Harrisonburg, Virginia
Cybersecurity consulting for organizations that need to demonstrate their security posture to the people who matter — customers, carriers, auditors, and the Department of Defense.
The Problem
You’re a defense subcontractor being told you need CMMC certification or you’ll lose your contract. You’re an insurtech startup trying to close your first carrier deal but you can’t pass their security questionnaire. You’re a growing company that just got a 40-page vendor risk assessment from your biggest customer and you don’t know where to start.
The big consultancies want $150,000 and six months. You need clear answers, a practical plan, and someone who actually understands what the other side of the table is looking for.
What We Do
Comprehensive evaluation of your security controls against NIST 800-171, SOC 2, HIPAA, ISO 27001, or whichever framework your customers and contracts require. You get a prioritized findings report with a clear remediation roadmap — not a 200-page document that collects dust.
Real-world attack simulation against your infrastructure, applications, and networks. We find what’s exploitable before a threat actor does, and we explain the business impact in language your leadership can act on.
For defense contractors facing CMMC Level 1 or Level 2 requirements: gap assessments against all 110 NIST 800-171 controls, System Security Plan development, policy documentation, and preparation for your C3PAO assessment. We get you audit-ready.
If you’re on the receiving end of a vendor risk questionnaire — from a carrier, a prime contractor, or an enterprise customer — we help you understand what they’re really asking, prepare your evidence, and present a security posture that earns confidence.
Security isn’t a one-time project. Quarterly reviews, policy updates, evidence maintenance, and reassessment preparation to keep you compliant year over year — not just on certification day.
Why Wolfpack
Taylor Fletcher
Founder & Principal Consultant
Taylor brings hands-on experience in cybersecurity product management and third-party risk management from BlueVoyant, where he works on the platform that Fortune 100 companies, government agencies, and defense organizations use to monitor and manage supply chain cyber risk. This dual perspective — understanding what assessors look for and what organizations need to do — gives Wolfpack clients an edge that generic security consultants can’t match.
Assessor-side perspective
We build the tools that evaluate vendors. We know what they look for.
Right-sized engagements
Enterprise-grade expertise without the enterprise price tag.
Outcomes over artifacts
We stay through remediation and certification — not just the report.
Valley roots, national reach
Based in Harrisonburg, VA. Serving the defense industrial corridor and beyond.
Initial consultations are free. We’ll discuss your compliance requirements, assess your current posture, and outline a practical path forward.
info@wolfpacksecurity.orgHarrisonburg, VA · Nationwide