Sawyers & Jacobs LLC
February 3, 2014 


IT Audits and Network Vulnerability Assessments

Including penetration testing, social engineering, and vulnerability scanning 


Needle of a compass pointing the word confidence 3D render concept image for self-confidence MEMPHIS, Tennessee (February 3, 2014) - Sawyers & Jacobs LLC announced updates for 2014 to the firm's popular IT Audit and Network Vulnerability Assessment services.  These updates address the latest security threats, new applications, and regulatory issues applicable to community banks while including cybersecurity concerns with penetration testing, social engineering, and vulnerability scanning.


Unique Approach

According to Jimmy Sawyers, Co-Founder of Sawyers & Jacobs LLC, "We take a helpful approach designed to identify potential weaknesses in the bank's systems and provide guidance on how to fix the problems.  Better we find the holes and plug them before the bad guys exploit them and gain unauthorized entry."


"The devil is in the details," says Joshua Jacobs, Co-Founder of Sawyers & Jacobs LLC.  "We see firms selling a simple automated external vulnerability scan and deceptively calling it a 'penetration test' which it is not.  We also see firms selling penetration testing services where the goal is strictly to break in and then abruptly end the engagement with a 'Gotcha!' mentality.  This is akin to breaking a window with a rock while failing to determine if the front door, the back door, or any other windows are locked and secure.  We use the same tools and techniques that real-world hackers use and we speak the language of bankers to marry the highly technical with the business of banking."


The Sawyers & Jacobs LLC offering is unique in that the bank receives the traditional IT Audit and the Network Vulnerability Assessment, which includes External Penetration Testing, Social Engineering, Internal Penetration Testing, and an overall Network Security Review, in a combined engagement.  Bank management receives a comprehensive report written in plain English.  "We believe we offer the most complete package of these services in the industry," added Sawyers.


Covering All the Bases

A bank should address the typical controls of the IT environment such as dormant account transaction processing, business continuity, and online banking in the IT Audit, then the more technical areas such as patch management, intrusion prevention, and incident response should be addressed in the Network Vulnerability Assessment.  One without the other is a half-baked review that leaves the bank exposed.


Sawyers adds, "We also serve as an early warning system for our clients by educating them on industry trends, new regulations, and vendor management issues.  Because we are so active in the industry, we have our ear to the ground and can let our clients know what is coming over the horizon."


Sawyers & Jacobs LLC has helped banks identify vendor-introduced vulnerabilities, unpatched systems, and other security holes that could have exposed the banks to major security breaches and liability.  Averting those disasters saved these banks significant dollars, avoided embarrassment, and preserved customer trust.


The Most Common Exploits

Most bank hacks don't occur through brute force attacks on banks' systems.  Instead, the hackers normally get in by tricking a bank employee to click on a link to an infected web page or by opening an infected email attachment.  This is why social engineering tests, especially in the form of simulated spear phishing attacks are so important.  According to Jacobs, "Bankers tell us they like our professional approach to social engineering.  We don't try to embarrass bank employees or crash systems, and we certainly don't dress up like pizza delivery guys to gain entrance into the bank.  Such amateurish gimmicks only serve to disrupt daily operations and in some cases, put bank employees in real danger.  Sawyers & Jacobs LLC has perfected a sophisticated approach to social engineering and simulated spear phishing attacks that identifies problems, gathers relevant statistics, and provides bank management with a cautionary yet real-world example of the importance of security awareness."


Independence Issues

A bank's auditors and consultants should be independent and free from conflicts of interest.  In some cases, prohibited non-audit services include financial information system design and implementation.  For example, a provider of core processing services, which would include the bank's "financial information system," should not provide IT audit services or network vulnerability assessment services to that bank.  This provider would be auditing its own systems which could include the core (DDA, Savings, Loans, General Ledger) plus imaging systems, online banking, and other systems the provider designed, sold the bank, and continues to maintain.  Clearly, this situation would be a conflict and would impair independence.


