About Ryan Wakeham

Ryan Wakeham has approximately ten years of computer security experience, seven of them with NetSPI. He holds a BA in Computer Science from Carleton College and an MS degree in Information Security from the Georgia Institute of Technology. Ryan leads NetSPI’s Assessment Team, which performs network and application penetration tests, code reviews, and infrastructure assessments. He also consults directly with clients on IT risk management and security program development projects. He brings to his work sound insight into security issues and the communication skills to effectively and thoroughly convey risks and recommended remedies to clients.

Sage Advice

2013 Cyber Threat Forecast Released

Ryan Wakeham

December 12th, 2012

The Georgia Tech Information Security Center and Georgia Tech Research Institute recently released their 2013 report on emerging cyber threats. Some of these threats are fairly predictable, such as cloud-based botnets, vulnerabilities in mobile browsers and mobile wallets, and obfuscation of malware in order to avoid detection. However, some areas of focus were a bit more surprising, less in a revelatory sense and more simply because the report specifically called them out.
READ POST

NetsPWN: Assessment Services

Thoughts on Web Application Firewalls

Ryan Wakeham

October 15th, 2012

Is installing a WAF preferable to writing secure code? Or, put differently, is having a WAF in place reason enough to disregard secure coding standards and remediation processes? I don’t think so.
READ POST

NetsPWN: Assessment Services

Web Application Testing: What is the right amount?

Ryan Wakeham

June 22nd, 2012

Some application security vendors insist that scanning a single application numerous times throughout the year is the best way to ensure the security of the application and related components. They are wrong.
READ POST

Sage Advice

Enterprise Vulnerability Management

Ryan Wakeham

May 24th, 2012

While many companies have large and relatively mature security programs, it would not be an exaggeration to say that very few have formalized the process of actively managing the vulnerabilities in their environments.
READ POST

Sage Advice

Pentesting the Cloud

Ryan Wakeham

March 19th, 2012

The ability to perform penetration testing against Cloud-based assets and environments is increasing in importance as more organizations begin to leverage the flexibility and cost-efficiency of virtualized and shared platforms. How is testing against these new environments different?
READ POST

Sage Advice

The Annual Struggle with Assessing Risk

Ryan Wakeham

February 7th, 2012

Most major information security frameworks such as ISO/IEC 27002:2005, the PCI Data Security Standard, and HIPAA, include annual or periodic risk assessments and yet a surprising number of organizations struggle with putting together a risk assessment process.
READ POST

Sage Advice

Why I Hate The Cloud

Ryan Wakeham

October 26th, 2011

The Cloud is giving me heartburn. This is why.
READ POST

Sage Advice

Mobile Devices in Corporate Environments

Ryan Wakeham

October 12th, 2011

The influx of smartphones and tablet computers into the workplace have altered the threat landscape and require an update to security controls.
READ POST

Sage Advice

Do You Know Where Your Data Is?

Ryan Wakeham

October 4th, 2011

When it comes to application of security controls, many organizations have gotten pretty good at selecting and implementing technologies that create defense-in-depth. However, many organizations are still at risk because they can’t answer a simple question: where is sensitive data?
READ POST