Rimrock Security finds the gaps in your defenses — through your network, your email, and your front door.
They're found by someone who thinks like an attacker — testing not just your technology, but your people and your physical access controls.
Rimrock Security specializes in hands-on penetration testing and compliance assessments for Pacific Northwest businesses, federal contractors, and the MSPs that support them.
You work directly with Cody Shepherd — not a junior analyst running automated tools while a senior consultant puts their name on the report.
Every engagement is hands-on and tailored to your environment. No canned reports, no checkbox security.
Simulated external attack against your internet-facing systems. Findings ranked by severity with clear remediation steps your team can act on.
We test whether someone can walk into your facility and access sensitive systems or information — the same way a real threat actor would. Access controls, tailgating, badge systems, employee awareness.
Controlled phishing campaigns against your organization to measure employee susceptibility and identify where training is needed before an attacker exploits it.
Federal contractors handling CUI are required to meet NIST 800-171 and increasingly CMMC standards. We assess your posture, identify gaps, and deliver a prioritized remediation roadmap.
You get a practitioner who has done this work — not a project manager coordinating offshore analysts.
Cody runs your engagement start to finish. No handoffs, no junior staff, no surprises in the report.
Very few consultants offer credible physical intrusion testing. It's one of the most effective ways to surface real risk — and one of the most overlooked.
We understand the regional business landscape, the federal contractor ecosystem around PNNL and Hanford, and the compliance requirements that come with it.
Every engagement ends with a report your leadership can read and act on — not a 200-page document full of CVE numbers your IT team has to translate.
We work as a subcontract partner for managed service providers. You keep the client relationship — we run the engagement and deliver a report you can hand off directly.
Enterprise-grade methodology without the enterprise price tag. Security testing shouldn't require a six-figure budget.
Founder & Principal Consultant
Tri-Cities, WA
Pacific Northwest
Cody Shepherd is the founder and principal consultant at Rimrock Security LLC. With hands-on experience spanning network penetration testing, physical intrusion assessments, and social engineering, Cody brings a full-spectrum attacker's perspective to every engagement.
Rimrock works with businesses across the Pacific Northwest — from small businesses getting their first security assessment to federal contractors navigating the CMMC certification process.
Every engagement is run personally. When you hire Rimrock, you're not buying access to a firm — you're working directly with the person doing the work.
Whether you need a specific assessment or aren't sure where to start, reach out. Initial consultations are free.