Recently, I sat down with my attack and penetration team (the guys that break into stuff), and I was reminiscing about the old days of penetration testing. It got me to start thinking that, as the industry evolves and shifts toward technology to provide for the commoditized tasks, the industry needs to shift away from the monotonous work of running tools to more strategic thinking. Continue reading
Why do organizations keep suffering from relentless massive data breaches? Weak security, executive management ambivalence, increasing hacker prowess? Maybe all of the above, but the more cogent reason we continue to read of data breaches is because it’s lucrative! Continue reading
Virtual currency is picking up steam, and with that security issues are growing as well. While many issues with traditional internet systems (banking, credit card and fund transfer systems, etc.) are averted by the way virtual currency is structured (which gives it a great advantage), security will always be a concern. Continue reading
For many organizations, it is a struggle to get from their CurrentState (CS) to their DesiredState (DS) of security. The struggle is in the planning and construction of the roadmap from CS to DS. In its simplest form, organizations do not fully account for the “Principle of Three Forces”.