So, you got a pentest. Now what?

How to progress toward a truly secure organization and infrastructure after penetration testing.

You did it – you paid for penetration testing services.

Whether it was to fulfill a potential client’s request, satisfy your interest or to be compliant with some framework, you tested the mettle of your environment against white-hat hackers and came out the other side, report in-hand and next steps […]

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today.

On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and […]

An Introduction to Active Defense

Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.

The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom.

Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:

ISO 27001 A9.4.2: Where required by the access […]

If It Can Talk to Networks, It Can Walk Across Them

Why the Internet of Things is a penetration tester’s most valuable asset.

As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a server […]

Why You Need Penetration Testing

Capital One’s recent data breach is only the latest in the perennial series of high-profile data breaches that have occurred in the last few years.  What do Equifax, Home Depot, Target, and others have in common?  Great security programs with high-quality and competent people running them.

These companies experienced data breaches despite putting forth their best efforts and spending millions of dollars […]