Blog | InfoSec

Common Endpoint (NGAV/EDR) Mistakes and How to Avoid Them

Posted on June 15, 2020

Endpoint Mistakes June2020

We perform hundreds of offensive security engagements such as penetration testing and red teaming every year.  During these engagements, we commonly exploit vulnerabilities to obtain some initial level of access and perform post-exploitation to demonstrate what an attacker could do and how far they could go.  Along the way, we have encountered just about every security control imaginable;...Continue reading 

The First Five Things You Should Do As A New CISO

Posted on August 20, 2018

Everyone who works in or is tasked with hiring for the InfoSec industry understands that one of the biggest challenges is acquiring and keeping talent. There is a deficit of good people, and that includes senior executives.  In the case of CISOs, the average tenure (according to industry research) is 24 to 48 months, with many CISOs changing companies even more...Continue reading 

Pins and Staples: Enhanced SSL Security

Posted on November 16, 2017

With Chrome backing away from HTTP Public Key Pinning and other industry thought-leaders calling for its death, I figured I'd take some time to review some existing and upcoming (and tedious) controls that aim to fix some of the many shortcomings within the SSL/HTTPS ecosystem. In so doing I figured I’d summarize some of these concepts into a...Continue reading 

Have Questions?
Get Answers