Core Security Executive to Testify Before Senate Committee on Efforts to Secure Critical Infrastructure

Core Security Executive to Testify Before Senate Committee on Efforts to Secure Critical Infrastructure

Appearance on Capitol Hill Highlights Public Sector Interest in Security Testing to Meet Recent Recommendations

BOSTON - March 23, 2011 - Core Security Technologies, the market’s leading provider of IT security test and measurement software solutions, today announced that the United States Senate Committee on Commerce, Science and Transportation has invited testimony from Tom Kellermann, Core Security’s vice president of security awareness and government affairs. Kellermann will testify during a hearing titled “Economic Ramifications of Cyber Threats and Vulnerabilities to the Private Sector,” which is scheduled for 2:30 p.m., Tuesday, March 29 in room 253 of the Russell Senate Office Building.

Kellermann, a leading expert on securing critical infrastructure, will be specifically discussing how industrial espionage can damage U.S. economic security and how U.S. corporations must modernize their methodologies to better manage operational risk. Kellermann’s testimony comes at a time of increased public sector interest in IT security test and measurement to meet specific government recommendations.

“The letter from Chairman John Rockefeller inviting the testimony specifically asks me to outline how organizations can better measure risk,” said Kellermann. “I hope that in some small part my testimony can help organizations understand the constantly evolving threat landscape and can eventually lead to solutions that make infrastructure and critical information more secure.”

Kellermann will also be discussing the need to more clearly define NIST’s recently published “Continuous Monitoring” guidance. Most organizations tend to associate monitoring with periodic security assessments, system reauthorizations, data analysis and associated reporting. In addition to these passive security practices, NIST states that a well-designed continuous monitoring strategy must also include proactive testing to effectively mitigate risk. Kellermann will detail some recommendations to more effectively meet this guidance.

Earlier this year, the CSIS (Center for Strategic and International Studies) Commission on Cybersecurity for the 44th Presidency issued guidance that contained several recommendations best achieved through security test and measurement. The commission’s guidance mentioned security test and measurement as part of the evaluation of third-party software providers and as part of metrics to better evaluate whether critical assets are exposed. Kellermann has been a member of the CSIS commission since its inception in 2008 as a cybersecurity advisory to the President.

About Core Security Technologies

There is no shortage of IT security data available in today’s highly secured organizations, but there is a distinct lack of real-world security intelligence. Core Security helps organizations bridge the gap between processing volumes of data and gaining actionable intelligence about proven security exposures. Our security test and measurement solutions empower customers with real-world security intelligence, security controls validation, and metrics that allow them to more effectively secure their organizations and manage IT risks.

Core Security’s software solutions are used by more than a thousand commercial and government organizations worldwide. Our products range from desktop software tools for security experts to enterprise-wide automated testing and measurement platforms. All of our products and services are backed by over 15 years of leading-edge research and expertise from the company’s Security Consulting Services, CoreLabs Research and Core Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or online at


Dave Bowker or Lesley Sullivan

Schwartz Communications

781 684-0770

Wed, March 23