S A F E G U A R D I N G I N F O R M A T I O N E N T R U S T E D T O U S

C O M P A N Y P R O F I L E

Business name: Simphiwe Security Consulting Pty (Ltd) Trading as: SS-Consulting

Business type: Private company

Company registration number: 2017 / 057041 / 07

Customer Supplier Database (CSD) number: MAAA0408868

Tax Clearance Certificate number: 0700/2/2017/A001162377

B-BBEE Status: Level 1

General enquiries: info@ss-consulting.co.za

Sales: sales@ss-consulting.co.za

C O M P A N Y I N F O R M A T I O N

Office Address:SoftStart BTI Building , No 136, 2nd StreetRandjespark, Midrand1685

Banking details:Account Name: Simphiwe Security Consulting (Pty) Ltd.Bank: Standard BankAccount Number: 242 602 339Branch: Fourways CrossingBranch Code: 009953Swift Code: SB ZA ZA JJ

2

A B O U T U S

SIMPHIWE SECURITY CONSULTING (PTY) LTD. (SS-CONSULTING) is a Black-owned consultancy company based in South Africa that specialises in

strategic and technical consultation in the field of Information Security, Governance, Risk and Compliance.

OUR COMPANY is built on the assumption that the enterprise technology landscape is forever changing and this presents challenges of ensuring

that Security, Governance, Risk and Compliance is well entrenched within business processes, systems, products and infrastructure.

When it comes to Information Security, Governance, Risk and Compliance; we believe that there is no single “silver

bullet” approach to all company challenges.

All companies are unique in their own right, as such, we strive to acquire an in-depth understanding

of our clients’ business objectives, goals and vision in order to ensure that our solutions

do not only support critical business

initiatives, but are also an enabler to our clients’ business objectives.

SS-CONSULTING therefore provides customised on-site consulting services and assistance in the assessment of business risks, key business requirements for security and the development of security policies and processes. Our on-site consulting services include comprehensive security architecture assessments and design (including technology, business risks, technical risks and procedures).

IT GOVERNANCE, RISK AND COMPLIANCE (GRC) is often cited as one of the top 5 issues companies have to address. Due the complex nature of the industry and statutory regulations and the constantly changing threat landscape, most companies struggle to keep abreast with the regulatory landscape as well as dealing with the complexity of GRC.

This is further exacerbated by the shortage or lack of human resources to manage the GRC function. With SS-Consulting services, it is possible for companies to achieve their business objectives without sacrificing on their security and compliance requirements.

3

OUR UNIQUE, HOLISTIC AND INTEGRATED BUSINESS-DRIVEN APPROACH addresses a common problem we have experienced with most clients. This problem is that information security solutions are often designed, developed/acquired and implemented on a tactical basis. A requirement is identified, a specification is developed and a solution is sought to meet that situation. In this process there is no opportunity to consider the strategic dimension, and the result is that the company builds up a mixture of technical solutions on an ad hoc basis, each independently designed and specified and with no guarantee that they will be compatible and interoperable.

Our approach resolves these piecemeal problems through better understanding of business requirements that include, inter-alia:

• The need for cost reduction • Modularity• Scalability • Ease of component re-use• Operability • Usability• Inter-operability both internally and externally • Integration with the enterprise IT architecture and its legacy systems.

THE VISION of SS-Consulting is to uphold the highest level of integrity and to safeguard information entrusted to us.

OUR MISSION is to become the first Black-owned PCI-DSS Qualified Security Assessor (QSA) organisation and a strategic partner to our clients in the field of Information Security, Governance, Risk and Compliance.

W H Y U S ?

4

1. SERVICE QUALITY - Quality is the foundation of our modus vivendi at SS-Consulting. SS Consulting has a rigorous approach when it comes to review and quality assurance. Part of our philosophy is the brainstorming of thoughts, ideas and solutions to ensure that they are aligned with best practice,

industry standards and in due course that they add value to our clients.

2. SERVICE VALUE - Our cost structure is fair and just to ensure that our clients receive the thorough going value without compromising on the quality of the resources, skills and expertise it needs to achieve the project objectives and deliverables.

