Executive Blog What Does Application Security “as a Service” Really Mean?Discover the value of application security as a service as a core part of your penetration testing program....Read More How To Eliminate Friction Between Business and Cyber SecurityTop tips for keeping a business running efficiently while also implementing security controls, from MicroStrategy CISO Roshan Popal.... Star Tribune: Growth accelerates for Twin Cities cybersecurity businessesOn February 14, 2021, NetSPI President and CEO Aaron Shilts was featured in the Star Tribune.... The Need to Prevent Insider Threats, as Revealed by the SolarWinds Cyber Security BreachCISOs must prioritize efforts around preventing insider threats in the supply chain. Read this article to learn how to detect and prevent insider attacks.... SC Magazine: Rethink your cybersecurity resiliency using a risk-based strategyOn February 9, 2021, NetSPI's VP of Strategic Accounts Mary Braunwarth was featured in SC Magazine.... TechTarget: 5 cybersecurity lessons from the SolarWinds breachOn February 8, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Build Strong Relationships Between Development and Application Security Teams to Find and Fix Vulnerabilities FasterDevSecOps is a great theory but is only effective if these groups work together to develop the people, process, and technology needed to be effective.... AWS versus Azure Cloud Testing: Understanding the DifferencesIf your organization is currently leveraging the cloud, there’s a good chance you are either using Amazon Web Services (AWS) or Microsoft Azure.... TechTarget: Standardize cybersecurity terms to get everyone correct serviceOn January 22, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Lessons Learned From The Kubernetes Man-in-the-Middle VulnerabilityTwo things make this vulnerability interesting: first, it affects all versions of Kubernetes. Second, it cannot be patched.... Six Activities to Jump Start Your Application Security JourneyStart or refine your application security and pentesting journey with these six best practices from the cybersecurity experts at NetSPI.... One Take CEO Interviews: How NetSPI is Growing Despite Covid-19, PLUS 3 Things to Do Now to Protect Your DataOn January 5, 2021, NetSPI President and COO Aaron Shilts was featured on the podcast, One Take CEO Interviews with Dale Kurschner.... Four Application Security Myths – DebunkedApplication Security is a crucial component to all software development today. At least, it should be as cyber security concerns continue to grow... SC Magazine: From diversity efforts to pandemic recovery, workforce issues will evolve in 2021On January 4, 2021, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine.... SC Magazine: 2021 strategy predictions: Shifts in business models, shifts in security prioritiesOn December 30, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine.... SC Magazine: 2021 tech predictions: The conceptual gets realOn December 28, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine.... FireEye, SolarWinds, U.S. Treasury: What’s Happening in the Cyber Security World Right Now?As we write this post, you’ve likely heard about the FireEye and U.S. government agency breaches that occurred over the past week... TechTarget: 3 reasons why CISOs should collaborate more with CFOsOn December 11, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Trimarc: Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active DirectoryOn December 10, NetSPI Security Consultant Jake Karnes was featured in Trimarc.... Bleeping Computer: Windows Kerberos Bronze Bit attack gets public exploit, patch nowOn December 10, NetSPI Security Consultant Jake Karnes was featured in Bleeping Computer.... ZDNet: Proof-of-concept exploit code published for new Kerberos Bronze Bit attackOn December 10, NetSPI Security Consultant Jake Karnes was featured in ZDNet.... Introducing PTaaS Pro: The Smart Solution to Penetrating Testing and Vulnerability ManagementDuring our penetration testing engagements, we frequently hear from clients that it is difficult to manage the large volume of vulnerabilities we discover... What Not to Do When Ingesting and Prioritizing Vulnerability Data for RemediationI should have known better... It was too late; the scanner tool was on a mission to dump megabytes of data into a spreadsheet and there was nothing I could do to cancel it.... Healthcare’s Guide to Ryuk Ransomware: Advice for Prevention and RemediationMaking its debut in 2018, the Ryuk ransomware strand has wreaked havoc on hundreds of businesses and is responsible for one-third of all ransomware attacks that took place in 2020.... The Power of Instrumentation to Automate Components of Vulnerability Testing – from the Creator of IASTIn a recent episode of Agent of Influence, I talked with Jeff Williams, a celebrity in the cyber security space.... Shifting Left to Move Forward: Five Steps for Building an Effective Secure Code Review ProgramToday, nearly every company is a software company, resulting in an unbelievable amount of code that’s subject to security issues.... 