OnDefend Named One of the Best Places to Work on the First Coast

At OnDefend, we often talk about our mission to help organizations prepare for and defend against real-world threats. But behind every achievement is something just as important — our people. That’s why we are proud to share that OnDefend has been named one of the Best Places to Work on the First Coast.

This recognition, awarded by Quantum Workplace, is based entirely on the voices of our employees. Through anonymous surveys, team members shared their candid thoughts on what makes OnDefend more than just a workplace but a community built on respect, purpose, and authenticity.

What Our Team Had to Say

Here are just a few of the powerful things our employees shared (and no, we didn’t get to read these until after the awards we’re announced.):

“The work I’m involved in, my position in the company, and the people I work with and for are why I can say this is the best place I have ever worked in my entire career.”

“I came from a corporate environment where employees were often treated as just another cog in the machine. There was little effort to truly value or recognize individual contributions. This company is completely different. Here, titles don’t define how people interact—everyone is treated with respect and authenticity.”

” I’ve worked for many companies and corporations over the years, but OnDefend has been the BEST place to work out of them all, by far.”

” OnDefend leadership saw my potential and took a chance, and I have been grateful for that decision ever since! Strong core values, making an impact for our clients, and the ability to work hard and have fun are the cornerstones of the culture that has been created.”

“I have never felt any differences in positions or titles—everyone treats each other equally.”

“This is the first time being in a company that appreciates your hard work but also feels that it is important to have that work–life balance.”

Want to join the OnDefend team? Check out our openings here: Join the Team

At OnDefend, success isn’t just about growth, it’s about impact. This year, the OnDefend team has earned the #4 spot on the Fastest-Growing Companies list according to the Jacksonville Business Journal, achieving an impressive 116.93% growth rate.

This marks the third year OnDefend made the list — and as the saying goes, third time’s the charm.

This recognition is more than a ranking. It reflects the team’s relentless drive,  commitment to innovation, and mission to secure our future.

A Purpose That Drives Us

When asked what motivates him as a leader, CEO Chris Freedman points to the mission that has guided OnDefend since 2016.

“What motivates me as I lead our team is the profound purpose behind what we do. At OnDefend, our mission is to secure the world’s future — but our legacy is deeper than that. It’s about leaving a lasting, positive impact not just here in Jacksonville, but across the U.S. and globally.”

Whether preparing Fortune 500 companies for threats, supporting the cyber-readiness of our military, or working with government agencies, OnDefend is protecting more than just networks. We’re protecting national security, citizen safety, and data sovereignty.

Challenges That Shape Us

Growth comes with challenges — and each has made OnDefend stronger.

“The biggest challenge we’ve faced as OnDefend has grown is adapting to constant transformation — both within our company and in the world around us. We’ve navigated multiple parallel journeys: from service market fit to software innovation, from national relevance to global scrutiny, and from startup grit to scalable execution.”

These challenges have fueled our adaptability and resilience, proving that the most meaningful growth happens in the face of change.

Innovation That Defines Us

Innovation continues to set OnDefend apart. One of our most pivotal milestones was being selected as TikTok’s Independent Security Inspector — chosen over some of the world’s largest cybersecurity firms.

“This wasn’t just about visibility; it affirmed our ability to operate at the highest levels of national trust and scrutiny.”

This moment reinforced our reputation as a trusted global partner in securing user data and defending against foreign threats.

The Reward of Building Together

While recognition like the #4 ranking is an honor, CEO Chris Freedman points to something even more rewarding: the people behind the success.

“The most rewarding moment this year has been simply spending time with our unparalleled team — a group of professionals who come from the highest levels of the military, government, and private-sector cybersecurity. Their expertise, humility, and passion inspire me every day.”

It’s this team — their dedication, innovation, and shared love of the mission — that has made OnDefend’s third appearance on the list possible.

Read the original report: https://www.bizjournals.com/jacksonville/c/meet-the-2025-class-of-fast-50/37169/fast50-ondefend-llc.html

What Security Leaders Should Know About Security Control Gaps in CrowdStrike Deployments

Too often, we assume that once a tool like CrowdStrike is deployed, it’s working exactly as intended. But assumptions don’t equal assurance. That’s why CrowdStrike security control validation is becoming a critical step for security leaders who want to verify that detections are firing, alerts are escalating, and teams are responding before a real attacker puts those assumptions to the test.

