Protiviti’s infosec practice has been around since the company’s founding in 2002. What started as a small team of a dozen compliance and infosec professionals has grown substantially since then, to over 200 infosec professionals today.

Our practice has a few main groups:

• Local Security Consulting Personnel – The largest overall group (combined), our local information security personnel perform the full spread of information security projects. Most of these projects are PCI related (gap assessments, remediation help, formal assessments), though we also have a number of projects related to HIPAA, privacy, security strategy, and internal audit support (e.g., mobile device audits). We also do some pen testing, vuln assessments, and incident response-related work from these local offices.
• Pen Testing/Vuln Scanning Labs – These groups do most (but not all) of our pen testing and vulnerability scanning work. They are based in Philadelphia, Chicago, and New York, with some remote testers. 
• Incident Response/Forensics Lab – This group is based in New York and performs most (but not all) of the incident response and forensics work we do. 
• Security Operations Center Group – This group is distributed across the country, but primarily East Coast-based, and helps companies stand up SOCs, primarily with ArcSight.

While the above groups have their own specialties, it is important to note that there is crossover between the groups. If you become interested in a particular area of security, it is pretty easy to become more involved in such projects by reaching out to the right people.