We offer a range of consulting services, all designed to help your company reach its potential. Whether you're looking for application security, security program development, security research, incident response, IoT device security, or other security related services, we have you covered.
Each company is unique. One-size-fits-all approaches will never help your business reach its full potential. We deliver custom solutions, tailored to you – your industry, your culture, your one-of-a-kind challenges
Brian Knopf has 20 years of experience in security, automation, QA/QE, development, and IT. He has built and managed security and automation teams for companies including Wink, Belkin, Linksys, Rapid7, and MySpace. Brian is the Founder & CEO of BRK Security, which is a security research and consulting company focused on helping companies build security programs. Previously, he created the security programs for Wink, Belkin, and Linksys, which included incident response, security research, SDL, pentesting, and bug bounty programs. Knopf has been focusing IoT security since 2012. He is the creator of the 5-Star Consumer IoT rating system, whose goal is to inform consumers of the security, safety, and privacy of IoT devices, while providing testable requirements to validate security best practices. He has experience with research on hardware, embedded firmware, mobile applications, and large-scale distributed server environments. Brian also spent 3 years building Nexpose, the leading Vulnerability Management product at Rapid7.
Brian focuses on Application Security, IoT security, and IT Security with a different perspective. While compliance and risk are important to consider, proper protection comes from Threat Modeling environments on a regular basis and layering protection based on threats identified from the model. Putting systems and tools in-place for security requires understanding how an attacker would perform reconnaissance and exploit your environment. This approach allows his teams to operate with smaller budgets that deliver higher quality results while including source code audits, penetration testing, and proactive outreach with security researchers, incident response, perimeter protection, and data analytics. This ensures that security products are used together to provide actionable data rather than just purchasing applications to check a protection box. It also reduces the cost of vulnerabilities since they are found earlier in the SDLC, enabling teams to focus more time on features and not fixes.