CISO, vCISO, Security Program, Risk Assessment, ISO27001

Seven Reasons to Implement ISO27001

One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and partners is to achieve a globally recognized certification. The ISO 27001 certification is also a foundational layer in building a

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Why API Pen Tests Should go First

In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for sharing data and providing multiple services within a single application. APIs link ecosystems of technology and are an engine of

Read More

CISO, vCISO, Security Program, Risk Assessment, ISO27001

Seven Steps to ISO 27001 Certification

One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and partners is to achieve a globally recognized certification. The ISO 27001 certification is also a

Read More

Penetration Testing, Security Program, Risk Assessment, Red Teaming

Combating Feedback Loops with Attack Surface Analysis

Everyone knows there are threats out there hell-bent on destroying our organizations. Innovative businesses everywhere are taking a risk-based approach to prevent mission compromise. This approach involves leveraging a risk assessment framework as

Read More

SOC2, CISO, vCISO, Security Program, Risk Assessment

Bridging the gap between CISOs

Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyberthreats, the role of Chief Information Security Officer (CISO) has become critical to

Read More

Penetration Testing, Security Program, Risk Assessment

Combating Ransomware Attacks Through Comprehensive Penetration Testing

Ransomware is still a major threat. In fact, the Tactics, Techniques and Procedures (TTP's) of  ransomware gangs have evolved so much that it has created new business models within the darknet where premium services such as Ransomware as a Service

Read More

CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

The One Reason to Pen Test Data Backup Systems - Ransomware Protection

At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and maintaining security. Vulnerable backup systems make for an attractive target by ransomware gangs, grief/

Read More

PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

Security Program, Risk Assessment

Diminishing Returns in Cybersecurity

If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the subject’s most famous and immediately recognizable principle. Here is the gist of it; there is a point at

Read More