The Differences Between Audits, Security Assessments and Penetration Tests

We live and work in a world where malicious activity and cyber crime run rampant.  While online fraud and data theft have existed since the origin of the internet, never before has it seemed to be as pervasive as it is today.  Every day there seems to be a new headline about ‘XYZ Company’ coming under attack or having a massive data breach occur.  On top of that, in the…

From the Office of the CTO: Building Effective Insider Threat Programs

Three Short Stories To begin this latest post and in order to properly frame the Insider Threat conversation, rather than use obscure statistics in an effort to convince you that you should be suspicious of all your employees and coworkers, I think it is much more effective to tell you a few stories. None of these stories come from my clients and none of this information is privileged. You can…

The Importance of Data Security and Insider Threat Programs in Mergers and Acquisitions

Mergers and acquisitions have become an important part of many organizations’ growth strategy. In most large transactions, countless hours are spent on due diligence, whether that due diligence is related to the financial health of the company, compliance with applicable regulations, or a variety of risk factors. Refreshingly, cybersecurity has emerged as a risk factor that is getting significant attention as part of the due diligence process. However, there is…

Research and Development into Commercial and Domestic Alarm Systems

As part of my Radio Frequency research, I wanted to not only look at vehicles but also household name burglar alarm systems.  To that end I decided to look at three main manufacturer types that seemed to take a large portion of the market share. My findings concerned me, especially how some of them were trivial to bypass and disarm.  One of the alarms did come out on top, however,…

Why Identifying and Protecting Critical Information Assets Should be a Foundational Element of your Security Program

The digital world has become a scary place, one which many people fear, and one in which few organizations feel they are adequately protected. Every day, there is more news about breaches, new threats, zero day attacks, adversarial groups, and a barrage of new technologies that claim to solve all of these problems. Some of the technologies are very good, logical extensions to the security platforms we already have in…

From the CTO’s Office: The Fallacy of End-to-End Encryption

RSA 2017 was, as always at InteliSecure, a very busy week that has the distinct possibility of disappearing into a blur of meetings, lunches, dinners and happy hours. During these events, I had the distinct pleasure of speaking with a group of smart, talented and influential people. One such discussion sparked a conversation about the disturbing trend of end-to-end encryption from any client to any destination that makes it increasingly…

Addressing the IT Skills Gap Part V: Deepening the Talent Pool

In order to strengthen the average talent in the cybersecurity labor market, we first need to address a major problem that faces the cybersecurity sector. Cybersecurity as a career field is overwhelmingly male and overwhelmingly Caucasian. In fact, according to a recent article from bankinfosecurityt.com citing government statistics, “Whites, who account for about 80 percent of the American workforce, make up 70 percent of the IT security workforce. About 7…

Addressing the IT Skills Gap Part IV: Utilizing Managed Security Services

By Jeremy Wittkop, InteliSecure CTO My previous posts have touched on hiring and cultivating talent as two of the three main strategies organizations can employ to build their cybersecurity team. Hiring well is difficult and time consuming even when cybersecurity hiring is your primary responsibility and when your business is cybersecurity. However, most people hiring cybersecurity professionals are in the business of doing something else, which makes the task of…