• 21 Dec 2017

    Web application and mobile app security testing – Are you on board?

    Here are some recent pieces I've written regarding web application and mobile app security based on the work I do that you might be interested in: How security controls affect web security assessment resultsThe importance of integrating mobile apps into your security programHow automated web vulnerability scanners introduce risksAddressing web server security vulnerabilities below the application layerDon’t sweep web application testing under the rugYou may not be in control but ...

    Continue Reading...
  • 14 Oct 2017

    When PR spam is actually amusing

    I get spammed by PR firms all the time - quite likely a dozen or more emails from them in my business inbox every day. I think I get on their radar because certain articles I write happen to be related to what these spammers are trying to promote. Well, I recently got this spam message via email from a PR firm regarding an upcoming security conference. Looks interesting. But ...

    Continue Reading...
  • 12 Oct 2017

    Hacker Halted – a security show worth attending

    I've been a big advocate of attending security shows in order to learn, network, and see/hear about the latest technologies. There are a ton of these shows each year - some are a good fit, others not so much. Well, there's one show that I just attended in Atlanta this week that's worth my mentioning and recommendation. It's called Hacker Halted. Put on by the EC-Council (Certified Ethical Hacker) folks, ...

    Continue Reading...
  • 27 Sep 2017

    SEC, Equifax, what’s next? Focus on – and fix – the stuff that matters in security.

    I recently consulted with a client on the SEC and Equifax breaches and had some thoughts that I left with that I wanted to share here:Your security program is only as good as your day-to-day processes and people. No amount of policies, plans, and technologies is going to prevent you from getting hit. Reactive security is apparently the new norm, at least according to SEC chairman Jay Clayton. I don't ...

    Continue Reading...
  • 31 Aug 2017

    HIPAA and data encryption – what you need to know

    When I co-wrote the first edition of the book The Practical Guide to HIPAA Privacy and Security Compliance, both HIPAA and data encryption were a big deal. Fast forward nearly 15 years and they're still a big deal, yet many people are still struggling with both. If you're looking for some insight/guidance on HIPAA compliance, data encryption, or security intelligence in today's business environment, here are a few new pieces that ...

    Continue Reading...
  • 16 Aug 2017

    Hacking For Dummies featured in new Lifetime movie Running Away

    I had the neat opportunity to recently see my book, Hacking For Dummies,  featured in this summer's Lifetime movie called Running Away. I've known that it was a possibility for some time but it was cool to see it on the screen! Here's the scene it's featured in:You can see more about - and purchase - Hacking For Dummies (currently in its 5th edition) on Amazon by clicking the graphic ...

    Continue Reading...
  • 10 Aug 2017

    Rapid7’s Insight platform provides focused analytics for your security program

    Fairly recently, Rapid7 took their vulnerability management platform up to the next level with their analytics platform called Rapid7 Insight. It's a beneficial for an independent consultant like myself and even more useful for enterprises with IT environments of growing complexity. Rapid7 Insight is marketed as a way to bring together the Nexpose vulnerability research, Metasploit exploits, global security intelligence and exposure analytics into a single system that can help ...

    Continue Reading...
  • 07 Aug 2017

    How to gain control & become an IoT security expert

    You've no doubt heard the vendor spiels and seen their solutions for gaining control of your Internet of Things environment. But do you truly have IoT under control? Like other things in IT, it can be pretty overwhelming, especially when you're struggling to keep your arms around your traditional network environment with cloud and mobile and all the complexities they bring. Well, IoT security doesn't have to be that difficult. It's ...

    Continue Reading...
  • 21 Jun 2017

    Using Centrifuge for IoT security testing

    I love hacking things, especially new things like what's showing up on networks around the globe in the form of IoT. If IoT security is anywhere on your radar, you're likely incorporating these devices into your security testing program. Well, there's a new IoT security assessment tool in town that you need to know about called Centrifuge brought to you by Tactical Network Solutions - makers of the former (and ...

    Continue Reading...
  • 26 May 2017

    From web to mobile to connected cars – here are some application security resources you need to check out

    Given all of the variables and complexities associated with information security, I still believe that application security is the biggest weakness in most organizations and the one area where we can truly effect the greatest change. Here are some pieces that I have written recently regarding web and mobile app security that you might enjoy:Identifying and addressing overlooked web security vulnerabilitiesWhat the end of hot patching mobile apps means for ...

    Continue Reading...