A crucial part of maturing your overall incident response capabilities is dry-running the process through what are known as “tabletop exercises.” Imagine security meets Dungeons & Dragons-style role playing. In all seriousness, incident response tabletop exercises are a great opportunity to practice your incident response process in a realistic scenario, from the documentation to the defined […]
We get asked this almost as much as how often should we get a penetration test completed. There are many motivators and moving pieces that can drive the timing of a penetration test. Generally, if you’re asking “when should my company schedule a penetration test” the answer is “now”! Coming up with a regular schedule […]
We can file this away as a million dollar question for technology leaders and executives. While there is no right or wrong answer to this question, we recommend an annual security assessment that includes penetration testing. There are also actions that can be take throughout the rest of the year between assessments to help secure […]
A firewall configuration review is one of the safest activities we do as penetration testers. There’s no automated scanning, no active exploitation, and poking/prodding exposed ports and services. Even though it is a very low risk activity, there are a couple things we’ve identified over the years as ways to streamline the process of having […]
If you are reading this, I am sure that at some point you have had to suffer through some form of security awareness training. While we commend companies for trying, let’s face it, the majority of participants are just clicking through some computer-based training as fast as they can so they can get their certificate […]
We often get asked for references for our work. As you would expect, if you are hiring someone to hack your company or determine where your security vulnerabilities lie, you want to make sure they can be trusted. As part of the screening process, we highly recommend that you vet penetration testing partners via professional […]
