Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo


Getting Ready for a Pen Test: Step 1

The mainstream media coverage of the recent Heartbleed Bug certainly caught the attention of people around the world. More consumers quickly discovered how easily their personal and confidential data could be stolen because of a long-overlooked security flaw. And businesses were scrambling to determine how this vulnerability could impact their corporate networks. This recent scare may [...] Read more

Read more

So Many Breaches…What’s Being Done?

It seems that every day we’re hearing news of a new vulnerability or breach that is compromising data. Will this ever end? Unfortunately, no – it’s the nature of security. Attackers will always try to acquire sensitive information, increasingly for financial gain. Many information security professionals are working behind the scenes to protect this data, but [...] Read more

Read more

Leveraging Policy and Procedure to Get the Most Out of Cyber Defense Technology

Why Policy and Procedure is Critical to Effective Technology Countermeasure Deployment Technology countermeasures have come a long way since the dawn of information technology security. Just over a decade ago, IT security technology could be loosely categorized into endpoint and network security. With these broad categories one would have covered the vast majority of technology countermeasures [...] Read more

Read more

Physical Security: Are You Doing Enough?

My team and I have completed physical security engagements for large, global clients in practically every vertical industry and in locations all around the world – Japan, China, the U.S. and Europe. With permission, we’ve successfully broken into office buildings, warehouses, things under maritime law (with wire fences, too). We’ve used social engineering to gain [...] Read more

Read more

Three "E"s of Modern Email Security for Phishing: #2 Employee Focus

The first "E" of modern email security for phishing is Enhanced technology that works to limit the delivery of phishing emails to users within your organization. The second component of the three-pronged approach to mitigate phishing attacks is Employee focus. It is important that your employees are educated, aware and engaged in preventing a phishing attack. Relying [...] Read more

Read more

Android Hacker’s Handbook Crowd Sourced Q & A Session

Recently I participated in a live crowd sourced question and answer session on a popular user-submitted content website. Along with my fellow authors of “Android Hacker’s Handbook”, we fielded questions from users about everything from our writing process to the most interesting mobile bug we’ve come across in our research. Because threats are constantly changing, [...] Read more

Read more

Planning for a DDoS Attack

Last week several prominent DDoS (distributed denial of service) attacks were in the news, specifically targeting the popular note-taking app Evernote and the RSS reader Feedly. These attacks, along with others over the years, should serve as a call to attention that if an organization provides services to internet users, they must be prepared for [...] Read more

Read more

Common Failures of Third-Party Risk Assessments

Third-party risk analysis – whether used to evaluate partners, service providers or suppliers – is a necessity in today’s business landscape. Assessing the services provided by external agencies is often as critical to an organization’s success as their own internal practices. However, many companies follow inconsistent approaches that don’t give an accurate picture of the [...] Read more

Read more
(139 Results)