5 Things You Didn’t Know a Project Manager Could DoWhen it comes to vulnerability management, the goal of the cyber security team is to identify, verify, and prioritize vulnerability remediation on internal, internet facing, and cloud-based IT... Introducing PTaaS+: Decreasing Your Organization’s Time to RemediationNetSPI is focused on creating the next generation of security testing. This month we’re expanding your options with our PTaaS+ plan.... TechTarget: How to hold Three Amigos meetings in Agile developmentOn October 22, NetSPI's Shyam Jha, SVP of Engineering was featured in TechTarget.... Cyber Security: How to Provide a Safe, Secure Space for People to WorkWhen it comes to cyber security training, less is more. Determine what is necessary and make it mandatory compliance training.... The Payment Card Industry: Innovation, Security Challenges, and Explosive GrowthIn a recent episode of Agent of Influence, Nabil Hannan talked with John Markh of the PCI Council.... Cyber Defense Magazine: 3 Steps to Reimagine Your AppSec ProgramOn October 7, NetSPI Managing Director Nabil Hannan and Product Manager Jake Reynolds were featured in Cyber Defense Magazine.... The Evolution of Security Frameworks and Key Factors that Affect Software DevelopmentIn a recent episode of Agent of Influence, I talked with Cassio Goldschmidt, Head of Information Security at ServiceTitan about the evolution of security frameworks... TechTarget: 3 common election security vulnerabilities pros should knowOn October 1, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... The Biggest Challenge Facing CISOs Today – and the Key to WinningIn a recent episode of Agent of Influence, Nabil Hannan talked with Miles Edmundson, a 30-year veteran in the IT and Information Security space.... Checklist: Getting the Most Value Out of Penetration Testing and Vulnerability ManagementYou have leadership buy-in to invest in a proactive cybersecurity program to better protect your organization from security breaches that could put your organization at grave risk.... How to Build a Cyber Security Team with Staying PowerData from the Bureau of Labor Statistics shows that information security professional employment is projected to grow 32% between 2018 and 2028... Q&A with Nabil Hannan: An Inside Look at Red Teaming CultureThe term ‘red teaming’ is said to be overly used in the cyber security industry, which is why the concept is often misunderstood and unclear.... Aligning Stakeholders, Protecting Against Malicious Insiders, and the Reality that Nothing is Purely Internal AnymoreWhen joining any new company and trying to build the security program, it’s important to listen and seek to understand the business’ goals and objectives.... Three Keys to Ensuring Application Security from a 40-Year Information Security VeteranAs is the case with any regulated industry, the insurance industry has long been driven by regulatory pressures that compel them to undertake security activities.... Four Ways Pentesting is Shifting to an “Always On” ApproachNo industry is safe from a cyberattack and last year’s long list of breach victims is testament to that.... Black Hat 2020: Highlights from the Virtual Conference; Calls to Action for the IndustryBlack Hat looked different this year as the security community gathered on the virtual stage, due to COVID-19 concerns.... TechTarget: What cybersecurity teams can learn from COVID-19On August 12, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Security Boulevard: 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next LevelOn August 11, NetSPI Managing Director Nabil Hannan was featured in Security Boulevard.... CIO.com: 4 hot project management trends — and 4 going coldOn August 4, NetSPI Vice President of Services Operations Nancy Bechthold was featured in CIO.com.... The Rise of DDoS Attacks and How to Stop ThemDistributed Denial of Service (DDoS) attacks have gained celebrity status during COVID-19.... Four Must-Have Elements of an Always-On Cyber Security ProgramLet’s face it. The chefs in our lives were right when preaching the “clean as you go” philosophy while cooking.... Cloud Security: What is it Really, Driving Forces Behind the Transition, and How to Get StartedIn a recent episode of Agent of Influence, Nabil Hannan talked with Mike Rothman, President of DisruptOps.... Focus on Context to Improve Your Incident Response Plan$8.19 million. That’s the average loss U.S. organizations face each