Sawyers & Jacobs LLC provides an Independence Statement upon request to clearly outline our role and to establish our independence on each engagement.


Please see our article, A Dozen Dirty Secrets of IT Audit Firms, for more examples and additional information.


Request a Proposal

To request a formal proposal from the Sawyers & Jacobs team, simply click here and we will be glad to discuss your bank's requirements and how we can help you.


We believe you will find our approach to IT Audit and Network Vulnerability Assessment services extremely unique and very effective.  Designed specifically for community banks and frequently updated to cover the latest issues affecting bankers today, our services help bankers prepare for 2014 and beyond.  Schedule your 2014 engagement today.


About Us

Sawyers & Jacobs LLC helps banks in four major areas: Technology Planning, Risk Management, Network Solutions, and Business Continuity. Our mission is to help our clients use technology securely, effectively, and profitably to better serve their customers, comply with laws and regulations, contain costs, and compete. We make banks better.  To learn more, visit , call 901.487.2575, or email



Matthew Evans                                                                                                                                                                                       

Sawyers & Jacobs LLC                                                                                                        

1085 Halle Park Circle,

Collierville, Tennessee 38017                                                                                          

Phone:  (901) 488-3381                                                                                                    

Fax:  (866) 488-4933                                                                                                  

A Dozen Reasons Why Sawyers & Jacobs LLC is the Best Choice for Your Bank
  1. We wrote the book, IT Auditing for Financial Institutions.Recommended stamp - isolated on white background
  2. Our team is 100% focused on community banks so we know the regulatory environment, the providers, the terminology, and the industry trends.
  3. We serve on the faculty of some of the most prestigious banking schools in the nation.
  4. We are guest speakers at state banking association conferences and national events.
  5. Many of our team members are former bankers and we all understand the unique environment of community banks.
  6. We do not sell software or hardware and we do not provide managed services or managed security services, thus we do not audit our own systems.
  7. We have Certified Information Systems Auditors (CISAs) and Certified Information Systems Security Professionals (CISSPs) on our team.
  8. Our Client Bill of Rights outlines our high standards of professionalism and quality.
  9. We identify risks but we don't tell you how to run your bank.  It's your ship.
  10. All of our team members undergo criminal background checks and drug screenings, prior to being hired and on a surprise basis each year thereafter.
  11. We approach our engagements with the intent to help, not scold.  We truly want to leave the bank a better place.
  12. Our satisfied clients are the best measure of our firm.  We encourage prospective banks to contact our clients to check us out and hear about our recent work and how our team performed.
Quick Links to Sawyers & Jacobs Information 





Recent and Upcoming Speaking & Teaching Engagements


November 19-20, 2013

Indiana Bankers Association

2013 Annual Security & Risk Management

Indianapolis Marriott East

Indianapolis, Indiana



January 14-17, 2014

RPA Forum

McLean, Virginia



February 4-5, 2014

Nebraska Bankers Association

Bank Technology Conference

Cornhusker Marriott Hotel

Lincoln, Nebraska



April 6-12, 2014

Mississippi School of Banking

2014 Session

University of Mississippi

Oxford, Mississippi



April 15-17, 2014

Southern Financial Exchange

2014 Annual Conference & Expo

Beau Rivage Resort

Biloxi, Mississippi



May 18-23, 2014

Barret Graduate School of Banking

42nd Annual Graduate School Session

Christian Brothers University

Memphis, Tennessee



May 26-June 6, 2014

SW Graduate School of Banking

Southern Methodist University

Dallas, Texas



July 20-25, 2014

The Southeastern School of Banking I & II

Belmont University

Nashville, Tennessee



August 3-8, 2014

Virginia Bankers School of Bank Management

University of Virginia

Charlottesville, Virginia



August 17-29, 2014

Pacific Coast Banking School

2014 Resident Session

University of Washington

Seattle, Washington