Want Better Alerting? Consider Your Business Processes

May 19, 2020
Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they...

Developing with VBA for Script Kiddies

May 7, 2020
Introduction Now that I can read these macros and code snippets on stackexchange, how do I really make use of VBA? There must be more than meets the eye. How can I transform this BASIC code into something to pwn the world? I want to develop something! After learning the reason we should be looking...

The VBA Language for Script Kiddies

May 5, 2020
Introduction Thanks to your super spiffy explainer on macros, I know why I should go old school and start coding in VBA, but I can’t even read it, let alone hack it. Do you have Google translate for VBA or possibly a Babel fish? Great, I’ve convinced you that you need to start looking at...

Vendor Enablement: Rethinking Third-Party Risk

April 30, 2020
Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,...

Payment Card Industry (PCI) – Recurring Requirements Require Attention!

April 28, 2020
There are certain items contained within the 12 PCI requirements that have to be performed based on defined frequencies. In my experience, companies sometimes struggle with adhering to some if not all of these items. There are a number of reasons that this might happen, whether it’s related to employee turnover, unfamiliarity with the items,...

Breaking Into InfoSec – A Beginners Guide (Part 2)

April 23, 2020
Opening In part one of this blog post series, we covered some personal backstory of my journey into InfoSec, went over putting a plan together for your next InfoSec mission, recommended some InfoSec immersion ideas, and provided some guidance around seeking out a mentor. If you haven’t had a chance to read the first part...
  • Browse by Category

  • Clear Form