Penetration testing requests for proposals (RFPs) or requests for quotes (RFQs) can be a great way to bid on and potentially win penetration testing projects as a business. Many pen testing vendors rely on capturing business solely, or mostly, through RFP submissions. Most RFPs are for government entities such as local municipalities, state run schools, […]
As with every type of penetration test we perform, our engineers are experienced and know how to balance the goal of giving you a realistic view of your vulnerabilities with the need to avoid business disruptions. However, just like other types of tests, as good as we may be, there can occasionally be problems that […]
As we have previously discussed, a vishing attack is usually one of the most successful types of social engineering both in the wild and during engagements. Due to the nature of a vishing attack, many employees fall victim to simple variations because they are conducted over the phone and they aren’t as familiar with the […]
In today’s blog, we are going to look at how ransomware works and why it necessitates the use of offline backups for your organization. Having audited hundreds of organizations, it is clear to me that most IT professionals are considering availability. It is very common for organizations to be taking regular backups and for these […]
South Carolina became the first state to pass cyber security legislation for insurance companies in 2018. The South Carolina Insurance Data Security Act was passed on May 3rd, 2018 and was modeled after the NAIC Insurance Data Security Model Law. Today we will dive deeper into the law and try to understand the ramifications of […]
The path to HIPAA compliance is paved with many hurdles. One of the first issues most organizations encounter is identifying how HIPAA applies to them and whether they need to meet compliance. So in order to move forward and start applying the necessary controls to meet compliance, you’ve got to determine whether you are a […]
In today’s blog, we are going to explore the concept of Black Box vs. White Box testing. There are a lot of terms thrown around when it comes to security, and it is easy to get confused, especially when different sources use different definitions for each term. Not to worry, we’ll explore black box, gray […]
One of the security services that Triaxiom Security offers is Incident Response assistance. We help an organization determine if a breach has occurred, what is the extent of that breach, was any sensitive data exfiltrated, and what was the initial point of compromise that allowed the breach. The scenarios that lead up to a full […]
Penetration tests can range from a simple test that takes 1 day to complete up to an assessment with multiple different penetration testing services that takes weeks to complete. A project manager is a vital role during a penetration test to ensure that everything goes smoothly, timelines are met, and ultimately the client gets the […]
As with salaries in most fields, the answer here is it depends. In any field or industry there is a certain level of supply and demand that helps dictate salaries. Luckily in the field we’re discussing today, there is a pretty short supply of penetration testers out there and, therefore, the salaries we’re seeing tend […]