year due to the damages of cyber security attacks, according to a Ponemon Institute study.... Dark Reading: Pen Testing ROI: How to Communicate the Value of Security TestingOn July 9, 2020, NetSPI Managing Director Nabil Hannan was featured in Dark Reading.... Building a Security Framework in a Compliance-Driven WorldDepending on the industry an organization is in, there are a multitude of specific, acronym-heavy rules, regulations, and frameworks which must be adhered to... Your Phone Really is Listening to You: The Evolution of Data Privacy, GDPR, and Why/How to Ensure ComplianceMy first long term job was in architecture and software development for a device, Blackberry, that put security first, so everything we were doing was privacy and security focused... COVID-19: Evaluating Security Implications of the Decisions Made to Enable a Remote WorkforceNabil Hannan was featured on the CU 2.0 podcast with host, Robert McGarvey, and talked about enabling a secure, remote workforce during COVID-19... Getting Started on Your Application Security JourneyIn order for an organization to have a successful Application Security Program, there needs to be a centralized governing team that’s responsible for all efforts.... TechTarget: Invest in new security talent with cybersecurity mentorshipsOn June 16, 2020, NetSPI Managing Director Nabil Hannan was featured in TechTarget.... Making the Case for Investing in Proactive Cyber Security TestingProactive or preventative cyber security testing continues to be an afterthought in today’s conversations around breach preparedness.... E-Commerce Trends During COVID-19 and Achieving PCI ComplianceBy this point it’s clear that organizations and every individual has to make changes and adapt their day-to-day activities based on the weeks of lock-down... Why Organizations Should Think More Holistically About Preparing for and Responding to a Security BreachIn a recent episode of Agent of Influence, Nabil Hannan talked with Sean Curran, Senior Director in West Monroe Partners’ Technology Practice in Chicago... Challenges and Keys to Success for Today’s CISO from the Former CISO at the CIAWhen I started as CISO of the CIA, no one really understood the role or what to do with the CISO. The government had mandated that every government agency had to have one... Dark Reading: Organizations Conduct App Penetration Tests More Frequently – and BroadlyOn May 13, 2020, NetSPI President and COO Aaron Shilts was featured in Dark Reading.... Credit Union Journal: Credit unions must step up cybersecurity during coronavirusOn May 13, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Journal.... Penetration Testing Paradox: Criteria for Evaluating Pentest ProvidersSince the mid 1960s, computer experts warned of the inevitability of bad actors trying to access information across computer lines... Overcoming Challenges of COVID-19 with Telemedicine and New Technology SolutionsIn a recent episode of Agent of Influence, Nabil Hannan talked with Anubhav Kaul, Chief Medical Officer at Mattapan Community Health Center near Boston... Zoom Vulnerabilities: Making Sense of it AllWe find ourselves abruptly switching to a work from home model with virtual meetings becoming the norm on videoconferencing services, like Zoom... Penetration Testing as a Service – Scaling to 50 Million VulnerabilitiesThe process of assessing third-party penetration testing vendors is the start of a long-term relationship that is core to your security testing program.... BAI Banking Strategies: Work from home presents a data security challenge for banksOn April 15, 2020, NetSPI Managing Director Nabil Hannan was featured in BAI Banking Strategies.... The Evolution of Cyber Security Education and How to Break into the IndustryIn the inaugural episode of NetSPI’s podcast, Agent of Influence, Managing Director and podcast host, Nabil Hannan talked with Ming Chow... Credit Union Times: Vulnerability Management Considerations for Credit Union M&AsOn April 8, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Times.... Through the Attacker’s Lens: What Is Visible on Your Perimeter?The Internet is a hacker’s playground. When a hacker is looking for targets to attack, they typically start with the weakest link they can find on the perimeter of a network... Staying Off the Hamster Wheel of Cloud Security PainIt all starts innocently enough. You engage with a trusted provider to perform a penetration test of your shiny new cloud-native application. And the penetration testers find stuff.... #WFH – Embracing the New Norm of Working From HomeA worldwide pandemic broke out, and your employer is asking you to work from home instead of coming into the office. Well, you’re not alone.... Keeping Your Organization Secure While Sending Your Employees