Executive Blog

What Does Application Security “as a Service” Really Mean?

Discover the value of application security as a service as a core part of your penetration testing program....

How To Eliminate Friction Between Business and Cyber Security

Top tips for keeping a business running efficiently while also implementing security controls, from MicroStrategy CISO Roshan Popal....

Star Tribune: Growth accelerates for Twin Cities cybersecurity businesses

On February 14, 2021, NetSPI President and CEO Aaron Shilts was featured in the Star Tribune....

The Need to Prevent Insider Threats, as Revealed by the SolarWinds Cyber Security Breach

CISOs must prioritize efforts around preventing insider threats in the supply chain. Read this article to learn how to detect and prevent insider attacks....

SC Magazine: Rethink your cybersecurity resiliency using a risk-based strategy

On February 9, 2021, NetSPI's VP of Strategic Accounts Mary Braunwarth was featured in SC Magazine....

TechTarget: 5 cybersecurity lessons from the SolarWinds breach

On February 8, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget....

Build Strong Relationships Between Development and Application Security Teams to Find and Fix Vulnerabilities Faster

DevSecOps is a great theory but is only effective if these groups work together to develop the people, process, and technology needed to be effective....

AWS versus Azure Cloud Testing: Understanding the Differences

If your organization is currently leveraging the cloud, there’s a good chance you are either using Amazon Web Services (AWS) or Microsoft Azure....

TechTarget: Standardize cybersecurity terms to get everyone correct service

On January 22, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget....

Lessons Learned From The Kubernetes Man-in-the-Middle Vulnerability

Two things make this vulnerability interesting: first, it affects all versions of Kubernetes. Second, it cannot be patched....

Six Activities to Jump Start Your Application Security Journey

Start or refine your application security and pentesting journey with these six best practices from the cybersecurity experts at NetSPI....

One Take CEO Interviews: How NetSPI is Growing Despite Covid-19, PLUS 3 Things to Do Now to Protect Your Data

On January 5, 2021, NetSPI President and COO Aaron Shilts was featured on the podcast, One Take CEO Interviews with Dale Kurschner....

Four Application Security Myths – Debunked

Application Security is a crucial component to all software development today. At least, it should be as cyber security concerns continue to grow...

SC Magazine: From diversity efforts to pandemic recovery, workforce issues will evolve in 2021

On January 4, 2021, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine....

SC Magazine: 2021 strategy predictions: Shifts in business models, shifts in security priorities

On December 30, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine....

SC Magazine: 2021 tech predictions: The conceptual gets real

On December 28, NetSPI Managing Director Florindo Gallicchio was featured in SC Magazine....

FireEye, SolarWinds, U.S. Treasury: What’s Happening in the Cyber Security World Right Now?

As we write this post, you’ve likely heard about the FireEye and U.S. government agency breaches that occurred over the past week...

TechTarget: 3 reasons why CISOs should collaborate more with CFOs

On December 11, NetSPI Managing Director Nabil Hannan was featured in TechTarget....

Trimarc: Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory

On December 10, NetSPI Security Consultant Jake Karnes was featured in Trimarc....

Bleeping Computer: Windows Kerberos Bronze Bit attack gets public exploit, patch now

On December 10, NetSPI Security Consultant Jake Karnes was featured in Bleeping Computer....

ZDNet: Proof-of-concept exploit code published for new Kerberos Bronze Bit attack

On December 10, NetSPI Security Consultant Jake Karnes was featured in ZDNet....

Introducing PTaaS Pro: The Smart Solution to Penetrating Testing and Vulnerability Management

During our penetration testing engagements, we frequently hear from clients that it is difficult to manage the large volume of vulnerabilities we discover...

What Not to Do When Ingesting and Prioritizing Vulnerability Data for Remediation

I should have known better... It was too late; the scanner tool was on a mission to dump megabytes of data into a spreadsheet and there was nothing I could do to cancel it....

Healthcare’s Guide to Ryuk Ransomware: Advice for Prevention and Remediation

Making its debut in 2018, the Ryuk ransomware strand has wreaked havoc on hundreds of businesses and is responsible for one-third of all ransomware attacks that took place in 2020....

