Corsec Security, Inc. - Comprehensive Analysis Report

Summary

Corsec Security, Inc., established in 1998, is a privately owned global leader specializing in security certification and validation services. The company's mission is to deliver comprehensive, turnkey solutions for security validations and third-party certifications, operating within a framework of assured quality. Corsec distinguishes itself by advocating for product vendors through complex technical certification activities. With over 27 years of experience, it plays a critical role in guiding organizations through stringent mandates required for certifications such as FIPS 140-2/FIPS 140-3, Common Criteria, CSfC, and DoD (STIG and DoDIN APL). Its significance in the industry is rooted in its expertise in navigating these complex requirements, which are essential for market credibility and regulatory acceptance, particularly in highly regulated sectors like finance and government.

1. Strategic Focus & Objectives

Core Objectives

Corsec's core objectives revolve around streamlining and accelerating the security certification and validation process for product vendors globally. Their "Done Once, Done Right!" approach aims to:

Decrease Risk: Mitigate security vulnerabilities and non-compliance risks for client products.

Increase Security: Ensure products meet the highest security standards through rigorous validation.

Accelerate Sales: Enable clients to access new markets and increase revenue by achieving critical certifications quickly and efficiently.

Provide End-to-End Support: Offer comprehensive assistance from initial assessment to final validation and ongoing maintenance.

Specialization Areas

Corsec specializes in guiding clients through the requirements for various critical security certifications:

FIPS 140-2/FIPS 140-3: Validating cryptographic modules to meet stringent encryption and key management standards, essential for government and regulated industries.

Common Criteria (CC): Demonstrating that IT products have undergone independent and comprehensive testing to validate their security functions and reliability globally.

CSfC (Commercial Solutions for Classified): Enabling commercial off-the-shelf (COTS) products to be used in classified government systems, requiring adherence to specific architectural and configuration guidelines.

DoD (STIG and DoDIN APL): Ensuring products meet the rigorous Security Technical Implementation Guides (STIGs) and are included on the Department of Defense Information Network Approved Products List (DoDIN APL), crucial for defense contracts.

Target Markets

Corsec targets a broad spectrum of markets with a particular focus on industries where security and compliance are paramount. They assist clients with diverse products, ranging from mobile devices to satellite technology. Key target industries include:

Government: Federal, state, and local agencies requiring certified secure solutions.

Defense: Military and associated contractors needing products compliant with DoD standards.

Finance: Organizations handling sensitive financial data that require stringent security certifications for regulatory acceptance and customer trust.

Their services are vital for any organization seeking to establish or maintain market credibility through validated security measures.

2. Financial Overview

Funding History

Corsec Security, Inc. is a privately owned company. As such, there is no public information available regarding external funding rounds or specific investors. The company's estimated annual revenue is approximately $7 million, with an estimated revenue per employee of $163,200.

3. Service Offerings

Key Services

Corsec Security provides a comprehensive suite of services focused on product security validation and certification:

Certification Consulting: Expert guidance through the entire certification process for FIPS 140-2/FIPS 140-3, Common Criteria, CSfC, and DoD (STIG and DoDIN APL).

Product Design and Testing: Consultation on necessary product design changes to meet certification requirements and identify vulnerabilities.

Documentation Evidence Development: Creation and preparation of all required technical and administrative documentation for certification submissions.

Lab Selection and Government Interaction: Assistance in selecting accredited testing laboratories and managing interactions with government agencies throughout the validation process.

Certification Maintenance: Ongoing support to ensure continued compliance and renew certifications as needed.

4. Technology & Innovation

Technology Stack

Corsec's technological strength lies in its deep expertise across various security domains rather than a specific proprietary software stack for its services. Their technical capabilities are built upon:

Expertise in Cryptography: Profound understanding of encryption, cryptographic modules, algorithm testing, and cryptanalysis.

Information Security Principles: Application of best practices in securing data and systems.

Product Security Engineering: Methodologies for assessing, enhancing, and validating the security posture of hardware, software, and firmware products.

