Executive Blog A Checklist: Getting the Most Value Out of Testing and Vulnerability ManagementYou have leadership buy-in to invest in a proactive cybersecurity program to better protect your organization from security breaches that could put your organization at grave risk....Read More How to Build a Cyber Security Team with Staying PowerData from the Bureau of Labor Statistics shows that information security professional employment is projected to grow 32% between 2018 and 2028... Q&A with Nabil Hannan: An Inside Look at Red Teaming CultureThe term ‘red teaming’ is said to be overly used in the cyber security industry, which is why the concept is often misunderstood and unclear.... Aligning Stakeholders, Protecting Against Malicious Insiders, and the Reality that Nothing is Purely Internal AnymoreWhen joining any new company and trying to build the security program, it’s important to listen and seek to understand the business’ goals and objectives.... Three Keys to Ensuring Application Security from a 40-Year Information Security VeteranAs is the case with any regulated industry, the insurance industry has long been driven by regulatory pressures that compel them to undertake security activities.... Four Ways Pentesting is Shifting to an “Always On” ApproachNo industry is safe from a cyberattack and last year’s long list of breach victims is testament to that.... Black Hat 2020: Highlights from the Virtual Conference; Calls to Action for the IndustryBlack Hat looked different this year as the security community gathered on the virtual stage, due to COVID-19 concerns.... TechTarget: What cybersecurity teams can learn from COVID-19On August 12, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Security Boulevard: 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next LevelOn August 11, NetSPI Managing Director Nabil Hannan was featured in Security Boulevard.... CIO.com: 4 hot project management trends — and 4 going coldOn August 4, NetSPI Vice President of Services Operations Nancy Bechthold was featured in CIO.com.... The Rise of DDoS Attacks and How to Stop ThemDistributed Denial of Service (DDoS) attacks have gained celebrity status during COVID-19.... Four Must-Have Elements of an Always-On Cyber Security ProgramLet’s face it. The chefs in our lives were right when preaching the “clean as you go” philosophy while cooking.... Cloud Security: What is it Really, Driving Forces Behind the Transition, and How to Get StartedIn a recent episode of Agent of Influence, Nabil Hannan talked with Mike Rothman, President of DisruptOps.... Focus on Context to Improve Your Incident Response Plan$8.19 million. That’s the average loss U.S. organizations face each year due to the damages of cyber security attacks, according to a Ponemon Institute study.... Dark Reading: Pen Testing ROI: How to Communicate the Value of Security TestingOn July 9, 2020, NetSPI Managing Director Nabil Hannan was featured in Dark Reading.... Building a Security Framework in a Compliance-Driven WorldDepending on the industry an organization is in, there are a multitude of specific, acronym-heavy rules, regulations, and frameworks which must be adhered to... Your Phone Really is Listening to You: The Evolution of Data Privacy, GDPR, and Why/How to Ensure ComplianceMy first long term job was in architecture and software development for a device, Blackberry, that put security first, so everything we were doing was privacy and security focused... COVID-19: Evaluating Security Implications of the Decisions Made to Enable a Remote WorkforceNabil Hannan was featured on the CU 2.0 podcast with host, Robert McGarvey, and talked about enabling a secure, remote workforce during COVID-19... Getting Started on Your Application Security JourneyIn order for an organization to have a successful Application Security Program, there needs to be a centralized governing team that’s responsible for all efforts.... TechTarget: Invest in new security talent with cybersecurity mentorshipsOn June 16, 2020, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Making the Case for Proactive Cyber Security InvestmentsProactive, or preventative, cyber security measures continue to be an afterthought in today’s conversations around breach preparedness.... E-Commerce Trends During COVID-19 and Achieving PCI ComplianceBy this point it’s clear that organizations and every individual has to make changes and adapt their day-to-day activities based on the weeks of lock-down... Why Organizations Should Think More Holistically About Preparing for and Responding to a Security BreachIn a recent episode of Agent of Influence, Nabil Hannan talked with Sean Curran, Senior Director in West Monroe Partners’ Technology Practice in Chicago... Challenges and Keys to Success for Today’s CISO from the Former CISO at the CIAWhen I started as CISO of