3. SERVICE EXCELLENCE AND EXPERTISE - Through its partnership with highly talented, experienced and skilled consultants; SS-Consulting offers consultancy services on the implementation of best practice programmes within the ambit of information security, IT governance,

risk management and compliance. This is our core differentiator as we are able to leverage our in-depth experience to ensure that our solutions comply with leading best practice, in addition to being practical and tailored to client specific needs. Our company is built on

the assumption that the enterprise technology landscape is forever changing, and this presents challenges of ensuring that security, governance, risk and compliance is well entrenched within business processes, systems, products and infrastructure. When it comes

to Information Security, Governance, Risk and Compliance; we believe that there is no single “silver bullet” approach to all company challenges. All companies are unique in their own right, as such, we strive to acquire an in-depth understanding of

our clients’ business objectives, goals and vision in order to ensure that our solutions do not only support critical business initiatives but are also an enabler to our clients’ business objectives.

4. INHERENT MORAL VALUES which govern our conduct as management as well as in the way we treat our clients.

5. WORK ETHIC AND CULTURE, which is the cornerstone of our foundation and way of living.

O U R S O U N D V A L U E S A R E

5

O U R S E R V I C E SOUR SERVICE OFFERING IS driven by an ethos to deliver proficient, pragmatic and practical solutions to our clients to meet their business needs and to ensure that the solutions are commensurate to our clients’ risk profile. Our consultancy services are aimed to secure our clients’ information and intellectual property from accidental leakage or theft by internal resources or cyber-attacks. Our services include:

6

SECURITY TRAINING AND AWARENESSWe offer security training and awareness in the following security domains: Protection of Personal Information Act (POPIA) Compliance; and PCI-DSS Compliance

SECURITY ASSESSMENTS AND AUDITS• Conduct security audits on OS/390 and z/OS mainframe operating systems.• Conduct security assessments on SCADA environments.• Conduct security audits on SQL, Oracle DB, SAP HANA, SAP ERP, AS400, Windows and UNIX/AIX platforms.• Conduct security assessments using ISO27001, COBIT5, NIST Framework, etc.• IT General Controls Review (ITGC)

MANAGED VULNERABILITY SERVICES AND PENETRATION TESTSThis service includes monthly or quarterly vulnerability scans using PCI-approved scanners and reporting. Network penetration tests (goal-driven) and exploitation of vulnerabilities, including a report indicating possible security exposures and recommendations for improvements.

SECURITY ARCHITECTURE SERVICESAssist clients with the design and architecture of a myriad of security solutions such as firewall systems, intrusion prevention systems (IPS), “breach detection” systems, web content filters as well as integration of various security central management solutions such as Anti-virus systems, data leakage prevention (DLP) systems, Virtual Private Networks (VPN), “Strong” (two-factor) authentication systems and Public Key Infrastructure (PKI), Trusted Endpoint Security Solution, Network Access Control (NAC) and Security Information and Event Management (SIEM).

COMPLIANCE SERVICESAssist clients in achieving the following compliance requirements: PCI-DSS compliance and/or certification; ISO27001 compliance and/or certification; and PoPI Act compliance.

INFORMATION SECURITY POLICY DESIGNThe design and documentation of risk-based information security policies and related operational procedures and secure configuration standards for each platform.

NETWORK INFRASTRUCTURE MANAGEMENT SS-Consulting provides an array of IT infrastructure management products and services to help organisations to efficiently implement and manage next-generation IT solutions while leveraging legacy computing infrastructure investment.

INFORMATION MANAGEMENT Information is the currency of the 21st century. As the world’s economies become increasingly “digital”, companies of all sizes are becoming aware of the fact that to truly benefit from their investment in IT, organisations need to ultimately derive business information from their IT systems.

Such business information can be used to identify marketplace opportunities and facilitate better business decision-making. We, at SS-Consulting, understand the necessity of proficient deployment of IT solutions and make sure that our clients have what they need to run their businesses with maximum efficiency and reliability.

CLOUD SERVICES Using both the Azure and AWS platforms, we assist our clients with migration to cloud services, including DC Migration, Cloud Management, Office 365 and Microsoft 365 deployment. Various other Cloud services such as Cloud Backup are also offered.