Entropy Analysis: Advanced techniques for evaluating the randomness and unpredictability of cryptographic keys and data.

Proprietary Developments

Corsec has developed proprietary methodologies to optimize the certification process:

Corsec 3-Step Approach: This structured methodology ensures efficient and thorough certification projects:

Assess: An interactive assessment to identify product design gaps, evaluate certification preparedness, define critical success factors, and foresee potential failure points.

Enhance: Corsec engineers collaborate directly with client teams to consult on and implement necessary design modifications to address vulnerabilities and fulfill certification requirements.

Validate: Comprehensive, end-to-end support for the final certification phase, encompassing documentation, lab selection, government interaction, and ongoing maintenance.

CorSSL: Corsec lists "FIPS Libraries - CorSSL" as one of its services, indicating a potential internal or affiliated solution for FIPS-compliant cryptographic libraries, which aids in achieving FIPS validation for client products.

5. Leadership & Management

Executive Team

Corsec's leadership team brings extensive experience in IT security product validation and certification.

Matthew Appler, Chief Executive Officer: As a co-founder of Corsec in 1998, Matthew has been pivotal in establishing the company as a leader in IT security product validation. He defines the strategic vision and is actively involved in daily operations, applying his expertise to a wide range of hardware, software, and firmware products. His background includes designing secure email systems, token-based purchase order systems, public key infrastructure, and client/server components as a lead software developer. He holds a Bachelor of Science in Computer Science from James Madison University.

LinkedIn: [https://www.linkedin.com/in/matthew-appler-06b23b1](https://www.linkedin.com/in/matthew-appler-06b23b1)

Chandra James, Chief Administrative Officer: Chandra oversees all administrative functions, including finance, IT, human resources, and general administration. Her responsibilities include leading financial processes, driving employee engagement, strategic hiring, and maintaining corporate culture. She joined Corsec in 2008 and has progressed through various roles in operations, sales, and marketing.

LinkedIn: [https://www.linkedin.com/in/chandra-james-212726](https://www.linkedin.com/in/chandra-james-212726)

John Morris, Co-founder: John contributes to defining company strategy and oversees the customer experience. He leverages a deep technical background in cryptography, communications, security engineering, public key infrastructure, and networking technologies. He pioneered Corsec's DoD APL and Enterprise Laboratory Service offerings. Before co-founding Corsec in 1998, he managed one of the first NVLAP-accredited FIPS testing laboratories. He holds a bachelor's in electric engineering from the University of Maryland and a master's in telecommunications and computer science from George Washington University.

LinkedIn: [https://www.linkedin.com/in/john-morris-04859](https://www.linkedin.com/in/john-morris-04859)

Kathleen Moyer, Director of Service Delivery: Kathleen focuses on the DoDIN APL business and consults on system security. She analyzes products, identifies security issues, and develops documentation evidence for clients, leveraging her expertise in cryptographic methods, security engineering techniques, and certification standards. She is an active member of technical communities and has presented on topics such such as "Understanding FIPS in APL."

LinkedIn: [https://www.linkedin.com/in/kathleen-moyer-655b3a1a](https://www.linkedin.com/in/kathleen-moyer-655b3a1a)

6. Talent and Growth Indicators

Hiring Trends and Workforce

Corsec Security, Inc. maintains an employee count of approximately 21-50 highly skilled professionals. The company prides itself on its workforce, which comprises seasoned engineers, experienced technology specialists, and other driven professionals with over 100 years of cumulative experience devoted to product security.

Growth Trajectory Indicators: Corsec actively recruits purpose-driven, innovative professionals specializing in certification and validation consulting services, indicating a commitment to sustained growth and expansion of its service capabilities.

Employee Sentiment and Culture Insights: The company emphasizes the intelligence, determination, and drive of its people. It actively promotes career opportunities, inviting individuals to join its team, which points to a culture focused on professional development and impactful work within a specialized field.

7. Social Media Presence and Engagement

Digital Footprint

Corsec Security maintains an active digital footprint across several social media platforms, utilizing them for professional networking, company updates, and thought leadership:

LinkedIn: The primary platform for professional engagement, company news, and sharing industry insights.

