Highlights from the NIST Cybersecurity Risk Management Conference

November 20, 2018 | By:

NIST hosted a CyberSecurity Risk Management Conference from November 8th through the 10th.  The event was expanded and improved from previous NIST workshops, which were more government focused. Thus for this conference, they wanted the same spirit of gaining stakeholder input on the frameworks and general cybersecurity areas, but with a much greater attendance and…


Holiday Phishing: Office 365

November 15, 2018 | By:

  It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty…


What Information Security Can Learn From the Hospitality Industry

November 06, 2018 | By:

The Information Security industry has a lot in common with the Hospitality industry. Both industries are service oriented, high volume, and built on trust. As with all services founded on trust, establishing and maintaining healthy relationships is critical for success. Strong relationships can do a lot for a security program. They can garner additional funding…


Of Failure and Success

October 30, 2018 | By:

  Experience is simply the name we give our mistakes. — Oscar Wilde   Over the course of a year, I watch many InfoSec conference presentations whether in person at the conference or via a recording on YouTube, I read a multitude of amazing blog articles, and I follow and read the messages of many…


The Three Best Security Analogies I Know (and How to Use Them)

October 29, 2018 | By:

When it goes well, explaining security concepts to coworkers, friends, and family is one of the best parts of being in the security industry. It helps others make more risk-aware decisions, reduces ‘inarticulate tech geek’ stereotypes, and enhances soft-skills. Unfortunately, explanations do not always go well. Audiences need to be in the right state of…


Let’s Build a Card Cloner

October 23, 2018 | By:

This post isn’t attempting to present new research or a new device—that work has already been done, a la Bishop Fox. While an overall design was created, and many others have discussed building such a device, doing so can prove to be challenging. This post will provide you with all that is needed to fully…


A Buyer’s Guide to Beginning SDR

October 22, 2018 | By:

For my first post on software-defined radios (SDRs), I’d like to start off by talking about a few things that most people find out through either experience or spending hours hunting on Google (or never figure out at all, and chalk the problem up to software bugs and hardware gremlins). One thing that I learned…


W32.Coozie: Discovering Oracle CVE-2018-3253

October 17, 2018 | By:

NOTE: On October 17th, 2018 Oracle released a patch for this vulnerability as several others: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html There are times when finding a 0day in a major-branded product like Oracle takes months of research, and there are times when it just jumps off the screen and you think to yourself, ‘There’s no possible way that is…


DerbyCon 8.0 EVOLUTION TrustedSec Talks

October 08, 2018 | By:

TrustedSec 2018 Speaker Line-Up Watch the recordings of all our consultants’ talks here: Oddvar Moe Carlos Perez Jason Lang David Boyd Adam Compton Founder and CEO David Kennedy also moderated the Keynote and was on the Opening and Closing Ceremony panels here: Keynote Ceremonies   A proud Platinum sponsor of DerbyCon. Thank you for another amazing…


NIST Guidance for Small Business Forthcoming

September 27, 2018 | By:

The National Institute for Standards and Technology, usually referred to as NIST, has many valuable resources, including resources for computer security. The NIST Cybersecurity Framework (NIST CSF) and the NIST 800 series are familiar to most people in the information security industry. The NIST standards are commonly used not only by organizations that are bound…