Some of the world’s most well-known organizations use CrowdStrike, and it’s a smart investment. But working with security leaders across dozens of industries, one thing is clear: even the best EDR/XDR deployments can fail silently. That’s not an attack on CrowdStrike. It’s the reality of enterprise-scale environments where configurations drift, people make changes, and the responsibility for detection and response is split across internal and external teams. When something breaks quietly, it doesn’t always throw an alert. So everything looks fine until a real threat slips through. And at that point, the board isn’t asking if you bought the right tool. They’re asking why it didn’t work.

What causes these security control gaps?

Most of the CrowdStrike customers we work with believe their security tools (EDR/XDR/SIEM), internal SOC teams, and/or Falcon Complete or third-party MDR are doing what they’re supposed to. But when we test them using real-world attack TTPs, they’re surprised by what we find.

Here’s why:

  • Sensors get missed or go inactive.
  • Default policies may not log or alert on real-world threat activity.
  • Custom IOAs are rarely tuned to their environment.
  • Updates or integrations break detection logic silently.
  • 3rd-party MDR or SOC teams assume you’re handling it and vice versa.

Individually, these issues might seem minor. However, they add up to real blind spots. For example, in one recent assessment, we emulated a credential dumping technique on an endpoint with Falcon installed. Falcon didn’t alert. Why? It was a simple policy misconfiguration, and no one noticed because the control wasn’t designed to throw an error.

In another case, a customer’s integrated SIEM was ingesting Falcon data, but was configured to ignore detections below a certain severity. The SOC never saw our activity, and SLA response time tracking never even started.

These aren’t uncommon. In fact, they’re everywhere.

What can security leaders do about it?

To be clear, these issues aren’t signs of failure. They’re signs of complexity. Modern security environments are dynamic and distributed, with constant changes and shifting responsibilities.

That’s why proactive security control validation is essential. But that doesn’t mean running another audit or compliance checklist or assuming a penetration test will find these gaps. It means:

  • Testing your CrowdStrike deployment in its current state, not just at initial rollout
  • Simulating real-world threats, not just theoretical detections
  • Validating that detections fire, alerts escalate, and response happens within SLA

This approach gives you more than a pass/fail answer. It gives you clarity on what’s working, what’s misconfigured, and what gaps are created by day-to-day operational changes.

Final thoughts on CrowdStrike operational assurance

Security leaders don’t want to guess. You want confidence. Confidence that the tools you’ve invested in are protecting the organization, and that the teams managing those tools are ready when a threat hits. Validating your CrowdStrike deployment is one of the clearest ways to build that confidence. While CrowdStrike offers Falcon Operational Support to help organizations configure and optimize the Falcon platform, our independent assessments complement these services by continuously validating whether those configurations and detection policies are working as intended—long after deployment.

While this post focused on CrowdStrike, the same guidance applies across all detection tools and MDR providers. Whether you’re using Falcon, Defender, SentinelOne, or something else entirely, security control validation helps you prove that your defenses work when it matters.

 

Want to learn how security control validation is different than a pentest?  Security Control Validation: Why Testing Once Isn’t Enough to Stop Threats

You’re Only Testing Half the Attack Surface

Many organizations run external penetration tests. It’s expected. It satisfies compliance requirements. It checks a box and results in a clean report.

Here’s the issue: Most attackers don’t stop at the front door. They phish credentials, exploit internal systems, escalate privileges, and move laterally. Once they’re in, the real damage begins. That’s why internal penetration testing is critical—and it’s what most organizations are missing.

Compliance Is a Baseline, Not a Strategy

We see this all the time. A company runs annual external tests, scans internet-facing systems, and addresses a few vulnerabilities. On paper, things look fine. However, none of that tells them what happens if an attacker gets inside. It doesn’t test segmentation, reveal privilege escalation paths, or expose shared credentials and legacy systems. Internal testing does. That’s where the actual risk hides.

External vs. Internal: What’s the Difference?

