Malleum is a cybersecurity services firm offering a broad portfolio of professional and managed security services to organizations across multiple industries, including aviation, financial services, and defense contracting. Their service offerings are organized into several practice areas: - Strategy & Advisory: Includes CMMC preparedness, security strategy and roadmap development, and Virtual C-Suite (vCISO/vCTO) engagements. - Risk & Compliance: Covers assessments and audits aligned to frameworks such as NIST, ISO 27001, and SOC 1 & 2, as well as threat risk evaluations. - Enterprise Assessments: Encompasses enterprise penetration testing, security architecture assessments, and Zero Trust network assessments. - Application Assessments: Focuses on web, mobile, and native application security testing using techniques including SAST, DAST, and IAST, as well as assessments for enterprise platforms and virtual applications. - Hardware Protection: Listed as part of their broader service portfolio, addressing physical and hardware-level security concerns. - Cyber Resiliency Assessments: Evaluates an organization's ability to withstand and recover from cyber incidents. Malleum has a noted focus on regulated industries, particularly helping organizations achieve Cybersecurity Maturity Model Certification (CMMC) compliance for those working with the U.S. Department of Defense. They also publish content around Canadian defence supply chain compliance (CPCSC). The company works with technology partners including 1Password, Cloudflare, CrowdStrike, Microsoft, Palo Alto Networks, and Zscaler. Their client base includes defense contractors, technology solution providers, and FinTech companies.