7

S O M E O F O U R C L I E N T S(Reference sites for Penetration Testing work)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)

Some of Our Clients (Reference Sites)Some of Our Clients (Reference Sites)

SIMPHIWE MAYISELA Managing Director

FORMAL EDUCATION

Doctor of Business Leadership (DBL) at UNISA School of Business Leadership | 2018MSc Computer Science at Rhodes University MSc Computer Science | 2011 – 2012

Information Technology Banking Learnership Programme (ITBLP) at Tshwane University of Technology | 2002 – 2003IT Diploma at University of South Africa (UNISA) | 1999 – 2002

PROFESSIONAL CERTIFICATIONS

C O M P E T E N C E & E X P E R T I S E

CERTIFICATION INSTITUTION CERTIFICATION NUMBER CERTIFICATION DATE CISSP

CISM

CRISCTOGAF9

ITILv3

QualysGuard Certified Specialist

Certified Ethical Hacker (CEH)

Sherwood Applied Business Security Architecture (SABSA)

Certified ISO27001: 2013 Lead Implementer

Cisco Certified Security Professional (CCSP)

SANS Top 20 Security Controls

Payment Card Industry Professional (PCIP)

ISC2

ISACA

ISACARealIRM

EXIN

QualysGuard

EC-Council

ALC Training

ITGovernance – UK

Torque IT

SANS Institute

PCI Security Standards Council, LLC

113125

1015351

151880636927

c.817039

n/a

n/a

n/a

n/a

n/a

n/a

1003-746

August 2007

December 2010

May 2015February 2011

July 2008

September 2010

June 2009

June 2012

February 2014

September 2009

July 2013

April 2017

8

MANAGEMENT TRAINING

C O M P E T E N C E & E X P E R T I S E

Management Development Program (MDP)

Financial Management for Non-Financial Managers

Conflict Resolution

Coaching and Mentoring

Communication Skills for Managers

King IV

Bytes Technologies

University of Stellenbosch School of Business

Leading Training

In-house Training (Business Connexion)

Front Foot

Analytix

September 2013

August 2014

May 2015

May 2015

June 2015

January 2017

COURSE ATTENDED INSTITUTION DATE

WORK EXPERIENCE

2017 – 2018 | Public Investment Corporation Head: Information Security

2015 – 2017 | Internet Solutions Information Security Officer

2014 – 2015 | UCS Solutions IT Risk Manager

2013 – 2014 | Sun International Information Security Manager

2011 – 2013 | T-Systems Security Services Manager

2008 – 2010 | Statistics South Africa Information Security Specialist

2007 – 2007 | Deloitte & Touché Information Security Consultant

2003 – 2007 | Standard Bank Information Security Analyst

9

C O M P E T E N C E & E X P E R T I S EPROFESSIONAL MEMBERSHIPS

• (ISC)2 Gauteng Chapter – Founder President• Association of Enterprise Architects (AEA)• International Information Systems Security Certification Consortium (ISC)2• Information Systems Audit and Control Association (ISACA)

AWARDS AND ACHIEVEMENTS

• Service Excellence and Going an Extra Mile –August 2006• Service Excellence – November 2006• Top Performers Award – March 2007• Exceptional Contribution Award – June 2014

MEDIA ARTICLES, PRESENTATIONS AND PODCASTS

PODCASTS:

Topic: Do Security Credentials Still Matter?Issue: 99th EpisodeMedia: Discuss IT Pubcast

ARTICLES:

Topic: CISSP-To Certify or Not?Issue: September 2012Media: Hackin9 Magazine

Topic: CIO Roundtable - Stemming the advancing mobile applications tideIssue: December 2013 – January 2014Media: IT Web Brainstorm Magazine

ITWEB ARTICLES

1. http://www.itweb.co.za/index.php?option=com_content&view=article&id=59289:-ISC-2-addresses-security&catid=450

2. Security on the Spot Series: (ISC)2

3. http://www.itweb.co.za/index.php?option=com_content&view=article&id=152596:Security-on-the-spot-with-Internet-Solutions&catid=234

4. http://www.itweb.co.za/index.php?option=com_content&view=article&id=158482:No-digital-transformation-without-sacrificing-privacy&catid=234

5. http://www.itweb.co.za/index.php?option=com_content&view=article&id=159052

CONFERENCE PRESENTATIONS

• Presented at the 20th International Computer Security Symposium and 5th SABSA World Congress (COSAC) on 2 October 2013 in Dublin, Ireland.

• Presented at the ITWeb Security Summit 2017 on the topic: “Cybersecurity and privacy in the era of digital transformation – truth or myth?”

• Presented at the Africa Cybersecurity Summit 2018 in Nairobi, Kenya.

