The first time getting any type of penetration test as an organization can be intimidating. You’re not sure about the process, you’re not familiar with the company doing the testing, and you may not even be sure on what success looks like. Today, we’ll explore 5 tips for your first penetration test to help you […]
In today’s blog, we are going to explore the concept of a Demilitarized Zone (DMZ) in computer networking. Specifically, what is a DMZ and what does it protect your organization from? Second, we will explore what makes a DMZ so important and why so many compliance regulations require one. With that, let’s jump right into […]
As we continue to discuss the different types of Self-Assessment Questionnaires (SAQs) within PCI, we’re continuing with some of the smaller SAQs from a requirements and scope perspective. SAQ A-EP is interesting and a little different from the SAQs we’ve discussed previously because it is a subset or special case of SAQ A. It’s also […]
One of the most common questions I get asked when people find out that I am a penetration tester is, “How did you get into this field?” More accurately, they are asking how they can get into penetration testing themselves. As a managing partner of a penetration testing firm and a penetration tester myself, this […]
If you are in IT and looking to try to get into information security, the first place to start is by obtaining industry certifications. As I currently have my OSCP, CISSP, C|EH, GSEC, GCIH, PCIP and am working towards my CISA, I figured I was as good as any to review the certifications out there […]
Cloud computing isn’t really that new of a thing anymore. By now, many organizations are familiar with what it is and may even be considering migrating portions of their operations. But what we’re saying a lot of times is that, even though they may want to move to the cloud because it’s the cool thing […]
