Case Study:
Kotman Technology

You may download the full case study here.


The security risks that technology support companies routinely undertake can be staggering. The implicit trust relationship between a service provider, and their clients, is extraordinarily high. From possessing highly sensitive user account passwords, to having direct access to corporate data, technology firms are an increasingly attractive target for determined threats. Understanding this risk, and desiring to provide further value to their clients, Managed Services Provider Kotman Technology sought an independent review of their organization.


"The security assessment of a traditional client, and the assessment of a technology firm is completely different," said Brian Horton, CEO of Breadcrumb Cybersecurity. "You're not only assessing risk from the perspective of internal systems and processes, but also from the lens of their client support infrastructure." The developed plan was three fold: 1) assessment of isolated infrastructure assets, 2) isolation and attack of customer support platforms, and 3) direct targeting of technical team members. By leveraging varying approaches, Breadcrumb was able to provide practical and realistic scenarios for the Kotman team.


As a technology firm, we’re a prime target for threats because we hold the keys to our customer’s data. In working with Breadcrumb, they brought validation to our processes and security controls. We look forward to collaborating with Breadcrumb
— Jon Kotman, President

The engagement concluded with tangible and actionable outcomes for the Kotman staff. By understanding how a determined threat could locate and attack strategic resources, Kotman was able to refine their security posture. Once complete, engagement outcomes not only improved Kotman's defenses, but added significant benefit to all of their customers.

Services Delivered

  • External Black Box Assessment

  • Targeted Breach Campaigns

  • Wireless Assessment

Breadcrumb helps protect the infrastructure, critical data, and reputation of organizations from hackers seeking to do them harm. Based in California, Breadcrumb offers comprehensive cybersecurity services for organizations throughout the U.S. Our services include regulatory compliance, risk assessments, digital forensics, penetration testing, incident response, technical/staff training, 24/7 security operations, and on-going advisory services.