the CIA, no one really understood the role or what to do with the CISO. The government had mandated that every government agency had to have one... Dark Reading: Organizations Conduct App Penetration Tests More Frequently – and BroadlyOn May 13, 2020, NetSPI President and COO Aaron Shilts was featured in Dark Reading.... Credit Union Journal: Credit unions must step up cybersecurity during coronavirusOn May 13, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Journal.... The Penetration Testing Paradox: Criteria for Evaluating ProvidersSince the mid 1960s, computer experts warned of the inevitability of bad actors trying to access information across computer lines... Overcoming Challenges of COVID-19 with Telemedicine and New Technology SolutionsIn a recent episode of Agent of Influence, Nabil Hannan talked with Anubhav Kaul, Chief Medical Officer at Mattapan Community Health Center near Boston... Zoom Vulnerabilities: Making Sense of it AllWe find ourselves abruptly switching to a work from home model with virtual meetings becoming the norm on videoconferencing services, like Zoom... Penetration Testing as a Service – Scaling to 50 Million VulnerabilitiesThe process of assessing third-party penetration testing vendors is the start of a long-term relationship that is core to your security testing program.... BAI Banking Strategies: Work from home presents a data security challenge for banksOn April 15, 2020, NetSPI Managing Director Nabil Hannan was featured in BAI Banking Strategies.... The Evolution of Cyber Security Education and How to Break into the IndustryIn the inaugural episode of NetSPI’s podcast, Agent of Influence, Managing Director and podcast host, Nabil Hannan talked with Ming Chow... Credit Union Times: Vulnerability Management Considerations for Credit Union M&AsOn April 8, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Times.... Through the Attacker’s Lens: What Is Visible on Your Perimeter?The Internet is a hacker’s playground. When a hacker is looking for targets to attack, they typically start with the weakest link they can find on the perimeter of a network... Staying Off the Hamster Wheel of Cloud Security PainIt all starts innocently enough. You engage with a trusted provider to perform a pentest of your shiny new cloud-native application. And the pentesters find stuff.... #WFH – Embracing the New Norm of Working From HomeA worldwide pandemic broke out, and your employer is asking you to work from home instead of coming into the office. Well, you’re not alone.... Keeping Your Organization Secure While Sending Your Employees to Work from HomeAll of a sudden, the world is facing a pandemic, and you are asking all your team members to work from home.... Staying Safe Online During the COVID-19 PandemicThere’s a reason why a computer virus is called a “virus” – they have many similarities with medical viruses (like COVID-19) that have a severe impact on your personal health.... Innovation and Consistency: The Right and Left Brain of Vulnerability ManagementPentesting has attracted a workforce filled with intensely creative and highly curious technical minds. Ironically, however, we see vulnerability management programs... Banking Dive: Banks engage in self-hacks to keep defenses sharpOn March 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive.... RSA 2020: Three Takeaways from the Halls of the Moscone CenterWe just returned from RSA Conference, and like every year, it did not disappoint in meeting its charter: “to be a driving force behind the world’s cybersecurity agenda... ABA Banking Journal: Go Hack YourselfOn Mar. 2, 2020, NetSPI President and COO Aaron Shilts was featured in ABA Banking Journal.... Why Do People Confuse “End-to-End Encryption” with “Security”?It is very common to hear people make blanket statements like “WhatsApp is secure,” but they rarely understand the actual security controls... What Is.com Word of the Day: Pentesting as a Service (PTaas)On Feb. 4, 2020, NetSPI Product Manager Jake Reynolds was featured in TechTarget’s WhatIs.com defining Pentesting as a Service.... Keep Pace with Evolving Attack Surfaces: Penetration Testing as a ServiceStudy after study shows that business leaders across the country place cybersecurity in their top concerns for 2020.... Three Things To Remember When Building Your InfoSec ProgramOver the past 20 years of working with companies of all sizes and ages, NetSPI has seen some of the best and worst infosec programs.... Six Ways to Increase the Business Relevance of Risk-Based ReportingWhen it comes to vulnerability and risk reporting, there’s a significant disconnect between what business stakeholders want and what the vast majority of security assessment and tool vendors provide.... Your Cloud Assets are Probably Not As Secure as You Think They AreDespite a plethora of available tools and resources, there are still many ways to configure cloud services incorrectly. According to a Wall Street Journal article published earlier this year, research and advisory firm Gartner Inc.... Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security PostureIn a report published by consulting firm West Monroe Partners, 40 percent of acquiring businesses said they discovered a high-risk security problem at an acquisition after a deal went through.... Make it Easy on the DevsSoftware development teams are often at odds with application security teams, specifically penetesting teams. In this post we explore why this happens and what five steps you can take to improve participation in security testing by the development team in your organizat... Five Signs Your Application Security Assessment Process Needs a RebootWith a process like the one above, your organization will struggle with delayed timelines and duplicate efforts. And because the process is manual, each step in your lifecycle is prone to human-error. In highly regulated industries, this wasteful approach consumes valua... Data Silos: Are They Really a Problem?Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios.... Recurring Vulnerability Management Challenges That Can’t Be IgnoredStories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years.... What’s Next and New with NetSPI ResolveHere at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year.... How to Streamline Pentest Data to Security OrchestrationPreviously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we're explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process.... How to Track Vulnerability Data and Remediation WorkflowVulnerability data must be tracked in order to ensure remediation - or vulnerabilities can fall through the cracks leaving your organization exposed. Most vulnerability data comes from scanners, though the most important vulnerability data often comes from humans.... Security Orchestration vs. Automation: What’s the Difference?In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it's also the solution.... Are You Flooded With Vulnerabilities?Do you have more vulnerabilities piling up than you can fix with current resources? Time to remediation lengthens as volume grows. Organizations that prioritize vulnerabilities based on risk will maximize security resources and results, so we recommend this five-phase p... Sign Up for Our Mailing List to Keep Up on the Latest From NetSPI
A Checklist: Getting the Most Value Out of Testing and Vulnerability ManagementYou have leadership buy-in to invest in a proactive cybersecurity program to better protect your organization from security breaches that could put your organization at grave risk....Read More
How to Build a Cyber Security Team with Staying PowerData from the Bureau of Labor Statistics shows that information security professional employment is projected to grow 32% between 2018 and 2028...
Q&A with Nabil Hannan: An Inside Look at Red Teaming CultureThe term ‘red teaming’ is said to be overly used in the cyber security industry, which is why the concept is often misunderstood and unclear....
Aligning Stakeholders, Protecting Against Malicious Insiders, and the Reality that Nothing is Purely Internal AnymoreWhen joining any new company and trying to build the security program, it’s important to listen and seek to understand the business’ goals and objectives....
Three Keys to Ensuring Application Security from a 40-Year Information Security VeteranAs is the case with any regulated industry, the insurance industry has long been driven by regulatory pressures that compel them to undertake security activities....
Four Ways Pentesting is Shifting to an “Always On” ApproachNo industry is safe from a cyberattack and last year’s long list of breach victims is testament to that....
Black Hat 2020: Highlights from the Virtual Conference; Calls to Action for the IndustryBlack Hat looked different this year as the security community gathered on the virtual stage, due to COVID-19 concerns....
TechTarget: What cybersecurity teams can learn from COVID-19On August 12, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Security Boulevard: 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next LevelOn August 11, NetSPI Managing Director Nabil Hannan was featured in Security Boulevard....
CIO.com: 4 hot project management trends — and 4 going coldOn August 4, NetSPI Vice President of Services Operations Nancy Bechthold was featured in CIO.com....
The Rise of DDoS Attacks and How to Stop ThemDistributed Denial of Service (DDoS) attacks have gained celebrity status during COVID-19....
Four Must-Have Elements of an Always-On Cyber Security ProgramLet’s face it. The chefs in our lives were right when preaching the “clean as you go” philosophy while cooking....
