Home Services About Contact
Rimrock
Pacific Northwest Security Consulting

We Find the Gaps Before Someone Else Does It For You

Network penetration testing, physical intrusion assessments, and compliance consulting for businesses that can't afford to find out the hard way.

Schedule a Free Consultation View Services
Scroll
0
NIST 800-171 controls federal contractors must meet
0%
of breaches involve a human element — Verizon DBIR
$0
average cost per compromised employee record
1:1
direct access to your consultant — no handoffs ever
Services

Every attack surface. Covered.

Hands-on assessments tailored to your environment. No canned reports, no checkbox security.

Network Pentest

Simulated external attack against your internet-facing systems. Findings ranked by severity with clear remediation steps.

Starting at $2,500
Learn more →
Physical Intrusion

We test whether someone can walk into your facility and access sensitive systems — the same way a real threat actor would.

Starting at $4,000
Learn more →
Phishing Simulation

Controlled phishing campaigns to measure employee susceptibility and identify training gaps before an attacker finds them first.

Starting at $1,500
Learn more →
NIST 800-171 / CMMC

Gap assessments for federal contractors handling CUI. We identify where you stand and what to fix before your next audit.

Starting at $3,000
Learn more →
Who We Work With

Built for these clients

We serve three markets well. Everything we do is built around their specific needs and threat landscape.

01
Federal Contractors

Companies supporting PNNL, Hanford, and other DOE and DoD programs that handle CUI and face mandatory compliance requirements.

  • NIST 800-171 gap assessments
  • CMMC readiness prep
  • Pre-audit security testing
  • Remediation roadmapping
02
Small & Mid-Size Businesses

Pacific Northwest businesses that want real security testing — not a compliance checkbox — and need findings they can actually act on.

  • External network testing
  • Physical intrusion assessments
  • Phishing simulations
  • Plain-language reporting
03
Managed Service Providers

MSPs who want to offer security testing to their clients without building an internal practice or hiring dedicated staff.

  • White-label subcontracting
  • You keep the client relationship
  • Insured and independently operated
  • Report-ready deliverables
Why Rimrock

No bloated team. No upsell cycle.

You get a practitioner who has done this work — not a project manager coordinating offshore analysts.

01
Direct Access to the Consultant

Your engagement is run start to finish by the person you spoke with. No handoffs, no junior staff, no surprises in the final report.

02
Physical Security Is Rare. We Do It.

Very few consultants offer credible physical intrusion testing. It surfaces risk that no scanner can find — and most businesses have never tested it.

03
Built for the Pacific Northwest

We understand the regional landscape — the federal contractor ecosystem around PNNL and Hanford and the compliance requirements that come with it.

04
Plain Language Reports

Every engagement ends with a report your leadership can read and act on — not a 200-page document full of CVE numbers and CVSS scores.

05
MSP-Ready Subcontracting

White-label partner for MSPs. You keep the client relationship — we handle the engagement and deliver a handoff-ready report.

06
Priced for SMBs

Enterprise-grade methodology without the enterprise price tag. Real security testing shouldn't require a six-figure procurement process.

Ready to find out what's exposed?

Initial consultations are free. We'll tell you what we'd test and why before you spend a dollar.

Schedule a Consultation