inner header


Lavalley Consulting Services

lavalley consulting services

LaValley Consulting specializes in information security testing, assessment, and incident response services. In addition to providing services to the firm’s clients, LaValley Consulting also partners with leading IT services organizations to provide independent, objective reviews and assessments of their client’s security posture.

lavalley consulting services

LaValley Consulting's qualitative testing methodology applies broad and deep expertise combined with industry standards and best practice methodologies using leading commercial and open-source tools and technologies. After engaging with the customer, LaValley Consulting will provide a report which details vulnerabilities with the recommended remedial actions required to strengthen the overall security posture for the organization to meet risk objectives. Based on years of experience in the information technology industry along with numerous contacts within the industry, LaValley Consulting offers a unique perspective to truly test the security posture of the enterprise.

security and vulnerability assessment

Penetration Testing (a.k.a. Ethical Hacking):

  • Internet Attacks - identify external vulnerabilities and exposures for Internet-facing systems
  • Wireless and Bluetooth Attacks - identify how wireless systems can be compromised
  • Telephone “War Dialing” Attacks - identify vulnerable and unauthorized modems and attempt penetration
  • Mobile Application Penetration Testing - Static and dynamic runtime analysis against Android and Apple IOS applications
  • Web Application Attacks – determine if attacks such as cross-site scripting and SQL injection are possible, perform session strength analysis, and assess site architecture exposures
  • Database Attacks – test databases for attacks such as SQL injection, internal procedure buffer-overflows, and other known attack types
  • Social Engineering Attacks - Test employee’s awareness of security policies and resistance to human-based attempts to acquire sensitive information via physical site visits, and telephone, internet and email based communication

Vulnerability/Security Assessments

security and vulnerability assessment
  • Regulatory and Industry Standard Compliance Gap Audits
    • ISO-IEC 27002 security standard
    • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    • The Health Information Technology for Economic and Clinical Health (HITECH) Act
    • Gramm–Leach-Bliley Act (GLBA)
    • Sarbanes Oxley
    • Payment Card Industry (PCI) Standards
    • Family Education Rights and Privacy Act (FERPA)
    • Electronic Communications Privacy Act (ECPA)
    • Computer Fraud and Abuse Act (CFAA)
    • Technology, Education and Copyright Harmonization Act of 2001 (TEACH)
    • Children's Internet Protection Act (CIPA)
    • Massachusetts Regulation 201 CMR 17.00 - Standards for The Protection of Personal Information of Residents of the Commonwealth
  • Information Security Assessments (review of people, policy, process and technology)
  • Network Vulnerability Testing & Analysis (scanning for network-layer vulnerabilities and exposures)
  • Web Application Vulnerability Testing & Analysis(scanning for application-layer vulnerabilities and exposures)
  • Relational Database Management System (RDBMS) Vulnerability Testing & Analysis
  • Host Vulnerability Analysis (in-depth review of critical hosts such as databases, servers)
  • Targeted Security Assessments - Architecture Analysis, System Analysis, Device Analysis, Firewall Analysis, Intrusion Detection System Analysis, Policies and Procedures Analysis, Application Analysis, etc.

Incident Response:

  • Preparation and Planning - Provide guidance to ensure that proper coverage is in place "before" a security incident occurs
  • Emergency Response - On-site emergency services to identify, contain, and eradicate rogue activities and malicious code
  • Law Enforcement Collaboration - Liaison with internal staff and law enforcement to gather and preserve digital evidence and assure expedited and reliable resolution to security breaches occurs

LaValley Consulting believes you can’t protect, what you don’t know.


"It is great to work with a security professional that can not only adeptly uncover issues, but also make clear recommendations and assist in corrective action. LaValley Consulting is considered a trusted partner and a recognized leader in the ever changing defensive technology and security strategies that exists in today's enterprise computing environments."

Senior Vice President, Director of Information Technology
Large Financial Institution

"I have known Jim, both personally and professionally, for the past five plus years. Jim's knowledge of IT security is second to none. He has a voracious appetite to "stay on top" of emerging threats as demonstrated by his commitment to learning and professional designations. Further, Jim's passion for the industry and the security of his customers goes well beyond the average IT security professional. Jim tackles each assignment as if it was his own company. He is more than reports and invoices; rather, Jim wants to make sure that he does what is right and necessary in your environment to ensure your data is never compromised.

I have worked with numerous IT professionals over the past 17 years and can say without reservation that Jim LaValley is in a class by himself. If you are responsible for securing your company's network, then I strongly recommend LaValley Consulting as the ONLY option that you should consider."

President and CEO
Financial Institution

"Jim is unquestionably one of the most talented and skilled information security professionals in the industry today. He possesses a unique combination of technical skills, industry experience, consultative capabilities, enthusiasm and an innate understanding of the "hackers mind" that make him an invaluable resource in any infosec initiative. Quite simply, you can't have a better person on your side when it comes to protecting your information assets. Highly recommended!"

Director at Sophos Inc.
(Global security company protecting over 100 million computers worldwide)

We engaged Jim LaValley to conduct a global security audit of all of our applications and networks.

He was not intrusive in his approach and very thorough in his recommendations. He uncovered several areas that needed immediate remediation and several that needed clearer user policies and procedures. Jim enabled us to curtail several irregular practices in various parts of the globe.

He performed a detailed risk analysis that enabled senior management to understand the risk profile that was currently in place and make informed decisions about what level of security in which areas was appropriate given user needs and global platform exposure.

Jim’s work far exceeded our expectations for the level of detail and analysis and the focused recommendations associated with each area of exposure. He also educated several members of the technical team on security methods that saved them substantial time and created a more secure environment. Jim was at all times, available for questions, conferences and elaboration on his findings. His report provided us with a comprehensive guide for future actions as we extend our global footprint.

I recommend Jim’s services and counsel without reservation. His technical and personal skills are excellent and appropriate without question.

Director of Information Technology
Global Manufacturing Company