External Pen Test Internal Pen Test
Simulates An attacker on the internet targeting your public-facing systems*

An attacker who has already gained access (e.g., via phishing, stolen credentials, or insider threat)
Focuses On External exposed IP addresses for vulnerabilities and exploitable systems

Lateral movement, privilege escalation, internal systems, and data access
Common Goal Find vulnerabilities that could allow someone to gain a foothold from outside your organization

Understand what damage could be done post-breach and how well internal defenses hold up
Compliance Requirement      Often required (e.g., PCI, HIPAA)

Less commonly required, but critical for risk

Note: Web apps can also be tested; to ensure a robust assessment a dedicated application-layer testing, which focuses on specific areas beyond the scope of an external network penetration test is required.

Why You Need Both

External tests show how attackers get in; internal tests show what happens next. Combined, they provide a full picture of your organization’s exposure. Want a breakdown of what kind of penetration testing is right for your organization? We’ll walk you through it.

Real-World Example: What We Found

A regional healthcare client had never performed an internal pentest. Although their external results looked strong, once inside the network, we uncovered serious risks.

We were able to:

  • Move laterally between departments

  • Access sensitive health records

  • Escalate to the domain admin

  • Disable detection tools without alerting anyone

All of this was easily remediated, but only because it was discovered through internal testing.

If You Only Test the Outside, You’re Guessing

Most security teams understand that breaches can and do happen. That’s why detection and response capabilities are a priority. But without testing the internal environment like a real attacker, you’re relying on assumptions.

Internal penetration testing helps answer key questions:

  • Are segmentation and security controls working?

  • What happens after a phishing attack or credential theft?

  • How quickly can an attacker escalate and move?

  • Will your tools detect the behavior?

Want to simulate a real-world attack safely? Our breach and attack simulation platform, BlindSPOT,  is purpose-built for that.

What to Do Next

External tests meet compliance needs. But paired with internal testing, you now have the full picture. If you’re serious about protecting what matters, it’s time to test your assumptions, before an attacker does.

Let’s schedule a discovery call and talk about what an internal pentest would look like for your environment.

 

Security Control Validation: Why Testing Once Isn’t Enough

No security team plans for failure. Yet time and again, when real-world attack simulations are launched, critical gaps in detection and response emerge — even in well-funded, mature environments.

Why? Because traditional security assessments and out-of-the-box tool configurations aren’t enough to protect against adversaries. Organizations need continuous security control validation — real, ongoing testing to ensure their defenses are detecting and stopping threats before damage is done. This concept is reinforced by guidance from the National Institute of Standards and Technology (NIST), which emphasizes the importance of assessing whether controls are implemented correctly, operating as intended, and producing the desired outcome — not just whether they exist.

 

The Problem: Security Control Failures Are Everywhere 

Even in environments with top-tier security investments — endpoint protection, SIEMs, EDR/XDR platforms — critical controls often fail silently:

  • Alerts don’t trigger when ransomware executes.
  • Lateral movement activities go undetected.
  • Evasion techniques bypass EDRs completely.
  • Response teams are delayed because detections never reach them.

These gaps aren’t because teams are negligent. They’re because security control testing isn’t happening regularly enough — and attackers evolve faster than static defenses.

Why Continuous Security Validation Changes the Game

Traditional security controls assessments (often checklist-driven) validate whether a control exists — not whether it works against real threats.

Continuous security testing and validation changes the approach by:

  • Regularly simulating adversary behavior mapped to the MITRE ATT&CK framework
  • Testing detection, response, and containment capabilities across your live environment
  • Identifying misconfigurations and telemetry gaps before attackers do
  • Enabling security teams to adjust and optimize quickly, not after a breach

When security leaders embed continuous security control validation into their programs, they move from passive monitoring to proactive resilience.

How OnDefend Helps Teams Validate What Matters

At OnDefend, we specialize in threat detection and response validation that goes beyond traditional pentests. Pentests are our bread and butter, so we know the gaps our customers have. Our approach leverages real-world attack simulations — including ransomware, lateral movement, and data exfiltration — to ensure your security controls perform when it matters most.

Whether you’re validating EDR/XDR investments, preparing for regulatory audits, or strengthening your incident response posture, our testing provides the evidence you need to:

  • Improve mean time to detect (MTTD) and mean time to respond (MTTR)
  • Close critical visibility gaps
  • Justify security investments with real outcomes

Security Controls Can’t Be Assumed. They Must Be Proven.

Every day without continuous validation is a day you’re trusting your defenses blindly. Let’s change that. Talk to our team about security control validation. Contact us here.

 

Want to learn why continuous security control validation is critical? Read this blog next.