The Power of Instrumentation to Automate Components of Vulnerability Testing – from the Creator of IAST

In a recent episode of Agent of Influence, I talked with Jeff Williams, a celebrity in the cyber security space....

Shifting Left to Move Forward: Five Steps for Building an Effective Secure Code Review Program

Today, nearly every company is a software company, resulting in an unbelievable amount of code that’s subject to security issues....

5 Things You Didn’t Know a Project Manager Could Do

When it comes to vulnerability management, the goal of the cyber security team is to identify, verify, and prioritize vulnerability remediation on internal, internet facing, and cloud-based IT...

Introducing PTaaS+: Decreasing Your Organization’s Time to Remediation

NetSPI is focused on creating the next generation of security testing. This month we’re expanding your options with our PTaaS+ plan....

TechTarget: How to hold Three Amigos meetings in Agile development

On October 22, NetSPI's Shyam Jha, SVP of Engineering was featured in TechTarget....

Cyber Security: How to Provide a Safe, Secure Space for People to Work

When it comes to cyber security training, less is more. Determine what is necessary and make it mandatory compliance training....

The Payment Card Industry: Innovation, Security Challenges, and Explosive Growth

In a recent episode of Agent of Influence, Nabil Hannan talked with John Markh of the PCI Council....

Cyber Defense Magazine: 3 Steps to Reimagine Your AppSec Program

On October 7, NetSPI Managing Director Nabil Hannan and Product Manager Jake Reynolds were featured in Cyber Defense Magazine....

The Evolution of Security Frameworks and Key Factors that Affect Software Development

In a recent episode of Agent of Influence, I talked with Cassio Goldschmidt, Head of Information Security at ServiceTitan about the evolution of security frameworks...

TechTarget: 3 common election security vulnerabilities pros should know

On October 1, NetSPI Managing Director Nabil Hannan was featured in TechTarget....

The Biggest Challenge Facing CISOs Today – and the Key to Winning

In a recent episode of Agent of Influence, Nabil Hannan talked with Miles Edmundson, a 30-year veteran in the IT and Information Security space....

Checklist: Getting the Most Value Out of Penetration Testing and Vulnerability Management

You have leadership buy-in to invest in a proactive cybersecurity program to better protect your organization from security breaches that could put your organization at grave risk....

How to Build a Cyber Security Team with Staying Power

Data from the Bureau of Labor Statistics shows that information security professional employment is projected to grow 32% between 2018 and 2028...

Q&A with Nabil Hannan: An Inside Look at Red Teaming Culture

The term ‘red teaming’ is said to be overly used in the cyber security industry, which is why the concept is often misunderstood and unclear....

Aligning Stakeholders, Protecting Against Malicious Insiders, and the Reality that Nothing is Purely Internal Anymore

When joining any new company and trying to build the security program, it’s important to listen and seek to understand the business’ goals and objectives....

Three Keys to Ensuring Application Security from a 40-Year Information Security Veteran

As is the case with any regulated industry, the insurance industry has long been driven by regulatory pressures that compel them to undertake security activities....

Four Ways Pentesting is Shifting to an “Always On” Approach

No industry is safe from a cyberattack and last year’s long list of breach victims is testament to that....

Black Hat 2020: Highlights from the Virtual Conference; Calls to Action for the Industry

Black Hat looked different this year as the security community gathered on the virtual stage, due to COVID-19 concerns....

TechTarget: What cybersecurity teams can learn from COVID-19

On August 12, NetSPI Managing Director Nabil Hannan was featured in TechTarget....

Security Boulevard: 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next Level

On August 11, NetSPI Managing Director Nabil Hannan was featured in Security Boulevard....

CIO.com: 4 hot project management trends — and 4 going cold

On August 4, NetSPI Vice President of Services Operations Nancy Bechthold was featured in CIO.com....

The Rise of DDoS Attacks and How to Stop Them

Distributed Denial of Service (DDoS) attacks have gained celebrity status during COVID-19....

