Insufficient vetting of vendors, funding for security, compromised passwords, malware, length of discovery, breach determination, third parties, encryption, security tools, security awareness, email messages, unauthorized use, security awareness training, penetration testing, hacking, breaching, 2015, ethical hacking, pen-testing, IT security.

2015: Five Simple Steps to Protect Corporate Data

Mr. Bejtlich and some other Washington types are pushing for more hacker prosecutions and more transparency about how the government will respond to attacks like the major breach at Sony.“Make their lives more difficult,” he says.

“That doesn’t mean we need to roll over and say, ‘Bad things are going to happen,’ ” he says. “We need to decrease the number of bad things happening.”

Why is IT security diligence needed on April Fools day? Mostly because of pranks but the excitement of the day may generate increased activity relative to unethical hacking.

IT Security Professionals Beware: April Fool’s Day 2015!

Many people trace the origins of April Fools’ Day back to 1582 when Pope Gregory XIII adopted the Gregorian Calendar, effectively moving New Year’s Day from the end of March to 1 January. Though the change was widely publicized, some people didn’t get the memo, while others simply didn’t want to transition to the new…

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.

IT Security Professionals: Beware the Heartbleed Security Vulnerability!

First of all, kudos to Neel Mehta of Google Security for discovering this bug and to Adam Langley <> and Bodo Moeller <> for preparing the fix. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used…

2015 – Ten Signs of a Great Penetration Tester

I have had the privilege of working with some great IT auditors, penetration testers (pen-testers), ethical hackers and social engineering experts. I have worked for them, worked with them and many have worked for me. Here are ten personality factors, skill assets, behavioral nuances and simple things to look for in beefing up your security…

Hackers accelerate their efforts and morph their techniques - what we can do. A short list of things to consider.

IT security, aka, protecting your company from hackers, has morphed rapidly.

As the world has changed and new technology has emerged there are newer concepts and terms that business owners and managers need to intimately understand. IT security threats have never been more prolific and advanced. While the days of hard drives and desktop computers is hardly over there has been quite the paradigm shift in…