top of page

Our Company

A more secure future is coming.

Who We Are

BitSpartan is a cybersecurity service company located in the heart of Worcester, Massachusetts. We are a diverse group of passionate technology and business professionals who are governance, risk, compliance, and cybersecurity experts. You'll notice we make frequent references to Worcester; this is because we are proud of our city, just as we are of our team, our company, and the services we offer. We are located on the fourth floor of the historic Printer Building alongside numerous other companies that share our mission of improving people's lives through technology products and services.

What We Do

We are a consulting company that offers cybersecurity risk management, compliance, and governance services to small, medium, and large organizations. Our goal is to help your organization securely navigate and operate in the digital age through professional consulting and strategic partnership. That way, you can leverage our expertise to reduce risk, meet compliance and demonstrate your cybersecurity commitment to your stakeholders. At BitSpartan, we understand your challenges, we understand what is at stake, and we make your problems ours. Our passion, our commitment, comes to life with the results we produce. And producing results is what we do.


The BitSpartan Way

Everyone has their own way. Let us share ours.



Everything we do must align with the business objective of your organization. We care about your goals, and we want you to achieve them.



You hired us because you're facing an issue. We understand your problem, and our main objective is to help solve it.



Everything we do must add value to your organization. Investors spend money to make money. Our clients spend money to save money.



We love what we do. We can do it for the rest of our lives, and we want to share that passion with you.



We love teaching. Our work doesn't leave when we leave. We leave behind expert knowledge that your organization can continue to use and share.



Care comes before anything else. When we care, we are emotionally reminded that our results matter to those we do business with.

Our Mission

To leverage our knowledge and expertise to help organizations navigate the ever-changing cybersecurity landscape, to increase business value at the human level, to make cybersecurity services affordable to organizations of all sizes, and to contribute to the improvement of people's lives and society as we transition to an all-digital era. This is our core mission.


Why Us

We are experts. We are experienced. We pay close attention to details. We love what we do. We know what exceptional results look like. We know what the customer expects. We are always fair, honest, and have competitive pricing. We will not move forward with an engagement where we cannot commit to quality. We treat our customers very well, and we treat our team members even better. Without our team members, there is no BitSpartan. 


There are no fancy words or fancy ways of doing things with us. We don't play politics within our company and definitely not with our customers. We are a company founded on the principles of trust, action, and results. We love to keep things simple. You tell us where you want to be, and we will chauffeur you there. We'll work hard to earn your business, and your success matters to us. A lot.

-Sonny Phengsomphone, Managing Director


Our Services

Feel free to explore and learn about all the services we offer. Our goal is to be a one-stop shop for all your cybersecurity needs. We are here to serve as your consultant, advisor, expert and partner. Let us know how we can help.


Certified Professionals

All leads on the field are certified by globally recognized accreditation bodies. We are proud to display our qualifications and commitment to excellence.


Issued by ISC2

The vendor-neutral CISSP credential confirms technical knowledge and experience to design, engineer, implement, and manage the overall security posture of an organization. Required by the world’s most security-conscious organizations, CISSP is the gold-standard information security certification that assures information security leaders possess the breadth and depth of knowledge to establish holistic security programs that protect against threats in an increasingly complex cyber world.


Issued by ISACA

The Certified Information Systems Auditor (CISA) certification is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems.


Issued by EC-Council

The Certified Penetration Tester (C|PENT) credential demonstrates a mastery of deploying advanced pen-testing techniques and tools including multi-level pivoting, OS vulnerabilities exploits, SSH tunnelling, host-based application exploits, privilege escalation, and web server and web application exploitation such as arbitrary local and remote file upload, SQL injection, and parameter manipulation, etc. – all in a real-life scenario on hardened machines, networks, and applications. It provides you recognition as an elite penetration testing professional.


Issued by Offensive Security

An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. OSCP holders have also shown they can think outside the box while managing both time and resources.

CEH_2E345519D3F7 (2).png

Issued by EC-Council

A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The Certified Ethical Hacker credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.


Issued by GIAC

GPEN holders have demonstrated their ability to execute penetration-testing methodologies and properly conduct a penetration test, as well as best practice technical and non-technical techniques specific to conduct a penetration test. Professionals holding the GPEN are qualified for job duties involving assessing target networks and systems to find security vulnerabilities.


Ready to talk about your next project?

bottom of page