The Role Of Security Assessments In Your Red Team Strategy

The “battle” for the security of your digital assets is an ongoing effort to stay ahead of cyber criminals, hackers and assorted bad actors. The concepts of “battle” or “military incursion” also give rise to adopting techniques across industry boundaries. Specifically, the concept of war-gaming the security infrastructure through Red Teams.

BLOG May 03

Payment Solutions Security Assessments Revisited

Retail commerce is the backbone of our economy so it should come as no surprise that cyberthreats are often directed to payment systems and payment solution providers. This brings us to a discussion on the PCI Standard which is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud so assessing compliance and potential vulnerabilities has become a defacto requirement.

BLOG Apr 26

Health Insurance Security Assessments Revisited

Courtesy of these exceptional times we live due to the global response to COVID-19, it should come as no surprise that healthcare companies are under more attack from cyber criminals for claims and insurance related infrastructure. It should also come as no surprise that “an ounce of prevention is worth a pound of cure” so taking the steps to ensure your security strategy is comprehensive enough to meet these extra burdens becomes paramount.

BLOG Apr 19

Compliance Isn't A Dirty Word

If you are old enough to remember George Carlin’s comedy sketch on the 7 words you can’t say on TV, then you are probably scratching your head at how far we have come on what is considered a dirty word and what is now commonly accepted. If you are a CISO then there are probably a few other words you would like to add to that list with “compliance” being at the top.

BLOG Apr 05

Cyber Security Risk Management - Exposing and Fixing Security Vulnerabilities

Can you believe we are already at the end of Q1 2021? Despite the pandemic and the crazy working requirements of the last 12+ months, it seems that time is still moving at a pace beyond imagination. This of course hasn’t stopped cyber criminals from finding new and creative ways to penetrate current security technologies and techniques. It should come as no surprise that your understanding of cyber security risk management and how to expose and fix security vulnerabilities will mean the difference between success and failure.

BLOG Mar 29

DevSec Training Challenges Your Organization Should Overcome

Peanut butter and jelly; cookies and milk; DevOps and Security Training… yes, these are actually all things that should go together. While most people understand the first two food references, only those of us in cybersecurity should understand the third. As more press daily herald yet another security breach, it stands to reason that our development practices while may be becoming more agile, they still leave open vulnerabilities exploited by attackers.

BLOG Mar 22

Securing The DevSecOps Pipeline

It doesn’t take a rocket scientist to figure out that implementing best practices for security throughout the entire lifecycle of a software development project will ensure that risk mitigation is at its highest once deployed; but what are the best tools , tips and techniques to ensure this success?

BLOG Mar 15

ROI: Tips For Justifying An Application Risk Assessment

Attempting to justify security expenditures is sometimes an easy internal proposition and can sometimes be a massive challenge as many organizations don’t truly understand the far-ranging impact of a single breach. Justifying return on investments, especially for application risk assessments, starts with an understanding of the domino effect a single breach can have across actual lost data, potential ransomware payments and even public brand confidence and/or stock value.

BLOG Mar 08

The Top Mobile App Security Issues in 2020 And How To Avoid Them In 2021

The latest mobile statistics shouldn’t be surprising but they are with over 130 billion app downloads in 2020 alone; the mind still reels at the magnitude. It seems that with the shelter in place requirements imposed by the pandemic in 2020, the population moved to mobile apps to fill in the time.

BLOG Feb 15

What Is A Security Assessment And How Does It Work

Most IT security professionals implicitly understand the concept of a security assessment, but some still misunderstand the nuances of effectively assessing and remediating issues across their entire on-premise and cloud-based infrastructure. Sometimes it helps to take a step back and review the basics in order to ensure nothing is left to chance. What you will need is the right tools to accomplish the task of seeing below the surface of the code, and no, you won’t need a high-powered microscope to complete your assessments.

BLOG Feb 01