Twitter/X: [https://twitter.com/CorsecSecurity](https://twitter.com/CorsecSecurity) - Used for disseminating updates, news, and interacting with the cybersecurity community.

Facebook: [https://www.facebook.com/CorsecSecurity](https://www.facebook.com/CorsecSecurity) - Utilized for broader brand messaging and community outreach.

The company regularly shares news, blog posts, and webinars covering essential topics such as detailed certification processes, debunking common certification myths, highlighting certifications as a competitive advantage, and outlining strategies for successful validation. This content strategy positions Corsec as a thought leader in the security certification space.

8. Recognition and Awards

Industry Recognition

Corsec Security has achieved substantial recognition through its extensive operational track record and client successes:

Completed Certifications: Over 500 certifications have been successfully completed.

Total Projects: More than 1,000 projects have been executed.

Product Consultations: Over 400 unique product consultations have been provided.

Consulting Hours: More than 1 million certification consulting hours have been delivered.

Staff Expertise: The company boasts the largest staff of dedicated certification engineers in the industry.

Client Accolades: Clients consistently recognize Corsec for its efficiency in navigating products through certification, its instrumental role in helping them secure major contracts, and its valuable assessments that optimize internal resources for upcoming certification projects.

9. Competitive Analysis

Major Competitors

Corsec Security operates within a competitive landscape comprised of firms offering cybersecurity solutions and certification services. Key competitors include:

Acumen Security: A company also focused on cybersecurity product testing and certification services, often competing directly in areas like FIPS 140-2/FIPS 140-3 validation.

SAIC (Science Applications International Corporation): A large government contractor that provides a broad range of technical, engineering, and enterprise IT services, including cybersecurity and infrastructure support for the defense and intelligence communities.

Booz Allen Hamilton: A global management and technology consulting firm that offers extensive cybersecurity services, technical engineering, and intelligence analysis, including security testing and compliance support for government and commercial clients.

These competitors also offer product testing and infrastructure services related to cybersecurity, with some operating on a larger scale and offering a broader portfolio of IT services beyond specialized certifications.

10. Market Analysis

Market Overview

The market for IT security validation and cybersecurity compliance is rapidly expanding, driven by an escalating global demand for secure and certified technology. Both regulatory bodies and end-customers increasingly demand robust proof that sensitive data and systems are protected against real-world threats. This environment necessitates adherence to stringent global, federal, and industry-specific mandates.

Total Addressable Market Size: The market is substantial, encompassing virtually all industries that handle sensitive data or operate critical infrastructure, particularly government, defense, finance, and healthcare sectors.

Growth Potential: The growth potential remains high, fueled by evolving cyber threats, continuous technological advancements (e.g., IoT, AI/ML, cloud computing), and the proliferation of new data privacy and security regulations worldwide.

Key Market Trends: Trends include the increasing complexity of certification standards, the need for continuous compliance, the integration of security by design principles, and the demand for faster time-to-market for certified products.

Market Challenges and Opportunities: Challenges include the high barrier to entry due to complex certification processes, the dynamic nature of threat landscapes, and the cost associated with achieving and maintaining compliance. Opportunities arise from helping companies navigate these complexities, offering specialized expertise as a critical differentiator, and enabling access to lucrative markets (like government contracts) where certifications are mandatory. Certifications like FIPS 140-3 and Common Criteria serve as critical benchmarks, establishing a baseline of trust and acting as significant barriers to entry for products in high-value markets.

11. Strategic Partnerships

Corsec Security has cultivated over 40 global partnerships and relationships. While specific details about individual collaborations are not widely publicized, these partnerships are strategically crucial for:

Market Position Strengthening: Extending Corsec's reach and influence within various markets.

Innovation Capacity: Facilitating collaborative development and adaptation to new technological and security requirements.

Comprehensive Support: Enhancing Corsec's ability to provide comprehensive certification guidance and support across diverse geographic regions and technological landscapes, ensuring clients receive end-to-end solutions.