Four Must-Have Elements of an Always-On Cyber Security Program

Let’s face it. The chefs in our lives were right when preaching the “clean as you go” philosophy while cooking....

Cloud Security: What is it Really, Driving Forces Behind the Transition, and How to Get Started

In a recent episode of Agent of Influence, Nabil Hannan talked with Mike Rothman, President of DisruptOps....

Focus on Context to Improve Your Incident Response Plan

$8.19 million. That’s the average loss U.S. organizations face each year due to the damages of cyber security attacks, according to a Ponemon Institute study....

Dark Reading: Pen Testing ROI: How to Communicate the Value of Security Testing

On July 9, 2020, NetSPI Managing Director Nabil Hannan was featured in Dark Reading....

Building a Security Framework in a Compliance-Driven World

Depending on the industry an organization is in, there are a multitude of specific, acronym-heavy rules, regulations, and frameworks which must be adhered to...

Your Phone Really is Listening to You: The Evolution of Data Privacy, GDPR, and Why/How to Ensure Compliance

My first long term job was in architecture and software development for a device, Blackberry, that put security first, so everything we were doing was privacy and security focused...

COVID-19: Evaluating Security Implications of the Decisions Made to Enable a Remote Workforce

Nabil Hannan was featured on the CU 2.0 podcast with host, Robert McGarvey, and talked about enabling a secure, remote workforce during COVID-19...

Getting Started on Your Application Security Journey

In order for an organization to have a successful Application Security Program, there needs to be a centralized governing team that’s responsible for all efforts....

TechTarget: Invest in new security talent with cybersecurity mentorships

On June 16, 2020, NetSPI Managing Director Nabil Hannan was featured in TechTarget....

Making the Case for Investing in Proactive Cyber Security Testing

Proactive or preventative cyber security testing continues to be an afterthought in today’s conversations around breach preparedness....

E-Commerce Trends During COVID-19 and Achieving PCI Compliance

By this point it’s clear that organizations and every individual has to make changes and adapt their day-to-day activities based on the weeks of lock-down...

Why Organizations Should Think More Holistically About Preparing for and Responding to a Security Breach

In a recent episode of Agent of Influence, Nabil Hannan talked with Sean Curran, Senior Director in West Monroe Partners’ Technology Practice in Chicago...

Challenges and Keys to Success for Today’s CISO from the Former CISO at the CIA

When I started as CISO of the CIA, no one really understood the role or what to do with the CISO. The government had mandated that every government agency had to have one...

Dark Reading: Organizations Conduct App Penetration Tests More Frequently – and Broadly

On May 13, 2020, NetSPI President and COO Aaron Shilts was featured in Dark Reading....

Credit Union Journal: Credit unions must step up cybersecurity during coronavirus

On May 13, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Journal....

Penetration Testing Paradox: Criteria for Evaluating Pentest Providers

Since the mid 1960s, computer experts warned of the inevitability of bad actors trying to access information across computer lines...

Overcoming Challenges of COVID-19 with Telemedicine and New Technology Solutions

In a recent episode of Agent of Influence, Nabil Hannan talked with Anubhav Kaul, Chief Medical Officer at Mattapan Community Health Center near Boston...

Zoom Vulnerabilities: Making Sense of it All

We find ourselves abruptly switching to a work from home model with virtual meetings becoming the norm on videoconferencing services, like Zoom...

Penetration Testing as a Service – Scaling to 50 Million Vulnerabilities

The process of assessing third-party penetration testing vendors is the start of a long-term relationship that is core to your security testing program....

BAI Banking Strategies: Work from home presents a data security challenge for banks

On April 15, 2020, NetSPI Managing Director Nabil Hannan was featured in BAI Banking Strategies....

The Evolution of Cyber Security Education and How to Break into the Industry

In the inaugural episode of NetSPI’s podcast, Agent of Influence, Managing Director and podcast host, Nabil Hannan talked with Ming Chow...

Credit Union Times: Vulnerability Management Considerations for Credit Union M&As

On April 8, 2020, NetSPI Managing Director Nabil Hannan was featured in Credit Union Times....

