Industries

The team touring the studio.

GRIMM is more than a typical penetration test firm, with security researchers who are generalists, who are an inch deep on a variety of assets that need security.

At GRIMM, each security researcher and developer specializes in a handful of fields. For example, our automotive engineers aren’t just application security engineers that learned a little about CAN communications, but were indeed developers in the automotive industry before becoming security researchers and reverse engineers making them intimately familiar with the uniqueness that is securing the automotive industry.

We believe that specializing in sectors is the best way to help you better understand how to secure your unique devices, networks, applications, or platforms. Below, please see a rough list of our team’s specifications, and why we think they’re important!

Transportation Sector

At GRIMM, we believe automotive and transportation security is intrinsically linked to safety, and are committed to helping the whole industry do better. In order to really understand how to secure a vehicle, truck, plane, drone or tank, we first must have a thorough understanding of how the system or system-within-a-system is intended to work.

At GRIMM, we believe automotive and transportation security is intrinsically linked to safety, and are committed to helping the whole industry do better. In order to really understand how to secure a vehicle, truck, plane, drone or tank, we first must have a thorough understanding of how the system or system-within-a-system is intended to work. For that reason, most of the engineering team dedicate to the transportation sector hails from automotive and aviation developer roles.

With a lab in Sparta, Michigan big enough to park and reverse engineer a plane or tank, our transportation sector team researches and develops proofs of concept for the physical systems as well as the system’s connectivity (e.g. vehicle to vehicle, CAN communications, GPS, telematics, cellular, etc.). Working with the manufacturers, vendors, insurers, end users including the U.S. military, autonomous software manufacturers, and consumer advocacy groups, we help our clients view their vehicle networks through the eyes of a bad guy. Our ability to blend an engineering perspective with that of a malicious hacker, assists our automotive clients in safely developing and deploying their fleets of connected and automated vehicles. If you can drive it or fly it, we’ve probably reverse engineered it!

But don’t just take our word for it. GRIMM believes firmly that showing is more compelling than simply telling, and in this spirit, build a mobile hacking demonstration to help automotive executives, security personnel, and citizens alike to understand the vulnerability of their vehicles to a cyberattack. In ten simple steps, our demo will teach you how to take control of the electronic components of a modern vehicle. Interested in your own demo to train your own workforce? Contact us to discuss if we can help!

Internet of Things

Governments, businesses, citizens - we all rely on the increasing number of connected devices in the Internet of Things (IoT) every single day.

Governments, businesses, citizens - we all rely on the increasing number of connected devices in the Internet of Things (IoT) every single day. Like the transportation sector, and critical infrastructure, the security of IoT devices implicates an individual’s safety and privacy. The IoT team focuses on conducting security assessments of the hardware, firmware, and software of IoT devices, as well as its communications links, and encryption. As security of IoT devices has historically been an afterthought, many vendors need assistance with design and implementation review, source code or binary review, in addition to vulnerability assessments of the device itself.  Like in many of our other practices, GRIMM believes helping vendors and manufacturers, as well as consumers understand that developing and ultimately buying secure IoT devices common to an everyday household is best served by a demonstration. “Howdy Neighbor” is GRIMM’s IoT capture the flag-like competition, with more than thirty IoT challenges including webcams, toasters, smoke detectors, power meters, HVAC systems, sprinklers, video game consoles, locks, and light bulbs. More than just showing folks how your Nest smart thermostat can take over your home, Howdy Neighbor actually demonstrates the problem and raises awareness to help train the general public on the importance of IoT device security. Interested in your own demo? Contact us to discuss if we can help!

Federal Defense and Intelligence

GRIMM cares deeply about national security and the U.S.’ ability to project power as necessary, in large part because over half of the team has worked for the U.S. government as military officers, senior government officials, or contractors in their previous careers.

With over half of our team having worked for the U.S. government as military officers, senior government officials, or contractors, GRIMM cares deeply about national security. Building on this operational experience, GRIMM provides forward-looking research, development, test and evaluation (RDT&E) for the Department of Defense and the Intelligence Community’s unique challenges operating in and through cyberspace. Additionally, GRIMM provides end-to-end security assessments of its contractor base for purposes of protecting the U.S. government’s supply chain.

Critical Infrastructure

GRIMM has long roots working to secure critical infrastructure by conducting security assessments, and helping develop security framework

GRIMM has long roots working to secure critical infrastructure by conducting security assessments, and helping develop security framework standards including the Uniform Cost Accounting International Users Group Advanced Metering Infrastructure (AMI) Security and Smart Grid Security working group, and the NIST standards for Cyber Physical Systems (CPS) which includes the whole gamut of critical infrastructure including health care, emergency response, traffic flow management, electric power generation and delivery, and evolving critical infrastructure areas such as election equipment. Our range of expertise extends across AMI, control software, human machine interfaces, programmable logic controllers, and other pertinent embedded devices at the intersection of operational software, firmware, and hardware. The Critical Infrastructure team overlaps with the Automotive and Transportation Sector team, which provides a unique skill set for evaluating the security of the grid as it relates to electric vehicle infrastructure and charging stations.  To be able to demonstrate the vulnerabilities in industrial control systems, GRIMM teamed with other leading industry experts to develop the ICS Village, a non-profit that brings experiential learning and awareness of ICS security so utility executives, ICS security personnel, and citizens alike can understand the vulnerability of critical infrastructure to a cyberattack. Contact the ICS Village for more information.

Banking, Finance, and Digital Currencies

The Financial Sector is consistently at high-risk for cyber attacks - and raising the barrier of entry so that the entire industry is better able to defend themselves is something we’re very committed to at GRIMM.

The Financial Sector is consistently at high-risk for cyber attacks - and raising the barrier of entry so that the entire industry is better able to defend themselves is something we’re very committed to at GRIMM. For each engagement in the highly regulated finance sector, GRIMM puts together a skilled team of security researchers, engineers, and consultants work hand-in-hand to customize solutions and recommendations for clients. This helps clients to better understand their security risk by identifying fraud, theft, and susceptibility of data breach through the discovery of vulnerabilities in application, embedded systems, and networks. Additionally, GRIMM’s expertise in encryption, custom cryptography, and blockchain technologies has made it one of the go-to security firms to evaluate the design, implementation review, and overall security of crypto and digital currencies. GRIMM’s consultant practice helps clients develop a customized repeatable plan to know how to address key cybersecurity issues that arise, and clearly understand roles and responsibilities, particularly in evolving technology areas.

Medical IT & Healthcare

The healthcare industry is threatened not only by external actors, but internal ones as well. Whether it is due to human error, such as fat fingering data entry, disposing of sensitive information in an improper manner, or otherwise being careless, either intentionally or unintentionally.

The healthcare industry is threatened not only by external actors, but internal ones as well. Whether it is due to human error, such as fat fingering data entry, disposing of sensitive information in an improper manner, or otherwise being careless, either intentionally or unintentionally. In addition to testing workforce susceptibility to phishing or improper file transfer or handling, a skilled team of security researchers, engineers, and consultants to work hand-in-hand in customizing technical and policy solutions and recommendations for clients. This helps clients to better understand their security risk by identifying internal and external threats including in the hardware, firmware and software of medical devices, networks and infrastructure, applications, and in the workforce itself. GRIMM also offers business and industry consultation services in healthcare with robust understanding of this highly regulated environment.