ABOUT THORIUM

Thorium Information Security was founded by professionals whose careers were defined by one reality — failure was never an option.

OUR STORY

Our founders spent their careers inside the U.S. government’s most demanding security environments — conducting offensive operations, vulnerability assessments, and threat analysis at the Department of Defense level. These weren’t theoretical exercises. They were real-world operations against real adversaries, where the stakes were national security and the margin for error was zero.

20+

Years of combined offensive security experience

100%

Senior-led engagements

0 Subcontractors, Junior practitioners, or vendor commissions

8+

Compliance frameworks covered

OUR MISSION

Every organization that serves American communities deserves elite-caliber security expertise. That premise drives everything we do. We are not trying to be the biggest firm in the market. We are trying to be the best firm for the clients we serve — and to deliver a standard of work that our background demands.

You work with the expert.

At large consulting firms, senior practitioners win the engagement and junior analysts deliver it. At Thorium, the person who scopes your assessment is the person who conducts it. Our clients have direct access to senior expertise at every stage of every engagement.

Our background is different.

There is a significant difference between an IT security professional and a practitioner who spent years conducting offensive security operations at the Department of Defense level. We are the latter. That experience informs how we think about threats, how we conduct assessments, and what we look for that others miss.

OUR CORE VALUES

Precision

Everything we deliver is validated, specific, and earned through hands-on work. We do not estimate findings, generalize risk, or produce reports built around templates. The standard we operated under before this did not allow for approximation — and neither does the work we do now.

Integrity

We tell clients what their security posture actually is — not what they were hoping to hear. We have no product to sell, no vendor relationship to protect, and no incentive to soften a difficult finding. Honest assessments protect organizations. Everything else is theater.

Discretion

Our clients trust us with their most sensitive vulnerabilities, their network architecture, and their compliance gaps. That access is treated with the same seriousness we applied to classified work. It does not leave the engagement. It does not get referenced. It does not get sold.

Mission

Every engagement has an objective and we stay focused on it until it is accomplished. We do not overbill, expand scope unnecessarily, or leave work unfinished. The mission focus that defined our careers in DoD service defines how we work today — the client's objective is ours, and we do not consider the engagement complete until it is achieved.

FAQ

Who founded Thorium Information Security and what is your background?

Thorium was founded by security professionals who spent their careers conducting offensive security operations and vulnerability assessments at the Department of Defense level. When we transitioned to the private sector we saw a consistent gap — organizations that handle sensitive data and carry real compliance obligations were being served by generalist firms staffed with career IT consultants who had never operated in a genuinely high-stakes environment. We founded Thorium to fill that gap.

What industries do you work with?

We work with organizations across sectors — credit unions, community banks, healthcare providers, nonprofits, higher education institutions, local and state government agencies, and others. What our clients share is not their industry. It's a commitment to taking security seriously and a need for expertise that meets that standard.

Are you a managed security service provider (MSSP)?

No. Thorium is a security consulting and assessment firm. We do not provide continuous network monitoring, 24/7 SOC services, or managed alerting. Our practice is built around high-quality assessment and advisory work — penetration testing, compliance audits, risk assessments, and strategic guidance. That focus is deliberate and it is what allows us to do each of those things at a high level.

Do your practitioners hold certifications?

Yes. Our team holds industry-recognized offensive security and compliance certifications. More importantly, our practitioners have applied those skills in real-world government environments — not just in lab settings or certification exams. Credentials matter. Operational experience matters more.

How do you protect the sensitive information you access during engagements?

With the same seriousness we applied to classified work. We sign NDAs as a standard part of every engagement. Data collected during assessments is handled under strict need-to-know protocols, stored securely, and destroyed at the conclusion of the engagement unless retention is agreed upon in writing. We do not reference client environments, share findings with third parties, or retain sensitive data beyond what is necessary to deliver your report.

Are you licensed and insured?

Yes. Thorium carries professional liability (errors and omissions) insurance and general liability coverage. Certificates of insurance are available upon request during the contracting process.

Ready to work with a firm that takes your security as seriously as you do?

We work with a limited number of clients at any time. If you are evaluating security partners, we would welcome a conversation.

Schedule a Consultation →

Thorium Information Security, LLC.

Hayden, Idaho, USA

(208) 352-2877

Sales@ThoriumInfosec.com

Company

Services