Blog

Business men shaking hands
Blog

Who to Have a Part of Your Red Team

Thu, 05/21/2020
Red Team Basics The SANS definition of a Red Team is, “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.” A Red Team should be formed with the intention of identifying and assessing vulnerabilities, testing assumptions, viewing alternate options for attack and revealing the limitations and risks...
Penetration Testing
Red Team
IT Security
Blog

Securing Your Organization From the Inside Out

Wed, 05/20/2020
One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it. Take Inventory of Your Data Before starting anything, are you aware of the data you’re collecting – or storing? Depending...
Cloud Security
Blog

What does “Compliance” mean to a Healthcare CISO?

Fri, 05/08/2020
The role of the healthcare CISO has expanded exponentially since the HITECH Act of 2009. CISOs were traditionally charged with the responsibility to maintain the IT environment consisting of applications and infrastructure. Today they are taking on an expanded organizational role consisting of innovation, operational responsibility and compliance. Although, the governance for compliancy...
Compliance
Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain
Blog

Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain

Tue, 04/21/2020
There is no single set of instructions on how to run a penetration test, and no one manual on how to be a pen tester. The only real constant is that each job is a combination of preparation and improvisation to adapt and adjust to each environment’s quirks. So one of the best ways to learn and improve your own penetration testing techniques and strategies is from your peers, whether it be through...
Penetration Testing
Blog

How to Revamp Your Organization's Cybersecurity Program

Mon, 04/06/2020
When cyberattacks and data breaches make the news, it’s usually because they’re at large companies like Facebook or healthcare organizations. But every organization, large or small, needs to be concerned about cybersecurity; hackers have begun to understand that, while smaller companies may have less data on hand, they may have access to covetable third parties. And, they’re less likely to have...
Phishing
Compliance
Blog

Top 3 IT Strategies for Optimizing Productivity

Tue, 03/24/2020
Little fires everywhere – not just a best-selling novel and new streaming show starring Reese Witherspoon: it’s what most respondents said was the biggest impediment to productivity in their workday. Distractions in the form of meetings, urgent emails, and (worst case) system outages force even the most organized sysadmin to push tasks back and cause pileups in the future. Whether or not you’re...
Blog

What is the California Consumer Privacy Act?

Thu, 01/23/2020
The California Consumer Privacy Act (CCPA), the latest data privacy law in the Golden State, went into effect on January 1st, 2020. Some have compared it to the UK’s GDPR (General Data Protection Regulation), and they’re not far off – like the GDPR, the CCPA is intended to protect individuals’ private data by making data collection and usage more transparent between consumers and companies. What...
Blog

How to Choose: Penetration Tester vs. Red Team

Tue, 08/22/2017
Don’t be misled into thinking that because you have a Penetration Tester that you have a Red Team – or that because you have a Red Team you have a Penetration Tester. While some functions may overlap, you are getting two different things when enlisting the help of each.
Penetration Testing
Red Team
The Threat and Vulnerability Management Maturity Model
Blog

The Threat and Vulnerability Management Maturity Model

Thu, 02/21/2013
There are differences between each of the high-profile hacks you’ve seen in recent headlines, but there are also a few consistent characteristics of the modern breach. Inevitably, we discover known software vulnerabilities were left unpatched, networks were exposed and critical assets were open to attack.
Threat Detection
IT Security
Blog

The Exponential Nature of Password Cracking Costs

Mon, 02/11/2013
Flavio De Cristofaro used to run our Security Consulting Services (SCS) group and long time password cracking enthusiast was recently asked to present at AppSecLatam2012 on Lessons learned from Recent Password Leaks. The following is his analysis on the exponential nature of password cracking costs. The exponential nature of password cracking costs Let’s assume for a moment that you suffered a...
IGA