Through the Attacker’s Lens: What Is Visible on Your Perimeter?

The Internet is a hacker’s playground. When a hacker is looking for targets to attack, they typically start with the weakest link they can find on the perimeter of a network...

Staying Off the Hamster Wheel of Cloud Security Pain

It all starts innocently enough. You engage with a trusted provider to perform a penetration test of your shiny new cloud-native application. And the penetration testers find stuff....

#WFH – Embracing the New Norm of Working From Home

A worldwide pandemic broke out, and your employer is asking you to work from home instead of coming into the office. Well, you’re not alone....

Keeping Your Organization Secure While Sending Your Employees to Work from Home

All of a sudden, the world is facing a pandemic, and you are asking all your team members to work from home....

Staying Safe Online During the COVID-19 Pandemic

There’s a reason why a computer virus is called a “virus” – they have many similarities with medical viruses (like COVID-19) that have a severe impact on your personal health....

Innovation and Consistency: The Right and Left Brain of Vulnerability Management

Pentesting has attracted a workforce filled with intensely creative and highly curious technical minds. Ironically, however, we see vulnerability management programs...

Banking Dive: Banks engage in self-hacks to keep defenses sharp

On March 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive....

RSA 2020: Three Takeaways from the Halls of the Moscone Center

We just returned from RSA Conference, and like every year, it did not disappoint in meeting its charter: “to be a driving force behind the world’s cybersecurity agenda...

ABA Banking Journal: Go Hack Yourself

On Mar. 2, 2020, NetSPI President and COO Aaron Shilts was featured in ABA Banking Journal....

Why Do People Confuse “End-to-End Encryption” with “Security”?

It is very common to hear people make blanket statements like “WhatsApp is secure,” but they rarely understand the actual security controls...

What Is.com Word of the Day: Pentesting as a Service (PTaas)

On Feb. 4, 2020, NetSPI Product Manager Jake Reynolds was featured in TechTarget’s WhatIs.com defining Pentesting as a Service....

Keep Pace with Evolving Attack Surfaces: Penetration Testing as a Service

Study after study shows that business leaders across the country place cybersecurity in their top concerns for 2020....

Three Things To Remember When Building Your InfoSec Program

Over the past 20 years of working with companies of all sizes and ages, NetSPI has seen some of the best and worst infosec programs....

Six Ways to Increase the Business Relevance of Risk-Based Reporting

When it comes to vulnerability and risk reporting, there’s a significant disconnect between what business stakeholders want and what the vast majority of security assessment and tool vendors provide....

Your Cloud Assets are Probably Not as Secure as You Think They Are

Despite a plethora of available tools and resources, there are still many ways to configure cloud services incorrectly. According to a Wall Street Journal article published earlier this year, research and advisory firm Gartner Inc....

Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security Posture

In a report published by consulting firm West Monroe Partners, 40 percent of acquiring businesses said they discovered a high-risk security problem at an acquisition after a deal went through....

Make it Easy on the Devs

Software development teams are often at odds with application security teams, specifically penetesting teams. In this post we explore why this happens and what five steps you can take to improve participation in security testing by the development team in your organizat...

Five Signs Your Application Security Assessment Process Needs a Reboot

With a process like the one above, your organization will struggle with delayed timelines and duplicate efforts. And because the process is manual, each step in your lifecycle is prone to human-error. In highly regulated industries, this wasteful approach consumes valua...

Data Silos: Are They Really a Problem?

Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios....

Recurring Vulnerability Management Challenges That Can’t Be Ignored

Stories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years....

What’s Next and New with NetSPI Resolve

Here at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year....

How to Streamline Pentest Data to Security Orchestration

Previously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we're explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process....

Security Orchestration vs. Automation: What’s the Difference?

In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it's also the solution....

Are You Flooded With Vulnerabilities?

Do you have more vulnerabilities piling up than you can fix with current resources? Time to remediation lengthens as volume grows. Organizations that prioritize vulnerabilities based on risk will maximize security resources and results, so we recommend this five-phase p...