to Work from HomeAll of a sudden, the world is facing a pandemic, and you are asking all your team members to work from home.... Staying Safe Online During the COVID-19 PandemicThere’s a reason why a computer virus is called a “virus” – they have many similarities with medical viruses (like COVID-19) that have a severe impact on your personal health.... Innovation and Consistency: The Right and Left Brain of Vulnerability ManagementPentesting has attracted a workforce filled with intensely creative and highly curious technical minds. Ironically, however, we see vulnerability management programs... Banking Dive: Banks engage in self-hacks to keep defenses sharpOn March 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive.... RSA 2020: Three Takeaways from the Halls of the Moscone CenterWe just returned from RSA Conference, and like every year, it did not disappoint in meeting its charter: “to be a driving force behind the world’s cybersecurity agenda... ABA Banking Journal: Go Hack YourselfOn Mar. 2, 2020, NetSPI President and COO Aaron Shilts was featured in ABA Banking Journal.... Why Do People Confuse “End-to-End Encryption” with “Security”?It is very common to hear people make blanket statements like “WhatsApp is secure,” but they rarely understand the actual security controls... What Is.com Word of the Day: Pentesting as a Service (PTaas)On Feb. 4, 2020, NetSPI Product Manager Jake Reynolds was featured in TechTarget’s WhatIs.com defining Pentesting as a Service.... Keep Pace with Evolving Attack Surfaces: Penetration Testing as a ServiceStudy after study shows that business leaders across the country place cybersecurity in their top concerns for 2020.... Three Things To Remember When Building Your InfoSec ProgramOver the past 20 years of working with companies of all sizes and ages, NetSPI has seen some of the best and worst infosec programs.... Six Ways to Increase the Business Relevance of Risk-Based ReportingWhen it comes to vulnerability and risk reporting, there’s a significant disconnect between what business stakeholders want and what the vast majority of security assessment and tool vendors provide.... Your Cloud Assets are Probably Not as Secure as You Think They AreDespite a plethora of available tools and resources, there are still many ways to configure cloud services incorrectly. According to a Wall Street Journal article published earlier this year, research and advisory firm Gartner Inc.... Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security PostureIn a report published by consulting firm West Monroe Partners, 40 percent of acquiring businesses said they discovered a high-risk security problem at an acquisition after a deal went through.... Make it Easy on the DevsSoftware development teams are often at odds with application security teams, specifically penetesting teams. In this post we explore why this happens and what five steps you can take to improve participation in security testing by the development team in your organizat... Five Signs Your Application Security Assessment Process Needs a RebootWith a process like the one above, your organization will struggle with delayed timelines and duplicate efforts. And because the process is manual, each step in your lifecycle is prone to human-error. In highly regulated industries, this wasteful approach consumes valua... Data Silos: Are They Really a Problem?Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios.... Recurring Vulnerability Management Challenges That Can’t Be IgnoredStories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years.... What’s Next and New with NetSPI ResolveHere at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year.... How to Streamline Pentest Data to Security OrchestrationPreviously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we're explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process.... Security Orchestration vs. Automation: What’s the Difference?In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it's also the solution.... Are You Flooded With Vulnerabilities?Do you have more vulnerabilities piling up than you can fix with current resources? Time to remediation lengthens as volume grows. Organizations that prioritize vulnerabilities based on risk will maximize security resources and results, so we recommend this five-phase p... Sign Up for Our Mailing List to Keep Up on the Latest From NetSPI
What Does Application Security “as a Service” Really Mean?Discover the value of application security as a service as a core part of your penetration testing program....Read More
How To Eliminate Friction Between Business and Cyber SecurityTop tips for keeping a business running efficiently while also implementing security controls, from MicroStrategy CISO Roshan Popal....
