About Us

  1. Home
  2. About Us

company overview

Vartai Security is an Information Security consultancy based in Tampa, FL and Washington D.C. with the goal of helping clients to both understand and mitigate risks to their perimeter and internal network environments. We offer a wide array of services from standard internal and external penetration testing and web application assessments to customized black box/evasive and scenario-based assessments. Our assessments go far beyond a scan and aim at finding flaws only discoverable through hands-on manual testing. We work to tailor each assessment to the client's environment and the risks inherent to their core business. Some of our known service analogs are:

  • Network & Application Penetration Testing
  • Red Team & Breach Simulation
  • Vulnerability Assessments
  • Active Directory Security Assessments
  • Physical Security Assessments
  • Wireless Security Assessments
  • Incident Response
  • Malware Analysis
  • Vulnerability Management and Threat Vectoring
  • Asset Management
  • Network Boundary Monitoring
  • Security & Regulatory Compliance Assessments
  • Privacy Strategy Assessments
  • Audit Readiness Assessments
  • Enterprise & Startup Strategy
  • Custom Security Tool Development
  • Social Engineering Assessments
  • Virtual Training Lab Development
  • On-Site Security Training
  • Security Awareness Training

Trusted Advisor Focus

We strive to become part of your internal SecOps team and reachback support. Our professionals can provide strategic insight into enterprise security planning which matures the organization in accordance with current and future threats.

Deep Technical Knowledge

Our professionals have served in various capacities throughout their careers in all aspects of the InfoSec spectrum. We are versed in developing, assessing, and maturing information networks regardless of the technology stack in place.

Top Talent

Our professionals all originate from large "Big-4" and industry leading consulting firms. As leaders within those firms, we have crafted a dedicated team within Vartai that can provide leading services at a fraction of the cost.

Teachers at Heart

Vartai founders are deeply involved and focused on delivering security training within the InfoSec community and to our clients for a wide range of knowledge-bases. We pride ourselves on giving back to the community and building effective autonomous teams of practitioners.

what we do

Vartai provides a range of services that we separate into functional areas based on the needs of the client. We work to identify a strategic path to cyber maturity through implementing an optimum ratio of the following support areas.

Our Founding Team

  • Ben Rollin

    Founder & Managing Principal

    Ben has a decade of information security consulting experience focusing on technical IT Audit, risk assessments, web application security assessments and network penetration testing against large enterprise environments. Ben has worked as a consultant for a “Big 4” audit firm performing a wide range of information security consulting activities including IT controls audits, vulnerability and risk assessments, security program review, web application security assessments, and penetration testing. Ben has assisted state/local and federal government agencies such as the Department of Health and Human Services, the Department of Homeland Security, the United States Air Force, and the state of Maryland with complex information security needs. He also has aided private sector companies in a variety of industries (such as Finance, Healthcare, and Retail) with their information security and compliance programs. Ben has a Bachelors’ Degree in Business Administration, as well as several industry certifications including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), eLearnSecurity Certified Professional Penetration Tester (eCPPT), eLearnSecurity Certified Web Application Penetration Tester (eWPT), and eLearnSecurity Advanced Web Application Penetration Tester (eWPTX). Ben is active in the information security community and has developed a number of hands-on technical training materials for online learning platforms targeting beginner to advanced level security practitioners globally. Ben has delivered hands-on training in a competition format both domestically and abroad, including an offensive security training exercise for the Greek Ministry of Defense in Athens, Greece. Most recently Ben has been involved as the key architect of the technical exercises for the EY Asia-Pacific Cyber Challenge, a two-day event in Hong Kong consisting of teams from universities from throughout the Asia-Pacific region. Ben has a strong interest in Active Directory security and focuses time on research in this area as well as remaining current with the latest tactics, techniques, and procedures (TTPs).

  • John Dileo

    Founder & Managing Principal

    John has over fifteen years of experience in information security and is the founder of Vartai's sister company Cymantis, whose focus is delivering Vartai's service offerings within the state, local, and federal government sector. He is a 360-degree security operator with 8 years of leadership experience within PwC's Federal cybersecurity practice, where he led teams of individuals across a range of services and clients. In 2013, he founded Cymantis to deliver the full range of information security consulting to federal and commercial entities ranging from startups to Fortune 500 clients. He specializes in technical enterprise security strategy, compliance management, asset management, configuration management, threat simulation and response, risk assessments, web application security assessments, and penetration testing. His clients include the Department of Homeland Security, Department of Health and Human Services, Centers for Medicare and Medicaid Services, Nuclear Regulatory Commission, Department of Veterans Affairs, Office of Management and Budget, Social Security Administration, National Institutes of Health, Department of Labor, several large Blue Cross Blue Shield affiliates, PricewaterhouseCoopers (PwC), Ernst & Young, KPMG, Accenture, Guidehouse, and Cylance. John has deep knowledge of several adjacent technology stacks related to information security that include data science, machine learning, quantitative algorithm development, and blockchain protocols. He is active in the early venture accelerator space and provides both management and information security advisorship to several entities. John has a Bachelors' Degree in Business Information Technology, as well as several industry certifications including Certified Information Systems Security Professional (CISSP), Certification and Accreditation Professional (CAP), GIAC Security Essentials (GSEC), and GIAC Web Application Penetration Tester (GWAPT). Furthermore, John has been instrumental in maturing organizations seeking to become compliant with information security standards which include NIST Special Publications (SPs), ISO 27000, DoD 8500, FINRA, FISCAM, HIPAA, HITRUST, PCI DSS, SAS70, DISA STIGs, CSA, CMMI, and FedRamp.

  • Alain Morgado

    Founder & Managing Principal

    Alain has over 20 years of experience in information technology and information security during which he has led or participated in a multitude of security assessments for a wide variety of private sector organizations and government agencies. He recently established a security program for a local government agency which included architecting and designing policies and procedures as well as technical controls. Additionally, he developed a vulnerability assessment and management process for approximately 20,000 nodes, which included penetration testing on network critical assets using commercial and open source tools, automated and manual testing, developing custom exploits, and other methods such as social engineering. He has also developed custom applications primarily using Python and Splunk to solve specific business challenges around compliance requirements, analysis and reporting. Most recently he developed a custom Splunk dashboard to streamline the vulnerability management program for a global Fortune 500 company. This dashboard is now used by business units all over the globe to simplify ingestion of raw scan data and generate actionable reporting metrics in real-time. He has also contributed to the Splunk user community and has published a Splunk application module on their appbase which is used for extracting detailed vulnerability scan information from the Tenable Nessus Vulnerability Scanner. Alain also founded and ran an IT consulting firm in which he provided support, and information security guidance to multiple organizations spanning the Aerospace, Banking, Manufacturing, Real estate, Retail, and Public Relations industries. Alain also holds multiple professional industry certifications, including Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP) and GIAC Security Essentials (GSEC).