Enough is Enough

Enough is Enough

Is your organization the next to be breached? Go beyond compliance to proactive threat management. Fight back against cybercrime!

Learn More

Featured Coalfire Video

See why organizations in a wide range of industries turn to Coalfire to address their IT GRC challenges.

The Coalfire Blog
Top 10 Cybersecurity Predictions for 2015

Fueled by cybercrime, cyber warfare, and cyber terrorism, the cost of cybersecurity and...

About Us

Independent IT Audit and Compliance Leadership

Founded in 2001, Coalfire is a fast-growing IT Governance, Risk and Compliance (IT GRC) firm, serving as a trusted advisor and IT GRC tools-provider to security-conscious leaders in Retail, Financial Services, Healthcare, Hospitality, Higher Education, Government and Utilities. We help our clients recognize and control IT-related risks and maintain compliance with all major industry and government standards.

Our Company History

We’ve been in the IT security business for as long as it has existed. One of our first clients was a major credit card processor that was compromised by a major cyber attack. We investigated the breach, uncovered the root causes and helped create a controls program that protects our client to this day. More importantly, that firm is now a recognized leader among its peers and continues to successfully protect itself against increasingly sophisticated (and daily) attacks.

Today, Coalfire serves thousands of clients across the U.S., Canada and the UK. We are privately-held by our co-founders and a small group of outside investors, which now includes Baird Venture Partners. We're growing rapidly, hiring additional talent, and investing in Navis, Coalfire’s cloud-based compliance management solution.

Our Mission and Core Beliefs

Simply stated, Coalfire exists because of four fundamental beliefs:

1.  IT risks (a.k.a. cyber threats) are real and the risks are multiplying.
2.  As a result, most organizations face increasing industry and regulatory demands.
3.  A well-designed, well-maintained IT GRC program is your best line of defense.
4.  Compliance can only be verified via an independent assessment.

Coalfire’s continuing mission is to provide knowledge, tools, guidance and independent assessment services to all organizations. 

Credentials and Affiliations

  • Associate Business Continuity Professional (ABCP)
  • Certified Disaster Recovery Planner (CDRP)
  • Certified in the Governance of Enterprise IT® (CGEIT®)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager® (CISM®)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Internal Auditor® (CIA®)
  • Certified Business Continuity Professional (CBCP)
  • FedRAMP Accredited Third Party Assessment Organization (3PAO)
  • GIAC Penetration Tester (GPEN)
  • Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) Assessor
  • National Society of Accountants (NSA)
  • PCI SSC Approved Scanning Vendor (ASV)
  • PCI SSC Qualified Security Assessor Company (QSAC)
  • PCI SSC Payment Application Qualified Security Assessor (PA-QSA)
  • PCI SSC Payment Application Qualified Security Assessor Point-to-Point Encryption (PA-QSA P2PE)
Follow us to get the latest updates.