As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk is second-nature to us. On one hand, we never want to undersell a risk, and have a client accept that risk based on an improperly informed position. On the other hand, I think …
Waving the White Flag: Why InfoSec should stop caring about HTTPOnly Read More »
ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping stone in your cybersecurity career. Traditionally, students have two different options to gain this certification; self-study or a bootcamp. Both …
Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »
Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …
I have been involved in IT and security in one way or another for almost 30 years. I have worked full time for organizations and consulted in a wide variety of jobs and responsibilities. But one of the common issues I have seen and been part of is having a handle on what all of …
Finding Your Weakness: Triaging Your Domains with SWAT Read More »
In the cloud-based economy, businesses of every size are hiring remote employees. Remote employees may decrease their capital costs, free the business from location limitations, and provide many of the intangible benefits of remote working. The increased number of employees working from diverse locations on a growing number of devices create several issues a business …
Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing. This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course. In this 2 hour course, James …
Professionally Evil Courses: Ride Along Penetration Testing Read More »
In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide a written definition of …
I’m excited to announce that I will be returning to my hometown of Kingston, Ontario to teach a two-day, hands-on Secure Coding course at Kingston MakerSpace, May 5-6, 2014. This course is geared towards software developers who want to learn the details of common web application attacks and what coding strategies to use to properly …
Secure Coding for Developers at Kingston MakerSpace, May 5-6 Read More »
Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing. This course will be held on March 11th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course. In this 2 hour course, …
Professionally Evil Courses: Ride Along Penetration Testing Read More »
Secure Ideas is excited to announce the next webcast being offered. In this webcast, James Jardine and Kevin Johnson will talk about the steps leading up to a penetration test. These steps will include determining if you need a test, how to scope the test, and then how to prepare for the impending test. You …
Webcast: Pen Test Preppers: Prepping for the Inevitable Read More »