FEATURED BLOG
Cybersecurity Framework Assessments: Prioritizing Your Remediation
Cybersecurity framework assessments often reveal numerous gaps, leading to a need for prioritization. This blog explores how to rank and address these issues based on risk analysis, business objectives, and available resources.
Physical Security in Q4
Why adding a physical component to your next penetration test is the smart move everyone is making right now.
Building Breach Resiliency Through Collaboration
Breach resiliency is centered around building processes to aggregate and action information quickly based on what systems, technologies, etc. you have in your environment. To be effectively resilient to a breach, you must collaboratively build a thorough understanding of your environment, your workflows, your processes, and, last but certainly not least, your specific threats.
PCI DSS - What it is and what it isn't
PCI is not easy. PCI is not a guarantee that you won’t be breached. And lastly, PCI is not optional if you store, process, or transmit payment card data.
Stay Steps Ahead With Assumed Breach Testing
The word 'assume' tends to have a bad reputation. After all, we’re taught from a young age what happens when you 'assume'; however, when it comes to security testing, the ‘Assumed Breach’ approach can be a great way to help your organization gain insight that further improves your defenses.
To SAST, or to DAST, That is the Question
New vulnerabilities are discovered, exploited, and then featured in the news on a daily-basis. Now, more than ever, securing our web applications, and the ways we develop them, is paramount.
Deconstructing The Pen Test
Penetration tests are an invaluable tool for organizations. However, they’re often confused, misused, and mean different things to different people.
Does Your Office Miss You?
Who's watching your office while everyone is working from home?
The Great Security Race
When it comes time to present assessment results, I’m often asked to benchmark the company being assessed against similar organizations. As someone who has built a career around assessing information security programs, I always find myself asking the same question: what’s the purpose of such a request?