Cloud Security: What is it Really, Driving Forces Behind the Transition, and How to Get StartedIn a recent episode of Agent of Influence, Nabil Hannan talked with Mike Rothman, President of DisruptOps....
Focus on Context to Improve Your Incident Response Plan$8.19 million. That’s the average loss U.S. organizations face each year due to the damages of cyber security attacks, according to a Ponemon Institute study....
Dark Reading: Pen Testing ROI: How to Communicate the Value of Security TestingOn July 9, 2020, NetSPI Managing Director Nabil Hannan was featured in Dark Reading....
Building a Security Framework in a Compliance-Driven WorldDepending on the industry an organization is in, there are a multitude of specific, acronym-heavy rules, regulations, and frameworks which must be adhered to...
Your Phone Really is Listening to You: The Evolution of Data Privacy, GDPR, and Why/How to Ensure ComplianceMy first long term job was in architecture and software development for a device, Blackberry, that put security first, so everything we were doing was privacy and security focused...
COVID-19: Evaluating Security Implications of the Decisions Made to Enable a Remote WorkforceNabil Hannan was featured on the CU 2.0 podcast with host, Robert McGarvey, and talked about enabling a secure, remote workforce during COVID-19...
Getting Started on Your Application Security JourneyIn order for an organization to have a successful Application Security Program, there needs to be a centralized governing team that’s responsible for all efforts....
TechTarget: Invest in new security talent with cybersecurity mentorshipsOn June 16, 2020, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Making the Case for Proactive Cyber Security InvestmentsProactive, or preventative, cyber security measures continue to be an afterthought in today’s conversations around breach preparedness....
E-Commerce Trends During COVID-19 and Achieving PCI ComplianceBy this point it’s clear that organizations and every individual has to make changes and adapt their day-to-day activities based on the weeks of lock-down...
Why Organizations Should Think More Holistically About Preparing for and Responding to a Security BreachIn a recent episode of Agent of Influence, Nabil Hannan talked with Sean Curran, Senior Director in West Monroe Partners’ Technology Practice in Chicago...
Challenges and Keys to Success for Today’s CISO from the Former CISO at the CIAWhen I started as CISO of the CIA, no one really understood the role or what to do with the CISO. The government had mandated that every government agency had to have one...
Dark Reading: Organizations Conduct App Penetration Tests More Frequently – and BroadlyOn May 13, 2020, NetSPI President and COO Aaron Shilts was featured in Dark Reading....
Credit Union Journal: Credit unions must step up cybersecurity during coronavirusOn May 13, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Journal....
The Penetration Testing Paradox: Criteria for Evaluating ProvidersSince the mid 1960s, computer experts warned of the inevitability of bad actors trying to access information across computer lines...
Overcoming Challenges of COVID-19 with Telemedicine and New Technology SolutionsIn a recent episode of Agent of Influence, Nabil Hannan talked with Anubhav Kaul, Chief Medical Officer at Mattapan Community Health Center near Boston...
Zoom Vulnerabilities: Making Sense of it AllWe find ourselves abruptly switching to a work from home model with virtual meetings becoming the norm on videoconferencing services, like Zoom...
Penetration Testing as a Service – Scaling to 50 Million VulnerabilitiesThe process of assessing third-party penetration testing vendors is the start of a long-term relationship that is core to your security testing program....
BAI Banking Strategies: Work from home presents a data security challenge for banksOn April 15, 2020, NetSPI Managing Director Nabil Hannan was featured in BAI Banking Strategies....
The Evolution of Cyber Security Education and How to Break into the IndustryIn the inaugural episode of NetSPI’s podcast, Agent of Influence, Managing Director and podcast host, Nabil Hannan talked with Ming Chow...
Credit Union Times: Vulnerability Management Considerations for Credit Union M&AsOn April 8, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Times....
Through the Attacker’s Lens: What Is Visible on Your Perimeter?The Internet is a hacker’s playground. When a hacker is looking for targets to attack, they typically start with the weakest link they can find on the perimeter of a network...
