Group Photo

Osmosis Security is a boutique information security and compliance firm dedicated to providing clients with expertise, integrity, and respect. We specialize in compliance and security advisory for merchants, service providers and industry-disrupting products.

  • Compliance and security advisory for service providers and products
  • Risk assessment, reverse engineering and penetration testing services
  • Compliance gap assessments & technical advisory: PCI DSS 3.2, SOC 2 SSAE 18, ISO27001/2, FedRAMP, GDPR
  • Biomedical devices reverse engineering, penetration testing and security advisory
  • Startup security maturity roadmap and advisory services
  • Custom policy writing



We specialize in providing creative solutions to your security and compliance concerns. We provide myriad penetration testing, gap analysis, reverse engineering and risk assessment services for startups to Fortune 500 companies. Osmosis Security is uniquely positioned with specialized expertise to work within on-prem, data center and cloud architecture (AWS, GCP & Azure). We advocate for you with your auditors, explaining how your cloud architecture and security controls meet compliance standards, using language and concepts learned from years as active auditors ourselves.

We serve the tech community in San Francisco, CA. Our clients are experts themselves, so when they need help, they engage with proven experts. The startups of today are the Fortune 500/100 companies of tomorrow, and Osmosis Security is the security consultancy that guides 40+ major Bay Area companies.


Password Post-its

Osmosis Security is committed to being honest to a fault and accountable for all projects we’ve committed to. We actively seek out clients who are committed to improving their security posture and not just checking the boxes to get their compliance paperwork in order.

The Osmosis team is comprised of individuals who have demonstrated immense amounts of integrity, both in their personal and professional lives. We hold each other accountable to one another and are responsible for ensuring project and individual success via honest business practices.



Osmosis Security respects our clients’ business and security goals. We work collaboratively with all teams within your organization, supporting and guiding your security and compliance efforts.

Osmosis Security respects the innovations of other information security firms and creative discoveries of independent hackers alike. We contribute to the community, giving notoriety and credit where deserved, and work collaboratively with entities and individuals who would traditionally be seen as competitors.

Finally, Osmosis Security recognizes and respects the social positions, opinions, and choices of all individuals on planet Earth – we’re all in this together. We provide our team opportunities for personal and professional advancement as well as volunteer work within the digital and physical communities that we all exist in.


Golden Gate Bridge

Osmosis Security, LLC is located in the San Francisco Bay Area – the heart of innovation, technical expertise, and creativity.


Kat Valentine: Principal Compliance & Security Consultant

Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on.

Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, and is experienced with implementing, testing, and supporting diverse client LAN/WAN environments; deploying a wide array of Cisco hardware and security technologies’ and performing PCI-DSS assessments as a certified Approved Scanning Vendor/Qualified Security Assessor, security researcher, and forensic analyst. She applies that knowledge as a member of Osmosis Security’s Compliance & Security team where she performs risk assessments, gap assessments with compliance frameworks like GDPR, SOC 2, HIPAA and PCI, penetration testing, and evaluates infrastructure, applications, and network assets for adherence to security best practices and compliance requirements.

In her spare time, Kat has designed the first hack/phreak shoeline, the PhreakerSneaker.

Randy Will: Principal Consultant & Reverse Engineer

Randy Randy got started in information security in the late 90’s when a friend introduced him to “this Linux thing” he had recently discovered. Like Kat, Randy started his career at a local dial-up ISP. He studied Biomedical Engineering at Marquette and spent a couple years as the primary technologist for a rehabilitation research center. In more recent times, Randy spent a few years as a QSA/PA-QSA focused on emerging payment applications before joining Amazon Web Services to help improve enterprise and startup engagement and satisfaction.

Nowadays, Randy has recently exited an information security startup after a $300M sale and spends most of his time taking things apart, measuring and documenting components and products, designing cost effective DIY IoT systems, maintaining some Linux device drivers and other FOSS projects, and diving into newly enforced compliance standards like GDPR.