Dara team members have worked with retail organizations, e-Commerce sites, payment application software vendors, financial institutions, medical organizations, and other organizations ranging from $250K to over $300B in assets. As seasoned providers of information security services, our engagements involve standards such as PCI DSS, PA-DSS, HIPAA, FERPA, SOX404, and ISO 27001/17799.
Dara's experts possess extensive experience working in the private, government, and education sectors as information security officers, program managers, and technical specialists. With expertise in a range of industry, federal and state regulations, we also offer client training for GLBA, HIPAA, PA-DSS, P2PE, and PCI DSS assessments. The majority of our staff hold graduate degrees at the Masters level. We utilize these many qualifications and broad range of experience to create proven, unique, comprehensive and highly effective solutions to our clients' information security needs.
Dara Security's Profiling and Penetration Team members have a decade of experience in various Profiling and Penetration Testing techniques. The team's certifications include CISSP, GPEN, GXPN, and certified web application penetration testing certifications. Our team is constantly working to stay at the forefront of penetration testing and security assessment technology as well as business trends through training, education, and speaking.
At Dara Security, we believe in partnering with organizations to protect information assets so that companies can achieve their business goals. We have a passion to deliver meaningful security solutions, measured by our commitment to do the right thing and our desire to see our clients' businesses grow. We do this by taking a business-oriented approach to information security. With extensive industry experience working with leading Fortune 500 companies, our seasoned team strives to make the world more secure.
Education is of the utmost importance to us. Informed people make informed business decisions, which leads to better security. We believe in educating businesses, not just our clients, about their systems and requirements. This empowers people to find the right solution on their own, even if it is not with our company. We believe in partnering with educational institutions to help ensure future generations of security experts gets the knowledge and experience they need.
Dara Security is approved by the Payment Card Industry Security Standards Council (PCI SSC) as both a Payment Application Qualified Security Assessor (PA-QSA), Payment Card Industry Qualified Security Assessor (PCI QSA), and QSA Point to Point Encryption (P2PE) organization. Our experts hold industry-leading certifications including PA-QSA, PCI QSA, International Standards Organization (ISO) Lead Auditor, and Certified Information Systems Security Professional (CISSP).
Qualified Security Assessors are employees of organizations, such as Dara Security, who have been certified by the PCI Council to validate an entity’s adherence to the PCI DSS.
Payment Application Qualified Security Assessors are employees of organizations who have been certified by the PCI Security Standards Council to validate an entity’s adherence to the PCI DSS and the PA-DSS.
As a certified QSA Point to Point Encryption (P2PE) organization, our auditors are qualified by the PCI Security Standards Council to assess PCI P2PE solutions.
CISSPs are information assurance professionals who define the architecture, design, management, and/or controls that assure the security of business environments.
GPEN certified security personnel are fully capable of assessing target networks and systems to find security vulnerabilities and exploiting such flaws.
The GXPN certifies that candidates have the knowledge, skills, and ability to conduct advanced penetration tests, model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws.
The GWAPT certification accredits candidates for manual testing of complex web applications against the latest threats. Certified professionals demonstrate knowledge of web application exploits and penetration testing methodology.
The GMOB certifies that candidates will have an up-to-date technical knowledge and thorough understanding of mobile device penetration testing along with and the ability to perform a basic security analysis of mobile applications.
The GAWN certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks.
GSEC certified security personnel have demonstrated mastery of the complexities of networks with respect to information security.
ISO 27001 auditors specialize in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO/IEC 19011.
Certified by IACRB, a Certified Application Security Specialist has demonstrated skills and knowledge necessary to assess web applications against modern threats.
As PCI QSAs, our auditors are qualified to conduct EI3PA assessments as Experian Independent Third Party Assessors.
Certified HIPAA Privacy Security Expert (CHPSE) is the gold standard for HIPAA credentials and is the highest level certification for core HIPAA compliance team members.
The Certified Information Systems Auditor (CISA) certificate is globally recognized as the standard of achievement for those who audit, control, monitor and assess information technology and business systems.
Our in-house HITRUST certified professional can help with your self-assessment efforts regarding HIPAA, HITECH or other business requirements.
The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. A CEH professional uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).
Our team members have worked with numerous banks, insurance companies, and asset management institutions to ensure the tactical and strategic risk objectives of the organization are addressed
Dara Security has worked with several top healthcare organizations. We've successfully handled the many facets of their data security programs, from strengthening existing security measures (to ensure compliance with PCI DSS, NIST, and HIPAA) to performing an overall threat vulnerability assessment
Barry and the rest of the Dara team have provided our Company with the auditing services that have exceeded our expectations. They are very knowledgeable, easy to work with and have gone above and beyond in offering guidance on rules and regulations. Dara is professional, reliable and have proven to be extremely valuable in keeping our Company aligned with Industry Standards.
Security and Compliance Manager
Ingenico Mobile Solutions
This is now our 3rd engagement with Dara. Each time they've been excellent to work with; very clear on what we needed to accomplish and show, helpful on any questions we had, and easy to work with on a daily basis. Probably the only ever audit I've been involved in where I looked forward to working with our auditor. I would also note that we've worked with multiple PCI QSAs in the past and Barry is *easily* the best of all of them. He is extremely knowledgeable at a technical level Even more important is that he is easy to work with, and is a problem solver. He has given us a lot of great advice in terms of making our software more secure, which is great for us AND our merchants.
Vice President of Operations
Auto-Star Compusystems, Inc.
Dara Security is very professional and great to work with. They were very friendly and gave us a sense of comfort throughout the scope of our project. Any technical questions we had were handled and good advice given. We will certainly look to the Dara team in the future for our PCI needs.
Manager of Software Development
Everyone involved at Dara Security has been wonderful to work with! The technical team is incredible about following up. Dara Security has helped us through multiple PCI projects, and we'll continue to use them in the future.
President / Co-Founder
Director / Co-Founder