Cyber Security Services- Securing Fortune 100 companies since 2014
Cyber Security Services (CSS) is an independent cybersecurity consulting firm headquartered in Westerville, Ohio (Columbus metro). Since 2014, we have helped organizations across the United States strengthen their security posture, manage cyber risk, and meet complex regulatory requirements — not through generic frameworks applied uniformly, but through the kind of senior-practitioner engagement that produces auditable, durable security outcomes.
When the National Institute of Standards and Technology developed the NIST Cybersecurity Framework in 2013 — the document that became the foundational standard for cybersecurity risk management across the United States — CSS founder Matt Santill was among the original contributors. His formal submission on behalf of Broward College is documented in the permanent public record at NIST.gov, alongside contributions from Microsoft, IBM, Honeywell, the Department of Homeland Security, and the Department of Defense.
CSS also participated in ANSI’s ISO/IEC 27001 security standard development efforts, giving the firm direct working exposure to two of the frameworks that now define enterprise security and compliance expectations worldwide.
When your auditors evaluate your security program against the NIST CSF, they are measuring you against a framework CSS helped shape.
CSS has delivered penetration testing, security assessments, and compliance programs to approximately 10% of the top 100 companies on the Forbes 2024 Global 2000 list — among the most demanding security environments in existence. Our clients span healthcare, financial services, higher education, defense contracting, SaaS, and mid-market enterprise across the United States.
We have completed hundreds of assessments and built security programs that have satisfied regulators, withstood audits, and measurably reduced organizational risk. That track record is the result of one consistent operating principle: senior practitioners do the work.
operating under HIPAA's most stringent requirements
navigating SEC, FINRA, and GLBA cybersecurity obligations
working toward CMMC certification
building practical cyber programs
that have decided checkbox compliance is no longer sufficient
CSS doesn’t just apply the NIST CSF, ISO 27001, and HIPAA frameworks — our founder helped develop one of them and our team contributed to another. That practitioner-level understanding of why these frameworks were constructed, what problems they solve, and where they are most commonly misapplied is embedded in every assessment and program we deliver.
The cybersecurity consulting industry has a well-documented problem: senior experts sell engagements and junior staff deliver them. At CSS, a senior practitioner leads every engagement — not from a distance, but in the work itself. Our virtual CISO, cybersecurity consulting, and assessment engagements are produced by the people with the credentials and the track record, not supervised by them.
CSS does not resell security products. We hold no vendor certifications that create financial incentives to recommend particular solutions. Our assessments and recommendations reflect what your organization actually needs — not what generates a referral fee.
CSS is led by a seasoned executive team of former security founders with deep experience building and scaling cybersecurity companies. Our leaders have owned and operated cybersecurity firms serving healthcare, financial services, higher education, and public sector clients, and bring hands-on expertise across NIST CSF, ISO/IEC 27001, SOC 2, PCI DSS, HIPAA, GLBA, and emerging FINRA and SEC cybersecurity expectations.
Matt Santill serves as founder and guides the firm’s overall security strategy and delivery standards. In addition to his contributions to the NIST Cybersecurity Framework, Matt has been published and quoted in industry and business outlets on cybersecurity risk management and governance.
If your organization has decided checkbox compliance is no longer sufficient, let’s talk.
Cyber Security Services provides comprehensive penetration
Ransomware campaigns can encrypt an entire enterprise
Your organization needs executive-level cybersecurity
In 2025, attackers exploited new vulnerabilities
The average U.S. data breach now costs $10.22 million
Artificial intelligence is the fastest-growing attack surface
Cybersecurity consulting is not about generating.
Family offices and the families they serve have become.
Education is the most targeted industry for cyberattacks
Healthcare faces a cybersecurity crisis unlike any other industry
Government agencies at every level face an intensifying
In 2025, attackers exploited new vulnerabilities
Financial institutions face the highest data breach costs
