GlobeISS LLC is a USA army veteran-owned cybersecurity consultancy helmed by David Robertson. David is a cybersecurity professional with multiple certifications and over 16 years of experience in information security with special emphasis in operational technology (OT/ICS/IoT/SCADA) security and AI security. He serves on the SANS Advisory Board and has delivered security engagements across three continents.
GlobeISS builds production-ready security tools, not demos. Its proprietary platform Kusanagi-No-Kajiki (KNK) automates OT assessment delivery, reducing full-scope industrial security engagements from three weeks to eight days. The firm also developed an AI red teaming and security validation framework covering MITRE ATLAS, OWASP LLM Top 10, multi-turn attack chain testing, and input/output guard evaluation using PyRIT, LangChain, and Semantic Kernel.
Core services include OT/ICS security assessments for manufacturing, energy, and critical infrastructure environments; AI and LLM application security audits; Python-based security automation and custom tool development; vulnerability management consulting; and cybersecurity program development across governance, risk, and compliance (GRC).
GlobeISS also provides virtual CISO (vCISO) services for organizations that need executive-level security leadership without a full-time hire. This includes security program maturity assessments, risk quantification and board-level reporting, policy and standards development, regulatory compliance roadmapping (NIST CSF, IEC 62443, CMMC, SOC 2, HIPAA), vendor risk management, incident response planning, and cyber insurance readiness evaluation. The vCISO engagement model scales from strategic advisory on a monthly retainer to hands-on program buildout depending on organizational needs.
GlobeISS has led full-lifecycle OT assessments including asset discovery across SPAN port mirroring, S7comm, PROFINET, Modbus TCP, and LLDP protocols, delivered executive risk dashboards, and managed multi-site expansion programs. The firm also delivers penetration testing, network security architecture reviews, security awareness training, and third-party risk assessments. Every deliverable ships with security best practices built in from the architecture layer up.