Webinar: Using MITRE ATT&CK(TM) for Coverage and Effectiveness Assessments

January 30, 2019 | By:

JOIN TRUSTEDSEC ON February 13th, 2019, AT 1:00 PM EST What is the MITRE ATT&CK(TM) Framework? The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” It is fast…


Few cons to bringing in the pros: Why should you have a third-party risk and security assessment?

January 10, 2019 | By:

At TrustedSec, we get about 400-500 inquiries for security assessments every year.  Some of the questions we still hear quite often are: Why does our company need to do a risk and security assessment? Why can’t we just do it ourselves? We already know we’re terrible—why do we need you to tell us that? There…


Highlights from the NIST Cybersecurity Risk Management Conference

November 20, 2018 | By:

NIST hosted a CyberSecurity Risk Management Conference from November 8th through the 10th.  The event was expanded and improved from previous NIST workshops, which were more government focused. Thus for this conference, they wanted the same spirit of gaining stakeholder input on the frameworks and general cybersecurity areas, but with a much greater attendance and…


Webinar: vCISO vs CISO – Which is the right path for you?

September 28, 2018 | By:

Please note: this webinar was completed on on Wednesday, October 17th, 2018 AT 1:00 PM EDT Organizations are facing a dangerous combination of mounting cybersecurity threats and a widening gap in the skills required to identify and combat them. There is continuing pressure to keep our information secure and breach-free, and to create leadership roles…


Top 8 To-Dos for IoT Security

August 01, 2018 | By:

Let’s say you run an operational environment and you’ve spent years figuring out how to keep your production processes and core, life-enabling systems running at high efficiency and efficacy. But now, your IT group wants to connect your production and control systems to outside networks as part of new “IoT” (Internet of Things) initiatives. You…


How IoT and Digitization Are Driving Renewed Demand for Segmentation

July 11, 2018 | By:

Background The idea of Segmentation is pretty simple: put your crown jewels (i.e. your highest risk assets) in a small container, then heavily secure and monitor that. It is simply too difficult to secure everything equally. Why Now? With “digital” drivers to improve experiences, automate operations or change business models, there is now a need…


Recording: IoT Security – Getting ahead of the digital impact to your business

July 09, 2018 | By:

– JOIN TRUSTEDSEC ON July 25th, 2018 AT 1:00 PM EST – The End of the Beginning After 3+ years of hype, where are we now with Internet of Things security, and where are we going? There is continuing pressure to keep our business “things” secure and breach-free.  With crashes and attacks now being reported…


Penetration Testing has gotten tougher – and why that increases your risk

June 04, 2018 | By:

There’s been a radical shift in the assessment industry over the last couple of years. We’ve all probably heard that Artificial Intelligence, Machine Learning, User and Entity Behavioral Analysis, Analytics, Detection and Response tools, etc., are advancing and improving defensive postures.  According to Gartner, annual spending on defensive security technology will exceed $82 Billion dollars…


Bridging the Cybersecurity Culture Clash

October 10, 2017 | By:

Why Derbycon is so good for the security community I had a chance to go to Derbycon for the first time this year.  I was amazed at how great it was and a lot of fun of course, but there was more to it than that. I’ve been to many regional conferences, as well as…


Building Upon Core Security & Risk Definitions

May 07, 2018 | By:

Security is evolving. That’s not news, but as it is happening not everyone can keep up with what that means.  This is especially true for those who have embraced maturing their risk and security programs, while still getting traditional assessments which have become commoditized and oftentimes not as valuable as they used to be.    These…