This is part of my occasional series on security consultants and how best to employ them.
Security consulting operations come in the standard small, medium and large sizes. Small shops are less than 30 consultants, medium 31-200, large 201+.
Small shops: Sometimes known as boutique firms or lifestyle firms (since the people that run them take jobs [...]
Entries Tagged as 'Security Industry'
Security Consultant Hacks: Size Matters
December 19th, 2007 ·
Tags: Security · Security Industry
Tiger Team on CourtTV
December 18th, 2007 ·
This should be fun to watch, kinda like watching a train wreck. “Tiger Team” is a new “reality” series where the follow a security team as they try to break into some corporations network/property and make off with the goods.
I am going to go out on a limb and say they always get in. I [...]
Tags: Security Industry
Top 10 “Underground” Security Resources
December 17th, 2007 ·
Not underground like the Russian Business Network but not as well known as some people think. These sites and conferences will be well known to some but I am amazed that everyone does not know about them. You are uber cool if you know about them all!
2600 – An oldie but a goodie. 2600 [...]
Tags: Reviews · Security · Security Industry
Presentations from ClubHack
December 15th, 2007 ·
The presentations from ClubHack have been posted. I did not attend this conference but the presentations look pretty good.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Tags: Security · Security Industry
PCI Sets the Ceiling Not the Floor
December 7th, 2007 ·
I was somewhat surprised to read this post from RSnake about how good PCI is for business. I have to disagree with him. While I agree that PCI sometimes sets a floor for a minimum is also sets a ceiling for a vast majority of organizations.
PCI compliance has become the must have for any organization [...]
Tags: Security Industry
TJMax offers banks $41 million, says My Bad
December 2nd, 2007 ·
TJ Max offers banks $41 million to settle it’s credit card breach issues. Also in a strange twist, the PCI council wants TJ Max to join their vendor group. I guess TJ Max can explain how NOT to do things to the other merchants.
If you enjoyed this post, make sure you subscribe to my [...]
Tags: Security · Security Industry
Source Code Scanning is Dead
November 20th, 2007 ·
I sat through a demo of some source code scanning technology yesterday and about halfway through it hit me. Source code scanning is dead, but no one has realized it yet. Well maybe not dead, since dead would it imply it was alive one time, and that was never really proven to be the case.
Specifically [...]
Tags: Security · Security Industry
Penetration Test vs. Assessment
November 13th, 2007 ·
This terminology has always been a peeve of mine. People asking for a penetration test rarely want an actual penetration test. This is what a penetration test is:
Find a vulnerability, any vulnerability and exploit it to reach your target.
Basically you are hiring someone to break into your system, to prove someone can break into your [...]
Tags: Security · Security Industry
Is Your Security Consultant Hacking You?
November 11th, 2007 ·
I am surprised I didn’t think of this! This security consultant was not satisfied with a high bill rate so he installed Trojans on his clients machines and stole their PayPal usernames and passwords. He had command of a 250,000 node botnet according to authorities so he must have had a lot of [...]
Tags: Security Industry
McAfee Acquires ScanAlert, I Go WTF?!?!?
October 31st, 2007 ·
Ok I didn’t see this one coming but when I think about it, it makes some sense. On one side you have Scam ScanAlert, which has a pretty widespread reputation as being a low quality security tool with a high quality marketing plugin attached. The on the other side you have McAfee where all [...]
Tags: Security Industry