Staying Off the Hamster Wheel of Cloud Security PainIt all starts innocently enough. You engage with a trusted provider to perform a pentest of your shiny new cloud-native application. And the pentesters find stuff....
#WFH – Embracing the New Norm of Working From HomeA worldwide pandemic broke out, and your employer is asking you to work from home instead of coming into the office. Well, you’re not alone....
Keeping Your Organization Secure While Sending Your Employees to Work from HomeAll of a sudden, the world is facing a pandemic, and you are asking all your team members to work from home....
Staying Safe Online During the COVID-19 PandemicThere’s a reason why a computer virus is called a “virus” – they have many similarities with medical viruses (like COVID-19) that have a severe impact on your personal health....
Innovation and Consistency: The Right and Left Brain of Vulnerability ManagementPentesting has attracted a workforce filled with intensely creative and highly curious technical minds. Ironically, however, we see vulnerability management programs...
Banking Dive: Banks engage in self-hacks to keep defenses sharpOn March 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive....
RSA 2020: Three Takeaways from the Halls of the Moscone CenterWe just returned from RSA Conference, and like every year, it did not disappoint in meeting its charter: “to be a driving force behind the world’s cybersecurity agenda...
ABA Banking Journal: Go Hack YourselfOn Mar. 2, 2020, NetSPI President and COO Aaron Shilts was featured in ABA Banking Journal....
Why Do People Confuse “End-to-End Encryption” with “Security”?It is very common to hear people make blanket statements like “WhatsApp is secure,” but they rarely understand the actual security controls...
What Is.com Word of the Day: Pentesting as a Service (PTaas)On Feb. 4, 2020, NetSPI Product Manager Jake Reynolds was featured in TechTarget’s WhatIs.com defining Pentesting as a Service....
Keep Pace with Evolving Attack Surfaces: Penetration Testing as a ServiceStudy after study shows that business leaders across the country place cybersecurity in their top concerns for 2020....
Three Things To Remember When Building Your InfoSec ProgramOver the past 20 years of working with companies of all sizes and ages, NetSPI has seen some of the best and worst infosec programs....
Six Ways to Increase the Business Relevance of Risk-Based ReportingWhen it comes to vulnerability and risk reporting, there’s a significant disconnect between what business stakeholders want and what the vast majority of security assessment and tool vendors provide....
Your Cloud Assets are Probably Not As Secure as You Think They AreDespite a plethora of available tools and resources, there are still many ways to configure cloud services incorrectly. According to a Wall Street Journal article published earlier this year, research and advisory firm Gartner Inc....
Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security PostureIn a report published by consulting firm West Monroe Partners, 40 percent of acquiring businesses said they discovered a high-risk security problem at an acquisition after a deal went through....
Make it Easy on the DevsSoftware development teams are often at odds with application security teams, specifically penetesting teams. In this post we explore why this happens and what five steps you can take to improve participation in security testing by the development team in your organizat...
Five Signs Your Application Security Assessment Process Needs a RebootWith a process like the one above, your organization will struggle with delayed timelines and duplicate efforts. And because the process is manual, each step in your lifecycle is prone to human-error. In highly regulated industries, this wasteful approach consumes valua...
Data Silos: Are They Really a Problem?Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios....
Recurring Vulnerability Management Challenges That Can’t Be IgnoredStories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years....
What’s Next and New with NetSPI ResolveHere at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year....
How to Streamline Pentest Data to Security OrchestrationPreviously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we're explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process....
How to Track Vulnerability Data and Remediation WorkflowVulnerability data must be tracked in order to ensure remediation - or vulnerabilities can fall through the cracks leaving your organization exposed. Most vulnerability data comes from scanners, though the most important vulnerability data often comes from humans....
Security Orchestration vs. Automation: What’s the Difference?In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it's also the solution....
Are You Flooded With Vulnerabilities?Do you have more vulnerabilities piling up than you can fix with current resources? Time to remediation lengthens as volume grows. Organizations that prioritize vulnerabilities based on risk will maximize security resources and results, so we recommend this five-phase p...
