About NormShield

Normshield Overview

We provide Cyber Risk Scorecard for companies with many categories. Cyber security is on every Board’s agenda, and the average total cost of a data breach has risen to $4 million (Ponemon/IBM). NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber-attacks. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized. Unified Threat & Vulnerability Orchestration Platform and Cyber Risk Scorecard.

There are five main reasons to find your organization’s risk scores.

  • Provide Intelligence for Decision-Making
  • Help Determine ROI
  • Justify Cyber Budgets
  • Manage Vendor Risk
  • Evaluate Cyber Insurance Subscribers
NormShield About Capaabilities

The Team

Mohamoud Jibrell

Mohamoud Jibrell

CEO & Co-Founder

Mohamoud Jibrell, CEO, is a former CIO and CTO at the Howard Hughes Medical Institute and the Ford Foundation. He is a versatile and innovative technology executive with a track record of delivering innovative and cost-effective solutions in nonprofit, scientific/medical research, charitable foundation management, manufacturing, engineering and international businesses. Mohamoud recognized for formulating and implementing strategic technology solutions that achieve business objectives. He is known for fostering climate of "get it done" characterized by professionalism, innovation and responsiveness while nurturing employee enthusiasm and teamwork. Track record of delivering large scale, mission-critical infrastructure and application development projects on time and under budget and consultative management style combined with talent for effectively communicating technical issues to non-technical business leaders are other known characteristics of the CEO.

Candan Bölükbaş

Candan Bolukbas

CTO & Co-Founder

Candan Bolukbas is digital polymath and certified ethical hacker. Candan fully appreciates the growing threat to digital communications and data accumulation which affects all of us. He is co-founder and chief technology officer for NormShield, Inc., a McLean-based “security-as-a-service solutions” company. Candan is responsible for the technical direction and innovation of NormShield products. Besides being a certified ethical hacker, he is a certified secure programmer, certified incident handler and a certified computer hacking forensic investigator. Candan has a BS degree in Computer Engineering and he has been developing security products, performing penetration testing & forensic analysis, and providing cyber security training. Certifications: CCNA, CCNP, CHFI, ECSP, MCSA, ECIH, CEH, LPT. Candan worked for both public and private sectors for many years and strong supporter of human rights, freedom and privacy.

Doug Tracy

Doug Tracy


Technology Senior Executive with a strong track record of driving innovation and results as a "C level" senior executive, Board member or consultant in a variety of global industries. Served as COO, CIO, CTO and interim CFO for technology companies. Highly experienced at defining new Digital strategies to leverage latest advancements in Information Technology to drive new business models, improve operational efficiency and reduce cost. Expert team builder and leader of multi-national and multi-cultural teams that perform and deliver. Experience in IT software & services, manufacturing, aerospace/defense, financial services, biotech / pharmaceutical / medical devices / healthcare, retail and transportation industries. Detailed knowledge of information technology including: innovation strategies, business process change, business growth strategies, digital business models, software development, outsourcing/offshoring, ERP implementation, etc. Former USAF F-15E instructor pilot.


Powered by MACH37

NormShield is one of the MACH37 cohort companies. MACH37™ is America's premier market-centric cybersecurity accelerator.

The Accelerator is designed to facilitate the creation of the next generation of cybersecurity product companies. MACH37's unique program design places heavy emphasis on the validation of product ideas and the development of relationships that produce an initial customer base and investment capital. MACH37 is located at the Center for Innovative Technology. The Accelerator is operated by the MACH37 partners.

MACH37 refers to “escape velocity,” the minimum velocity needed to escape earth’s gravitational field. They felt that this was an apt term for our accelerator, because newly launched technology companies must push past forces that inherently prevent their growth.

Schedule time with one of our Information Security Specialist to chat about
your specific needs and see NormShield in action!
Fill out the form and we will get in touch with you soon.

The Benefits

  • Clear and actionable executive view of data in easy-to-consume letter-grade color-coded scorecard
  • Saves time by taking the load from the shoulders of information security / quality assurance teams
  • Increases intelligent security work power by only outputting virtually false-positive free security automatically prioritized findings
  • Consolidates and aggregates vulnerabilities from manual analysis and different scanning engines
  • Presents detailed reports for mitigation and high level graphics for managerial parties
  • Continually optimizing data sources being used to assess and present cybersecurity posture
  • Makes scanning comprehensive by using both manual analysis and more than one automatic vulnerability scanners
  • Relieves your CAPEX and OPEX budget by reducing server, software license and labor costs!
  • Enables you to react quickly before vulnerabilities turn into successful hacks.
  • Broad view of cybersecurity environment with the cyber ecosystem risk manager

The Highlights

  • Your assets are defined through simple and easy to understand interfaces and prioritized by you.
  • Your assets are scanned with more than one security scanners and findings are managed from a centralized dashboard.
  • Dashboard includes quality and meaningful graphs about including but not limited to SLA and KPI.
  • The scans are scheduled in a flexible manner and managed according to your company's needs.
  • Data at rest is secured through asymmetric encryption at the database level.
  • Your assets are scanned against vulnerability categories including but not limited to OWASP Top 10.
  • The false-positive elimination is processed by security experts leaving you with false-positive free vulnerabilities.
  • Vulnerability categorization and normalization processes are handled with ease in order to provide uniformity through out the system.
  • Critical vulnerabilities are fed into SIEM solutions in your SOC scope
  • DNS, SSL, domain and service information belonging to your assets are constantly monitored and any changes are notified through alarms.