About Nimble Defense

Nimble Defense was founded for the sole purpose of helping small businesses tackle their cybersecurity needs.

Our founder, Nikolai Vargas, helped start and run one of the largest and most successful IT Managed Service Providers in Chicago for 17 years. A key differentiator for that organization was how he, as Chief Technology Officer, incorporated security into all aspects of its operation.

That foresight enabled the organization to stay ahead of the cybersecurity curve. In addition, that venture gave him insight into the specific cybersecurity needs for a myriad of industries including financial services, professional services, legal services, insurance, non-profit organizations, hospitality, education, and manufacturing. Cybersecurity became his passion, and so Nimble Defense was launched in 2020 to bring focus, knowledge, and expertise to small businesses everywhere.

Who We Serve

Nimble Defense works with small businesses that share a few traits:

Frequently Asked Questions

Once you accept our Statement of Work (SOW) and your deposit is received your assessment will be scheduled. The start time will vary depending on the time of year and our current workload, but it is typically 2-3 weeks. Once an assessment begins, we endeavor to deliver our final report to you in 21 days or less. Please note that this schedule is largely based on the involvement of your organization’s stakeholders in the assessment. Their involvement and responsiveness are critical to the success and timing of the assessment. There will be information we need from your organization as well as meetings to be held to advance the assessment toward completion. In addition, technical difficulties can cause our assessment tools to not function properly, and we may need to involve your IT partner to overcome the issues.

Scanners and technical tools only provide part of the insight into your organization—very few organizations have a single person with full knowledge of all IT’s interworking and dependencies. We need to meet with stakeholders, department heads, IT partners/staff, and potentially staff with specialized knowledge of your data storage and processing methods. One of the first steps of any assessment is to identify your Attack Surface—where do you store sensitive data, what systems are externally accessible (including cloud applications), is the publicly available information we have collected about your organization accurate, and what systems are most important to your organization’s goals. The size and complexity of your organization will dictate how much time we need with your people.

Early in our engagement Nimble Defense will ask you to sign a mutual non-disclosure agreement. We do this because we need to learn about your organization’s cybersecurity needs to provide an accurate Statement of Work (SOW). We will also disclose sensitive information to you such as our pricing, partners, methodology, and tools during the engagement. We believe it is best that all parties understand that confidential information will be shared and should be protected for the sake of everyone involved. Nimble Defense purges all confidential information we gather about your organization 90 days after the conclusion of an assessment or follow-up assessment.

No. Nimble Defense is focused on advisory, assessment, and facilitation services for your cybersecurity program—similar to the role of a Chief Information Security Officer in a large enterprise. MSSPs are responsible for the implementation, maintenance, and monitoring of cybersecurity hardware and software. They are subsequently responsible for identifying cyberattacks and responding to them in a timely manner. They can be a division of your traditional MSP (Managed Service Provider) or a separate entity. Nimble Defense can connect you with established MSSPs if you desire.

No. Nimble Defense is focused on advisory, assessment, and facilitation services for your cybersecurity program—similar to the role of a Chief Information Security Officer in a large enterprise. SOCs typically implement a Security Information and Event Management (SIEM) solution on your network to gather information from every possible source like firewall logs, server logs, and even workstation logs. The SIEM aggregates all of this information, correlates events from one device with others, runs this massive amount of data through various algorithms to reduce the “noise,” and then security analysts review the results to determine if a cyberattack is taking place. Most SOCs then alert an MSSP, internal IT staff, or a separate Incident Response Team of their findings so that action can be taken. Nimble Defense can recommend SIEM/SOC solutions for different use cases.

No. Nimble Defense is focused on advisory, assessment, and facilitation services for your cybersecurity program—similar to the role of a Chief Information Security Officer in a large enterprise. Incident Response (IR) Teams are who you contact if a cyberattack is successful or a data breach occurs. They engage the attackers to observe their actions, determine their entry point and goals, gather data about their identity, remove the attacker’s access, and then close the gaps that allowed the attacker into the network. They may work with or subsequently engage a separate Digital Forensics Team who will gather evidence about the attack to be used in legal proceedings. Nimble Defense can recommend IR Teams if needed, but they typically operate based on a retainer directly with clients for fastest response.

You can call Nimble Defense and we will advise you on how to address the situation. However, we believe an ounce of prevention is worth a pound of cure. No cybersecurity solution is 100% foolproof. At Nimble Defense, we promote the concept of Cyber Resilience as every organization’s ultimate goal. Cyber Resilience works to defend against cyberattacks, but also acknowledges that they do occur despite best efforts, so it incorporates policies and plans on how to respond to a variety of cybersecurity incidents, and how to expedite the organization’s return to normal operation. The most critical components of Cyber Resilience are preparation in the form of a documented Incident Response Plan, with some form of testing to ensure it is functional, and the maintenance of offsite backups for the worst catastrophes.