Star Tribune: Growth accelerates for Twin Cities cybersecurity businessesOn February 14, 2021, NetSPI President and CEO Aaron Shilts was featured in the Star Tribune....
The Need to Prevent Insider Threats, as Revealed by the SolarWinds Cyber Security BreachCISOs must prioritize efforts around preventing insider threats in the supply chain. Read this article to learn how to detect and prevent insider attacks....
SC Magazine: Rethink your cybersecurity resiliency using a risk-based strategyOn February 9, 2021, NetSPI's VP of Strategic Accounts Mary Braunwarth was featured in SC Magazine....
TechTarget: 5 cybersecurity lessons from the SolarWinds breachOn February 8, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Build Strong Relationships Between Development and Application Security Teams to Find and Fix Vulnerabilities FasterDevSecOps is a great theory but is only effective if these groups work together to develop the people, process, and technology needed to be effective....
AWS versus Azure Cloud Testing: Understanding the DifferencesIf your organization is currently leveraging the cloud, there’s a good chance you are either using Amazon Web Services (AWS) or Microsoft Azure....
TechTarget: Standardize cybersecurity terms to get everyone correct serviceOn January 22, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Lessons Learned From The Kubernetes Man-in-the-Middle VulnerabilityTwo things make this vulnerability interesting: first, it affects all versions of Kubernetes. Second, it cannot be patched....
Six Activities to Jump Start Your Application Security JourneyStart or refine your application security and pentesting journey with these six best practices from the cybersecurity experts at NetSPI....
One Take CEO Interviews: How NetSPI is Growing Despite Covid-19, PLUS 3 Things to Do Now to Protect Your DataOn January 5, 2021, NetSPI President and COO Aaron Shilts was featured on the podcast, One Take CEO Interviews with Dale Kurschner....
Four Application Security Myths – DebunkedApplication Security is a crucial component to all software development today. At least, it should be as cyber security concerns continue to grow...
SC Magazine: From diversity efforts to pandemic recovery, workforce issues will evolve in 2021On January 4, 2021, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine....
SC Magazine: 2021 strategy predictions: Shifts in business models, shifts in security prioritiesOn December 30, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine....
SC Magazine: 2021 tech predictions: The conceptual gets realOn December 28, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine....
FireEye, SolarWinds, U.S. Treasury: What’s Happening in the Cyber Security World Right Now?As we write this post, you’ve likely heard about the FireEye and U.S. government agency breaches that occurred over the past week...
TechTarget: 3 reasons why CISOs should collaborate more with CFOsOn December 11, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Trimarc: Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active DirectoryOn December 10, NetSPI Security Consultant Jake Karnes was featured in Trimarc....
Bleeping Computer: Windows Kerberos Bronze Bit attack gets public exploit, patch nowOn December 10, NetSPI Security Consultant Jake Karnes was featured in Bleeping Computer....
ZDNet: Proof-of-concept exploit code published for new Kerberos Bronze Bit attackOn December 10, NetSPI Security Consultant Jake Karnes was featured in ZDNet....
Introducing PTaaS Pro: The Smart Solution to Penetrating Testing and Vulnerability ManagementDuring our penetration testing engagements, we frequently hear from clients that it is difficult to manage the large volume of vulnerabilities we discover...
What Not to Do When Ingesting and Prioritizing Vulnerability Data for RemediationI should have known better... It was too late; the scanner tool was on a mission to dump megabytes of data into a spreadsheet and there was nothing I could do to cancel it....
Healthcare’s Guide to Ryuk Ransomware: Advice for Prevention and RemediationMaking its debut in 2018, the Ryuk ransomware strand has wreaked havoc on hundreds of businesses and is responsible for one-third of all ransomware attacks that took place in 2020....
