for The Protection of Personal Information of Residents of the Commonwealth.

LaValley Consulting has even been contracted to perform penetration testing 2,100 feet below the earth against a wireless network.

Industry security assessment experience includes: financial services (including banks, credit unions, armored car companies, insurance, and investment management companies), healthcare (including hospitals and doctor's offices), law, government (cities, towns, state and federal agencies and bureaus), high technology manufacturing, utilities, commercial real estate, retail manufacturing, and education (public and private, and including large universities).

Our professional certifications include:
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Certified Penetration Tester (GPEN)
  • INFOSEC Evaluation Methodology (IEM) – National Security Agency
  • Certified Information Systems Security Professional (CISSP)
  • INFOSEC Assessment Methodology (IAM) - National Security Agency
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Auditing Wireless Networks
  • GIAC Cutting Edge Hacking Techniques
  • Technical certifications and experience spans many technologies including: Symantec, Check Point, Cisco, Surf Control, TippingPoint, Netscreen/Juniper, Tivoli, Lotus, Oracle, Microsoft, UNIX, and over 450 distinct security assessment and testing tools.
Key areas of our research include:
  • Malware Analysis/Reverse Engineering/Fuzzing
  • Web Application Security/DOM Analysis/Web Services
  • Tactical Exploitation/Exploit Development/Designing Secure Protocols/Intercepting Secure Communication
  • Zero-day vulnerability identification in well-known products:
  • Microsoft (CVE-2011-1893), Novell (CVE-2009-1635, CVE-2009-1634), Tumbleweed, Cisco (CVE-2014-0708), and Google (https://www.google.com/about/appsecurity/hall-of-fame/reward/ - Q4-2010)

LaValley Consulting believes you can’t protect, what you don’t know.

Testimonials

"It is great to work with a security professional that can not only adeptly uncover issues, but also make clear recommendations and assist in corrective action. LaValley Consulting is considered a trusted partner and a recognized leader in the ever changing defensive technology and security strategies that exists in today's enterprise computing environments."

Senior Vice President, Director of Information Technology
Large Financial Institution

"I have known Jim, both personally and professionally, for the past five plus years. Jim's knowledge of IT security is second to none. He has a voracious appetite to "stay on top" of emerging threats as demonstrated by his commitment to learning and professional designations. Further, Jim's passion for the industry and the security of his customers goes well beyond the average IT security professional. Jim tackles each assignment as if it was his own company. He is more than reports and invoices; rather, Jim wants to make sure that he does what is right and necessary in your environment to ensure your data is never compromised.

I have worked with numerous IT professionals over the past 17 years and can say without reservation that Jim LaValley is in a class by himself. If you are responsible for securing your company's network, then I strongly recommend LaValley Consulting as the ONLY option that you should consider."

President and CEO
Financial Institution

"Jim is unquestionably one of the most talented and skilled information security professionals in the industry today. He possesses a unique combination of technical skills, industry experience, consultative capabilities, enthusiasm and an innate understanding of the "hackers mind" that make him an invaluable resource in any infosec initiative. Quite simply, you can't have a better person on your side when it comes to protecting your information assets. Highly recommended!"

Director at Sophos Inc.
(Global security company protecting over 100 million computers worldwide)

We engaged Jim LaValley to conduct a global security audit of all of our applications and networks.

He was not intrusive in his approach and very thorough in his recommendations. He uncovered several areas that needed immediate remediation and several that needed clearer user policies and procedures. Jim enabled us to curtail several irregular practices in various parts of the globe.

He performed a detailed risk analysis that enabled senior management to understand the risk profile that was currently in place and make informed decisions about what level of security in which areas was appropriate given user needs and global platform exposure.

Jim’s work far exceeded our expectations for the level of detail and analysis and the focused recommendations associated with each area of exposure. He also educated several members of the technical team on security methods that saved them substantial time and created a more secure environment. Jim was at all times, available for questions, conferences and elaboration on his findings. His report provided us with a comprehensive guide for future actions as we extend our global footprint.

I recommend Jim’s services and counsel without reservation. His technical and personal skills are excellent and appropriate without question.

Director of Information Technology
Global Manufacturing Company