PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating consequences.

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

PCI DSS, vCISO, Security Program

What does a PCI DSS Compliance Program Look Like?

You receive a letter from your bank: “Congratulations, you just passed 2.5M credit card impressions in the last 12 months.” (Break out the Champagne). “We noticed we don’t have a PCI DSS AOC for you, would you kindly upload it to our portal?”

Read More

CISO, vCISO, Security Program

Vendor Security Assessment Questionnaire Templates

Tired of filling out vendor security assessment questionnaires or shared assessment SIG templates? A vCISO service could be just the right thing for you. Is your sales team coming to you with deals that won’t close until you’ve filled out yet

Read More

SOC2, CISO, vCISO, Security Program

Using a vCISO Service to Achieve and Retain a SOC 2 Certification

CSO Online, which knows plenty about what goes into ensuring security, makes a strong case for hiring a virtual Chief Information Security Officer (vCISO). It notes that fulltime CISOs “can be hard to come by, often stay in their job for two years

Read More


Use a vCISO to Achieve and Maintain PCI DSS Compliance

PCI is a strong security Framework. If you are a business owner, you have probably heard about the PCI DSS (Payment Card Industry Data Security Standard). All organizations that store, process, or transmit payment card transactions must adhere to

Read More


SOC 2 and Other Security Compliance Merit Badges

Whether or not you are a tinfoil-hat wearing paranoid, you need a strong cybersecurity posture to support sales! These days most of your customers will ask you to demonstrate your security profile in one form or another. The fact is that most, if

Read More

CISO, vCISO, Security Program, Privacy

How to Achieve Cyber Security Peace of Mind for your Small Business

Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well as ensuring financial, employee, and other data integrity over the whole business, to manage risk. The

Read More

SOC2, CISO, vCISO, Security Program

(Video) 11 Steps to Achieve SOC 2 Compliance

Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  Overview Your customers have probably asked for your SOC 2 report, or it may be required to seal the deal on

Read More

PCI DSS, vCISO, Penetration Testing, Security Program

What is “Internal Penetration testing” for PCI DSS requirement 11.3

Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In fact, “internal” is used elsewhere in the standard (for example internal vulnerability scanning) where it

Read More