The Power of Instrumentation to Automate Components of Vulnerability Testing – from the Creator of IASTIn a recent episode of Agent of Influence, I talked with Jeff Williams, a celebrity in the cyber security space....
Shifting Left to Move Forward: Five Steps for Building an Effective Secure Code Review ProgramToday, nearly every company is a software company, resulting in an unbelievable amount of code that’s subject to security issues....
5 Things You Didn’t Know a Project Manager Could DoWhen it comes to vulnerability management, the goal of the cyber security team is to identify, verify, and prioritize vulnerability remediation on internal, internet facing, and cloud-based IT...
Introducing PTaaS+: Decreasing Your Organization’s Time to RemediationNetSPI is focused on creating the next generation of security testing. This month we’re expanding your options with our PTaaS+ plan....
TechTarget: How to hold Three Amigos meetings in Agile developmentOn October 22, NetSPI's Shyam Jha, SVP of Engineering was featured in TechTarget....
Cyber Security: How to Provide a Safe, Secure Space for People to WorkWhen it comes to cyber security training, less is more. Determine what is necessary and make it mandatory compliance training....
The Payment Card Industry: Innovation, Security Challenges, and Explosive GrowthIn a recent episode of Agent of Influence, Nabil Hannan talked with John Markh of the PCI Council....
Cyber Defense Magazine: 3 Steps to Reimagine Your AppSec ProgramOn October 7, NetSPI Managing Director Nabil Hannan and Product Manager Jake Reynolds were featured in Cyber Defense Magazine....
The Evolution of Security Frameworks and Key Factors that Affect Software DevelopmentIn a recent episode of Agent of Influence, I talked with Cassio Goldschmidt, Head of Information Security at ServiceTitan about the evolution of security frameworks...
TechTarget: 3 common election security vulnerabilities pros should knowOn October 1, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
The Biggest Challenge Facing CISOs Today – and the Key to WinningIn a recent episode of Agent of Influence, Nabil Hannan talked with Miles Edmundson, a 30-year veteran in the IT and Information Security space....
Checklist: Getting the Most Value Out of Penetration Testing and Vulnerability ManagementYou have leadership buy-in to invest in a proactive cybersecurity program to better protect your organization from security breaches that could put your organization at grave risk....
How to Build a Cyber Security Team with Staying PowerData from the Bureau of Labor Statistics shows that information security professional employment is projected to grow 32% between 2018 and 2028...
Q&A with Nabil Hannan: An Inside Look at Red Teaming CultureThe term ‘red teaming’ is said to be overly used in the cyber security industry, which is why the concept is often misunderstood and unclear....
Aligning Stakeholders, Protecting Against Malicious Insiders, and the Reality that Nothing is Purely Internal AnymoreWhen joining any new company and trying to build the security program, it’s important to listen and seek to understand the business’ goals and objectives....
Three Keys to Ensuring Application Security from a 40-Year Information Security VeteranAs is the case with any regulated industry, the insurance industry has long been driven by regulatory pressures that compel them to undertake security activities....
Four Ways Pentesting is Shifting to an “Always On” ApproachNo industry is safe from a cyberattack and last year’s long list of breach victims is testament to that....
Black Hat 2020: Highlights from the Virtual Conference; Calls to Action for the IndustryBlack Hat looked different this year as the security community gathered on the virtual stage, due to COVID-19 concerns....
TechTarget: What cybersecurity teams can learn from COVID-19On August 12, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Security Boulevard: 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next LevelOn August 11, NetSPI Managing Director Nabil Hannan was featured in Security Boulevard....
CIO.com: 4 hot project management trends — and 4 going coldOn August 4, NetSPI Vice President of Services Operations Nancy Bechthold was featured in CIO.com....
The Rise of DDoS Attacks and How to Stop ThemDistributed Denial of Service (DDoS) attacks have gained celebrity status during COVID-19....
