You are viewing 'security professionals'
#WarStoryWednesday: so many hosts, so little time
Every now and then, while performing a penetration assessment, we’ll get a large set of hosts considered in scope. This is often a nice change of pace from the compliance-based penetration assessment where the scope is smaller and more focused on the Cardholder Data Environment (CDE). With the larger scope, we can come a bit closer to simulating an actual attacker from the perspective of the internal network. I say closer because as security consultants we are still limited by time, often only having a week to perform an assessment. If the scope is big enough, we will typically send two or more consultants. This blog will detail just one of those assessments and will hopefully give insight into effective time management for large scopes that offer more than one method of compromise.Background
Let me set up the scenario a bit. My co-worker Adam Steffes and I were tasked with performing an assessment with... read more >
Learning from a Mentor
In information security, there are so many career niches, so many new information security topics and technologies and so many evolving cyberattacks and breaches. To keep up with the rapidly changing information security field, you can never stop learning. One fantastic method to become more educated is to find a mentor.How do you find a good mentor?
A good mentor is someone who has patience and is able to explain complex topics in a multitude of different ways to ensure everyone is able to understand. One of the best places to look for a mentor is at your current place of employment. Many people have senior individuals where they are employed that have been in the field for years and can explain highly complex topics. If there is a senior person where you work, try asking them if you can shadow them when they perform specific tasks that you want to learn more about. You can also ask if they can set aside time on a weekly or monthly... read more >
Becoming a Mentor
Over the last couple of weeks, I have become more involved with training and education as it relates to the information security realm. Finding myself thinking more and more about the need for advancing information security knowledge, I've realized how important becoming a cyber security mentor is to those in need.
Those of us who are more senior and have deep expertise and firm grasp on the concepts and practices relating to information security, have the ability to help others in our field. By becoming a mentor, you can share your security knowledge, help others learn and develop their own skills, create a larger population of skilled people, and ultimately help advance the overall knowledge level in the field.
Mentoring works because it lets one learn from the other person’s successes and – yes – failures. Being a mentor can take a formal route. You can, for example, be an instructor at a college, university, or technical school. You... read more >
I was especially excited to learn about how Solutionary is participating in the events marking the 5th Anniversary of Joining Forces. A nationwide initiative launched by First Lady Michelle Obama and Dr. Jill Biden, Joining Forces works with the public and private sectors to ensure that service members, veterans, and their families have the tools they need to succeed.
After nearly eight-and-a-half years on active duty, three combat deployments, an overseas tour, and countless training rotations, I know firsthand the challenges that come with transitioning from military life to the civilian sector.
As my military career drew to a close, I was excited about the endless possibilities and what I could achieve as a veteran in a predominantly civilian workforce. I knew the skills that I had learned in the Army –... read more >
There are many challenges to getting a cybersecurity program right. The right technology must be deployed, managed, and tuned just right. CISOs and security managers must be able to get the executive support and budget they need to execute their plans, and their plans have to be well crafted. Not to forget that nearly everyone in the organization has to be security conscious and savvy, as nearly any organization is one phishing attack click away from being compromised.
With that in mind, security managers (and their teams) don’t need to make enemies of themselves. But they often do, and they end up setting back their own efforts as a result. Here are seven very common ways IT security sabotages its own efforts.
The Roadblocker: This is the security manager who has turned the CISO office into the “Office of No.” No wireless. No cloud. No worker is to use the mobile devices of their choice. It’s the best known way to lose... read more >