Why the Internet of Things is a penetration tester’s most valuable asset. As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a[…]
Capital One’s recent data breach is only the latest in the perennial series of high-profile data breaches that have occurred in the last few years. What do Equifax, Home Depot, Target, and others have in common? Great security programs with high-quality and competent people running them. These companies experienced data breaches despite putting forth their[…]
From a penetration tester’s perspective, there are a few things that quickly indicate an organization’s maturity (and the likelihood our team will be able to exploit their environment). If any of these exist, the chance we will be able to successfully breach their environment increases: Indicators a Hacker Can Breach Your Systems Aging Infrastructure One[…]
Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report. Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.