Risenhoover Consulting, Inc. (RCI) was founded in November of 2003 to offer information technology (IT) management and security consulting to businesses. Since then, we have grown to a full service firm offering services to growing businesses which have their own IT departments. We specialize in audit, assurance and compliance services, technical training, IT management consulting and automation and visualization consulting.

We have experience helping clients in the public and private sector, in a number of industries, including community banking, construction, web services, higher education and government.

Automation & Visualization

Do your administrators spend most of their time on the toil of manually performing normal operations and checking systems for security and compliance?

Automation of operating tasks can free your administrators and engineers to develop new systems and services, instead of spending all of their time on operations. We specialize in automation and compliance measurement using PowerShell to reduce toil and increase the time available for developing and implementing new systems.

Does your management team lack the information to make timely, informed decisions?

Automated operations enable easier monitoring and reporting. We can gather data from your environment using web APIs, database queries and direct PowerShell interrogation of your operating systems. We specialize in living off the land, by drawing information from the tools already used by your teams. Using a combination of time-series and relational database technology for storage, we can visualize your data using dashboards specifically designed to meet your operational, tactical and strategic decision-making needs.

Continuous Compliance

Can you easily demonstrate that your operations and systems are compliant with your internal standards, policies and regulatory requirements? How long has it been since you checked?

ISACA (formerly the Information Systems Audit and Control Association) defines compliance as (emphasis ours): Adherence to, and the ability to demonstrate adherence to, mandated requirements defined by laws and regulations, as well as voluntary requirements resulting from contractual obligations and internal policies.

RCI uses a combination of automation, visualization and operational reporting to help you know that you are compliant right now. Compliance checks can be automated to run weekly, daily, or even hourly to minimize the time it takes your organization to detect non-compliant systems.

Do you spend a LOT of time gathering evidence for internal and/or external auditors?

By automating your internal compliance data gathering, you can get the extra benefit of generating audit trails for your controls without onerous manual labor.

Management Consulting

Has your IT organization grown rapidly in recent years? Are you finding it harder to manage IT as your enterprise becomes more reliant on it?

RCI provides consulting to chief information officers (CIOs), technology officers (CTOs), information security officers (ISOs) and other IT management. We also help to "bridge the gap" between the organization's management team and their technology departments. Our goal is to help the technology team understand and respond to business needs and develop helpful communication in both directions.

We assist leaders in building strong teams which operate efficiently and minimize unnecessary toil in their daily work. In Google's Site Reliability Engineering book, they define toil as work that is manual, repetitive, automatable, tactical, and has no enduring value. By identifying unnecessary toil, your team is freed to develop new systems and work through the inevitable project backlogs and technical debt that all teams acquire over time. We assist you with developing an productive, effective team who enjoy their work and are able to deliver at a high level.

IT Audit

Are you sure that your IT controls are designed correctly and operating effectively and efficiently? Does your organization lack an internal IT audit capability.

RCI performs a range of information technology audits for client organizations. When clients lack an internal audit department, or their existing department lacks IT audit expertise, we help to fill the gap as an "outsourced" internal auditor.

We have experience performing internal audits and compliance reviews for banking, healthcare, Tribal and industrial clients. RCI can audit against your internal standards, consensus frameworks like those from the Center for Internet Security, the Open Web Application Security Project (OWASP) and regulatory guidance like the Federal Financial Institution Examination Council (FFIEC) IT Handbook. Going beyond simply presenting audit findings, we make recommendations designed to help the organization build mature, well-managed, optimized IT control environments.

Technical Training

Do your team members have the skills they need to succeed?

RCI can provide high-quality technical training to equip your staff for today's challenging IT world. We provide your organization with high-quality technical training on a wide variety of topics. We offer review classes for a number of popular technical and professional certifications. Our technical skills courses are based on industry best practices, designed to help working professionals develop the skills they need to excel at their jobs. We custom-design courses of any length on a variety of topics, based upon your needs.

Clay Risenhoover, our lead trainer, has over 20 years of experience in many types of instruction. His career has included teaching technical school certification classes and university courses at both the undergraduate and graduate level. He adds his real-world experience as a networking professional, programmer and security consultant to bring a unique and valuable perspective to his students.

Popular Course Offerings

  • CISSP CBK Review: 40 contact hours
  • PowerShell for Automation and Compliance: 8-40 contact hours
  • Auditing Web Applications: 8 contact hours

Student Comments

  • The instructor was knowledgeable, very efficient in answering questions and confusions, and very good at delivering the complicated topic in plain language.
  • CLAY ROCKS AS AN INSTRUCTOR!! He was prepared, knowledgeable, and experienced. He had great examples. He explains things well.
  • I can say that this was one of the most beneficial trainings I have had or seen on this subject. Thank you!