Four Must-Have Elements of an Always-On Cyber Security ProgramLet’s face it. The chefs in our lives were right when preaching the “clean as you go” philosophy while cooking....
Cloud Security: What is it Really, Driving Forces Behind the Transition, and How to Get StartedIn a recent episode of Agent of Influence, Nabil Hannan talked with Mike Rothman, President of DisruptOps....
Focus on Context to Improve Your Incident Response Plan$8.19 million. That’s the average loss U.S. organizations face each year due to the damages of cyber security attacks, according to a Ponemon Institute study....
Dark Reading: Pen Testing ROI: How to Communicate the Value of Security TestingOn July 9, 2020, NetSPI Managing Director Nabil Hannan was featured in Dark Reading....
Building a Security Framework in a Compliance-Driven WorldDepending on the industry an organization is in, there are a multitude of specific, acronym-heavy rules, regulations, and frameworks which must be adhered to...
Your Phone Really is Listening to You: The Evolution of Data Privacy, GDPR, and Why/How to Ensure ComplianceMy first long term job was in architecture and software development for a device, Blackberry, that put security first, so everything we were doing was privacy and security focused...
COVID-19: Evaluating Security Implications of the Decisions Made to Enable a Remote WorkforceNabil Hannan was featured on the CU 2.0 podcast with host, Robert McGarvey, and talked about enabling a secure, remote workforce during COVID-19...
Getting Started on Your Application Security JourneyIn order for an organization to have a successful Application Security Program, there needs to be a centralized governing team that’s responsible for all efforts....
TechTarget: Invest in new security talent with cybersecurity mentorshipsOn June 16, 2020, NetSPI Managing Director Nabil Hannan was featured in TechTarget....
Making the Case for Investing in Proactive Cyber Security TestingProactive or preventative cyber security testing continues to be an afterthought in today’s conversations around breach preparedness....
E-Commerce Trends During COVID-19 and Achieving PCI ComplianceBy this point it’s clear that organizations and every individual has to make changes and adapt their day-to-day activities based on the weeks of lock-down...
Why Organizations Should Think More Holistically About Preparing for and Responding to a Security BreachIn a recent episode of Agent of Influence, Nabil Hannan talked with Sean Curran, Senior Director in West Monroe Partners’ Technology Practice in Chicago...
Challenges and Keys to Success for Today’s CISO from the Former CISO at the CIAWhen I started as CISO of the CIA, no one really understood the role or what to do with the CISO. The government had mandated that every government agency had to have one...
Dark Reading: Organizations Conduct App Penetration Tests More Frequently – and BroadlyOn May 13, 2020, NetSPI President and COO Aaron Shilts was featured in Dark Reading....
Credit Union Journal: Credit unions must step up cybersecurity during coronavirusOn May 13, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Journal....
Penetration Testing Paradox: Criteria for Evaluating Pentest ProvidersSince the mid 1960s, computer experts warned of the inevitability of bad actors trying to access information across computer lines...
Overcoming Challenges of COVID-19 with Telemedicine and New Technology SolutionsIn a recent episode of Agent of Influence, Nabil Hannan talked with Anubhav Kaul, Chief Medical Officer at Mattapan Community Health Center near Boston...
Zoom Vulnerabilities: Making Sense of it AllWe find ourselves abruptly switching to a work from home model with virtual meetings becoming the norm on videoconferencing services, like Zoom...
Penetration Testing as a Service – Scaling to 50 Million VulnerabilitiesThe process of assessing third-party penetration testing vendors is the start of a long-term relationship that is core to your security testing program....
BAI Banking Strategies: Work from home presents a data security challenge for banksOn April 15, 2020, NetSPI Managing Director Nabil Hannan was featured in BAI Banking Strategies....
The Evolution of Cyber Security Education and How to Break into the IndustryIn the inaugural episode of NetSPI’s podcast, Agent of Influence, Managing Director and podcast host, Nabil Hannan talked with Ming Chow...
Credit Union Times: Vulnerability Management Considerations for Credit Union M&AsOn April 8, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Times....
