Jacob Foster Davis, C|CISO (BreachBits, Inc.) - RP

J. Foster Davis is a Certified Chief Information Security Officer (C|CISO) in the Greater Washington, D.C. area. He has an academic background in Information Assurance, Artificial Intelligence, and space systems engineering.

He is co-founder of BreachBits, an AI & Automation powered Red Teaming service.



Multi-Dimensional Value

BreachBits is a cloud-based AI and Automation-powered Red Teaming company that uses the power of Red Teaming to deliver:

  • Automatic validation of up to 130 CMMC Practices, across all 5 CMMC Levels
  • Satisfaction of Penetration Testing requirements
  • Satisfaction of Red Teaming requirements
  • Satisfaction of some continuous monitoring requirements
  • Self-assessment tools and dashboards
  • Robust validation of NIST SP 800-171 control practices
  • No on-premise installation, everything is served from the cloud

Direct Satisfaction of Practices

When your organization subscribes, you instantly satisfy 23 of the 171 CMMC practices across all 5 CMMC Levels.  Our direct satisfaction is best suited for organization seeking CMMC Level 3, 4, or 5, but our dashboarding and measurement tools provide enormous value no matter your CMMC Level.

Wide Domain Coverage & Dashboarding Tools

We provide value across all CMMC domains, with the exception of Physical Protection (PE).

How we can best integrate with your team

As an automation company that specializes in Red Teaming, we are practices at working with our clients to achieve both compliance satisfaction and actual security against malicious hackers.

We directly measure which CMMC Practices are in place, and provide proof of those measurements so that you know where you need to focus your limited resources.  We also provide the documentation you need to demonstrate compliance during your assessment.  Your security, IT, and compliance teams have direct access to your CMMC dashboard, where they can view our direct measurements and even record self-assessments to track your readiness.

For premium clients, we will also work directly with your security, IT, and compliance teams to quickly find, fix, and finish gaps.  We save you time, which saves you money.

Where we fit best

In a nutshell, we offer a cloud-based, continuous monitoring of your IT infrastructure from the hacker's perspective.  That means we are constantly measuring where your assets are, what is making them vulnerable, and how to attack them.  Most of our clients bring us onboard to safely attempt to breach their security - before the bad guys do.

This same technology allows us to continuously monitor and validate the vast majority of the CMMC Practices.  Validation means that we can make direct measurements and determine if a CMMC Practice (i.e. a given security control) is in place or not.  If it isn't a policy document or a physical protection item, chances are we can measure it.

Our services require no installs - we serve everything from the cloud. All we need is your consent to monitor and test, and to verify the IP and Domains of your IT and security infrastructure.  Then, you press one button from your web browser, and the service is running.

Where we won't fit well

It's important to understand what we can't do for you.  Other than allowing your team to record self-assessments, we don't offer any direct measurement of the Physical Protection (PE) Domain.  Furthermore, some of our measurements are still under development, but rest assured we will work closely with your team to rapidly release these features.

We are professional white-hat hackers and automation engineers, but we are not a professional services firm.  That means we don't bill you for hourly rates, but also means that we can't head up your gap analysis and satisfaction team.  Our sevices work best when they are in the background, always measuring information for your dedicated team to use.


For more information, visit www.breachbits.com/cmmc, cmmcab.org/marketplace/breachbits-inc-rpo/, and www.lantern.be.  Please contact us for more information about the exact CMMC Practices we can measure for your organization.