PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Why API Pen Tests Should go First

In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for sharing data and providing multiple services within a single application. APIs link ecosystems of technology and are an engine of business growth. APIs rule the

Read More

Penetration Testing, Security Program

What is a Red Team Test?

Red Teams are often confused with penetration testers due to their overlap in practices and skills, but we believe they are not the same. Penetration testers deal with the pursuit of one or several objectives. However, Red Teams have a specific

Read More

CISO, vCISO, Security Program, Risk Assessment, ISO27001

Seven Steps to ISO 27001 Certification

One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and partners is to achieve a globally recognized certification. The ISO 27001 certification is also a

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

The Seven Essential Qualities of a vCISO

Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy programs. Fortunately, you can partially or fully outsource to trusted partners the jobs of CISO and IT security

Read More

Penetration Testing, Security Program

Pen Testing - Why Purple Teams Should Never Exist

Purple teams are a controversial topic among cybersecurity professionals. There seems to be industry confusion regarding the definitions of Blue, Red and Purple teams. While descriptions of Blue Teams are relatively consistent, there are variations

Read More

Penetration Testing, Security Program

Five Reasons Internal Pen Testing is Necessary

Sometimes the best defense is a good offense.  In cybersecurity, you need to think like real-world attackers.  Security practitioners do this via penetration (pen) testing to find vulnerabilities that attackers could potentially exploit. 

Read More

Penetration Testing, Security Program

Using Open Source Intelligence (OSINT) for Attack Surface Analysis

As the world grows more interconnected through social media and digital communications, relevant information available to attackers grows exponentially. Open-source intelligence (OSINT) is the practice of collecting data from published or otherwise

Read More

Penetration Testing, Security Program

Five Steps to Pentesting Wireless

Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow IT, rogue access pointsare a significant security threat to the entire network. Legitimate access points

Read More

Security Program

Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

Truvantis Forms Strategic Partnership to Address Expanding Cybersecurity Risks Guidepost Solutions LLC, a global leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting, announced

Read More

CISO, vCISO, Security Program

Recovering from a Data Breach, a Twelve Step Program

According to the IBM Cost of a Data Breach Report 2021:  Average data breach costs rose 10% between 2020 and 2021, from $3.86 million to $4.24 million.  Lost business represented the largest share of breach costs, at an average total cost of

Read More