Through the Attacker’s Lens: What Is Visible on Your Perimeter?The Internet is a hacker’s playground. When a hacker is looking for targets to attack, they typically start with the weakest link they can find on the perimeter of a network...
Staying Off the Hamster Wheel of Cloud Security PainIt all starts innocently enough. You engage with a trusted provider to perform a penetration test of your shiny new cloud-native application. And the penetration testers find stuff....
#WFH – Embracing the New Norm of Working From HomeA worldwide pandemic broke out, and your employer is asking you to work from home instead of coming into the office. Well, you’re not alone....
Keeping Your Organization Secure While Sending Your Employees to Work from HomeAll of a sudden, the world is facing a pandemic, and you are asking all your team members to work from home....
Staying Safe Online During the COVID-19 PandemicThere’s a reason why a computer virus is called a “virus” – they have many similarities with medical viruses (like COVID-19) that have a severe impact on your personal health....
Innovation and Consistency: The Right and Left Brain of Vulnerability ManagementPentesting has attracted a workforce filled with intensely creative and highly curious technical minds. Ironically, however, we see vulnerability management programs...
Banking Dive: Banks engage in self-hacks to keep defenses sharpOn March 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive....
RSA 2020: Three Takeaways from the Halls of the Moscone CenterWe just returned from RSA Conference, and like every year, it did not disappoint in meeting its charter: “to be a driving force behind the world’s cybersecurity agenda...
ABA Banking Journal: Go Hack YourselfOn Mar. 2, 2020, NetSPI President and COO Aaron Shilts was featured in ABA Banking Journal....
Why Do People Confuse “End-to-End Encryption” with “Security”?It is very common to hear people make blanket statements like “WhatsApp is secure,” but they rarely understand the actual security controls...
What Is.com Word of the Day: Pentesting as a Service (PTaas)On Feb. 4, 2020, NetSPI Product Manager Jake Reynolds was featured in TechTarget’s WhatIs.com defining Pentesting as a Service....
Keep Pace with Evolving Attack Surfaces: Penetration Testing as a ServiceStudy after study shows that business leaders across the country place cybersecurity in their top concerns for 2020....
Three Things To Remember When Building Your InfoSec ProgramOver the past 20 years of working with companies of all sizes and ages, NetSPI has seen some of the best and worst infosec programs....
Six Ways to Increase the Business Relevance of Risk-Based ReportingWhen it comes to vulnerability and risk reporting, there’s a significant disconnect between what business stakeholders want and what the vast majority of security assessment and tool vendors provide....
Your Cloud Assets are Probably Not as Secure as You Think They AreDespite a plethora of available tools and resources, there are still many ways to configure cloud services incorrectly. According to a Wall Street Journal article published earlier this year, research and advisory firm Gartner Inc....
Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security PostureIn a report published by consulting firm West Monroe Partners, 40 percent of acquiring businesses said they discovered a high-risk security problem at an acquisition after a deal went through....
Make it Easy on the DevsSoftware development teams are often at odds with application security teams, specifically penetesting teams. In this post we explore why this happens and what five steps you can take to improve participation in security testing by the development team in your organizat...
Five Signs Your Application Security Assessment Process Needs a RebootWith a process like the one above, your organization will struggle with delayed timelines and duplicate efforts. And because the process is manual, each step in your lifecycle is prone to human-error. In highly regulated industries, this wasteful approach consumes valua...
Data Silos: Are They Really a Problem?Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios....
Recurring Vulnerability Management Challenges That Can’t Be IgnoredStories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years....
What’s Next and New with NetSPI ResolveHere at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year....
How to Streamline Pentest Data to Security OrchestrationPreviously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we're explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process....
Security Orchestration vs. Automation: What’s the Difference?In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it's also the solution....
Are You Flooded With Vulnerabilities?Do you have more vulnerabilities piling up than you can fix with current resources? Time to remediation lengthens as volume grows. Organizations that prioritize vulnerabilities based on risk will maximize security resources and results, so we recommend this five-phase p...