Dara Security

About Dara Security

Dara Security

Defend, Assess, Remediate & Advise

Dara team members have worked with retail organizations, e-Commerce sites, payment application software vendors, financial institutions, medical organizations, and other organizations ranging from $250K to over $300B in assets. As seasoned providers of information security services, our engagements involve standards such as PCI DSS, PA-DSS, HIPAA, FERPA, SOX404, and ISO 27001/17799.


Dara’s experts possess extensive experience working in the private, government, and education sectors as information security officers, program managers, and technical specialists. With expertise in a range of industry, federal and state regulations, we also offer client training for GLBA, HIPAA, PCI DSS, SCADA, NERC, CJIS, and COBIT assessments. The majority of our staff hold graduate degrees at the Masters level. We utilize these many qualifications and broad range of experience to create proven, unique, comprehensive and highly effective solutions to our clients' information security needs.


Dara Security’s Profiling and Penetration Team members have a decade of experience in various Profiling and Penetration Testing techniques. The team's certifications include CISSP, GPEN, GXPN, and certified web application penetration testing certifications. Our team is constantly working to stay at the forefront of penetration testing and security assessment technology as well as business trends through training, education, and speaking.

Our Mission

At Dara Security, we believe in partnering with organizations to protect information assets so that companies can achieve their business goals. We have a passion to deliver meaningful security solutions, measured by our commitment to do the right thing and our desire to see our clients' businesses grow. We do this by taking a business-oriented approach to information security. With extensive industry experience working with leading Fortune 500 companies, our seasoned team strives to make the world more secure.

 

Education is of the utmost importance to us. Informed people make informed business decisions, which leads to better security. We believe in educating businesses, not just our clients, about their systems and requirements. This empowers people to find the right solution on their own, even if it is not with our company. We believe in partnering with educational institutions to help ensure the next generation of security experts get the knowledge and experience they need.

Accredited and Certified

Dara is approved by the Payment Card Industry Security Standards Council (PCI SSC) as both a Payment Application Qualified Security Assessor (PA-QSA), Payment Card Industry Qualified Security Assessor (PCI QSA) and QSA Point to Point Encryption (P2PE) organization. Our experts hold industry-leading certifications including PA-QSA, PCI QSA, International Standards Organization (ISO) Lead Auditor, and Certified Information Systems Security Professional (CISSP).


PCI QSA

Qualified Security Assessors are employees of organizations, such as Dara Security who have been certified by the PCI Council to validate an entity’s adherence to the PCI DSS.

PA-QSA

Payment Application Qualified Security Assessors are employees of organizations who have been certified by the PCI Council to validate an entity’s adherence to the PCI PA-DSS.

P2PE

As a certified QSA Point to Point Encryption (P2PE) organization, our auditors are qualified by the PCI Council to assess PCI P2PE solutions.

CISSP

CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments.


GIAC GPEN

GPEN certified security personnel are fully capable of assessing target networks and systems to find security vulnerabilities and exploit such flaws.

GIAC GXPN

The GXPN certifies that candidates have the knowledge, skills, and ability to conduct advanced penetration tests, how to model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws.

GIAC GWAPT

The GWAPT certification certifies canidates for manual testing of complex web applications against the latest threats. Certified professionals deomstrate knowledge of web application exploits and penetration testing methodology.

GIAC GMOB

The GMOB certifies that candidates will have an up-to-date technical knowledge and thorough understanding of mobile device penetration testing and the ability to perform a basic security analysis of mobile applications.


ISO 27001 Lead Auditor

ISO 27001 auditors specialize in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO/IEC 19011.

CASS

Certified by IACRB, a Certified Application Security Specialist has demonstrated skills and knowledge nessesary to assess web applications against modern threats.

GSEC

GSEC certified security personnel have demonstrated mastery of the complexities of networks with respect to information security.

EI3PA

As PCI-certified QSAs, our auditors are qualified to conduct EI3PA assessments as Experian Independent Third Party Assessors.

Experience In Many Industries

Financial

Our team members have worked with numerous banks, insurance companies, and asset management institutions to ensure the tactical and strategic risk objectives of the organization are addressed

Retail

We have worked with multiple retail organizations as their PCI QSA, PCI ASV, as well as their Security Program Manager. Furthermore, by assisting you in building a comprehensive information security program, we can help you limit your long-term compliance management costs

Healthcare

Dara Security has worked with several top healthcare organizations. We've successfully handled the many facets of their data security programs, from strengthening existing security measures (to ensure compliance with PCI DSS, NIST, and HIPAA), to performing an overall threat vulnerability assessment

Education

Dara Security team members have worked with many educational institutions, performing security assessments and helping to build robust information security programs

Why Dara Security

QuoteThey took the time to understand our business and systems, critical to truly defining risk

Dara Security did a fantastic job with our annual PCI assessment and penetration testing. Unlike previous providers, they took the time to understand our business and systems, critical to truly defining risk. It was not simply checking boxes on a form. They've made the process efficient and painless. I can't recommend them highly enough.

Stephen Zohn

System Administrator

iModules Software

QuoteDara Security has helped us through multiple PCI projects

Everyone involved at Dara Security has been wonderful to work with! The technical team is incredible about following up. Dara Security has helped us through multiple PCI projects, and we'll continue to use them in the future.

Anson Luis

Vice President

ChargeItPro

QuoteDara Security makes the daunting challenge of PCI Documentation & Compliance much easier to understand and complete

Dara Security makes the daunting challenge of PCI Documentation & Compliance much easier to understand and complete. Although there is a lot of work involved, we always felt well-supported.

Craig Harry

Director

Learning Care Group

QuoteBarry and the group there are professional, knowledgeable, enjoyable and competitive

Always a great experience working with Dara Security. Barry and the group there are professional, knowledgeable, enjoyable and competitive. Thanks again guys!

Mike Fox

Vice President

Group ISO

Our Management Team

Barry Johnson

Barry Johnson

President / Co-Founder

Bill Serate

Bill Serate

Director / Co-Founder