TELEVISION

• Interviewed on the TV programme called Carte Blanche, which was aired on the 15th January 2017 with the theme of the insert titled “Who is tracking us online?”

10

H U M A N R E S O U R C E S

PROJECT MANAGEMENT

SS-Consulting is overseen by one managing director, who has appointed a qualified and experienced project manager that will be managing projects and be responsible for running the daily operations of the company.

PROJECT MANAGER

Ms Zinhle Hlongwane

DUTIES

Project Admin• Update project milestones and end dates;• Daily management of project documents on document repository system.• Update project registers (issues/risks and lessons learned); and• Update monthly billing spreadsheet for the project.

Project Initiation• Determine scope of work;• Determine Stakeholders;• Confirm technical team resources (people who will work on the project);• Schedule kick-off session; and• Create project schedule and the registers (issue/risk and lessons learned).

Project Execution• Have weekly progress meetings with the team;• Manage and track project risks and issues;• Manage and track project costs;• Manage and track project progress at all times; and• Feedback to Stakeholders.

Project Closure• Compile and sign-off closure report;• Schedule close-out meeting.

Project Reporting• Weekly progress meeting minutes;• Weekly status report; and• Monthly Client report.

11

S K I L L S M A T R I X

12

Name Level Role on Project Relevant Certifications

Simphiwe Mayisela

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Team Member

Director

Manager

Senior Consultant

Senior Consultant

Consultant (Mid-Level)

Senior Consultant

Data Architect

Consultant (Mid-level)

Project Manager

Senior Project Manager

Programme Manager

Penetration Tester

Junior Penetration Tester

Penetration Tester

Penetration Tester

Cyber Security Consultant

Cloud Security Consultant

Team Member Cloud Security Consultant

Engagement Leader – Oversight and Sign-off

Service Delivery Manager – Ensure compliance with SLA, provides oversight and Quality assurance

Years of Experience in Cybersecurity,

Governance, Risk and Compliance (where

applicable)

IT Governance: Subject Matter Expert

IT Governance: Subject Matter Expert

Information Management

Information Management

Information Management

IT Governance: Field Resource

Project Manager, Scribe, Service Delivery Manager

Project Manager, Customer Liason

Programme Manager, Project Owner

Technical Assessor

Technical Assessor

Technical Assessor

Technical Assessor

Cyber security, Vulnerability Assessor

IT Governance: Field Resource

Information Security Governance Specialist

ISO27001 Lead Implementer, CISSP, CISM, CRISC, CEH, M.Sc. Computer Science

COBIT Foundation, CISSP, CISM, CISA

CISA, CISM, CRISC, ITIL, MBCI-Business Continuity Certified

CEH, CISSP, CISM

CDMP

CDMP, TOGAF9, Microsoft Data Science OrientationMicrosoft PowerBI

CDMP, Masters Degree – Information Systems Management

CISA

Agile Foundation, PRINCE II, ITIL FoundationCustomer Services Management

Certified Associate in Project Management (PMBOK -CAPM), Fundamentals in Project Management (PMBOK Based)

Certified Associate in Project Management (PMBOK -CAPM), Project Management for Support/Admin Staff, Short Course on Enterprise Project Management Shortcuts, Project Management for Engineers

OSCP; PentestersLab UNIX Badge, ITIL CompTIA Network +, CompTIA Cloud +, CompTIA A+

Bachelor of Science In Information Technology (CTI now Pearson): 2013-2015,Certified ethical hacker (CEH)

OSCP, CompTIA Cloud +

OSCP

CEH, CISSP, CISAM.Sc. Computer Science

CISSP, AWS Cloud Security, CISA, ITIL v3PCIP, MSC Mobile Telecommunications

CISSP, CompTIA Security+, CompTIA Network+

17 yrs

16 yrs

19 yrs

17 yrs

8 yrs

12 yrs

12 yrs

5 yrs

9 yrs

12 yrs

19 yrs

5 yrs

1 yr

8 yrs

8 yrs

11 yrs

11 yrs

8 yrs

www.ss-consulting.co.za

THANK YOU for taking the time to go through our company profile. For any questions or comments, please feel free to CONTACT US.

(011) 695-4800

082 805 1949

simphiwe@ss-consulting.co.za

SoftStart BTI Building | No 136 | 2nd StreetRandjespark | Midrand | 1685