Contact
icon / CASE STUDY Created with Sketch.
Case Study

Asset Owner Identification Automation for Vulnerability Management

A major Communications & Media company faced a large number of long-lived vulnerabilities in their service delivery network for which the asset owner was unknown. Without an asset owner for whom to turn for remediation, each day the situation was going from bad to worse. Their existing manual ownership identification processes were hopelessly overwhelmed by […]

Read More
icon / insight Created with Sketch.
Insight

Should a CISO be Better at Automation than Security?

As the story goes, and more recently popularized in the movie The Founder, Ray Kroc was speaking to a class at Harvard when asked “What business is McDonalds in?” “Restaurants!” “Hospitality!” “Supply Chain!” “Franchising!” “Entertainment!” “No!” Ray laughed and replied to each student. “Ladies and gentlemen, I’m not in the hamburger business. My business is real estate.” This […]

Read More
icon / insight Created with Sketch.
Insight

Industry Evolution of Modern Vulnerability Management

Vulnerability Management as a function has been around as long as we’ve had sophisticated IT and security organizations. Yet the overall scope and responsibilities of that function have morphed considerably over the past decade. Many organizations used to use a very narrow definition of vulnerability and simply compare configurations and software versions against a database […]

Read More
icon / insight Created with Sketch.
Insight

Preparing for the American Data Privacy & Protection Act

The average cost of a data breach in the United States is nearly 10 million dollars, the highest of any country in the world. In spite of this, the United States does not have a single comprehensive federal consumer privacy law comparable to the European Union’s General Data Protection Regulation (“GDPR”). Due to the fragmented […]

Read More
Created with Sketch.
Position Paper

Maximize Impact, Minimize Burden: Making the Case for Rapid-Fire Crown Jewels Assessments

Identifying a company’s most important assets to protect should arguably be any cybersecurity organization’s first priority. Traditionally, the Crown Jewels Analysis method is thorough and comprehensive, but arguably heavy and slow to scale. While this approach is considered to be the gold standard and a worthwhile investment, we argue that the approach may not be […]

Read More
icon / insight Created with Sketch.
Insight

Key Changes in PCI DSS 4.0 for Organizations to Address

Originally released in March 2022, version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS 4.0) officially takes effect on March 31, 2024. The updated PCI DSS presents important changes to the world of payments, placing heavier emphasis on risk management practices, strong authentication capabilities and security awareness training. Learn more about the […]

Read More
icon / insight Created with Sketch.
Insight

The SEC’s Cybersecurity Incident Reporting Rule and What It Means to Your Company

Starting today, the SEC’s Cybersecurity Incident Reporting rule requires all publicly traded companies to report material cybersecurity breaches within four days. Companies must include standardized information to ensure consistent reporting of these incidents to the public. Like all SEC rules, there are financial penalties for non-compliance so company leadership should know how to respond when […]

Read More
icon / insight Created with Sketch.
Insight

The IAM Iceberg: Navigating IAM’s Depths Amidst the Temptation of Tools

A quick Google search using keywords like “how to scale identity and access” or “how to securely manage identity and access” will yield a plethora of results addressing common Identity and Access Management (IAM) challenges. Notably, many of these results are dominated by companies that offer enterprise IAM products such as SailPoint and Okta. Their […]

Read More
icon / insight Created with Sketch.
Insight

GitHub — a Dangerous Platform if your house isn’t in order

Every year, hacker summer camp (aka DEFCON, Black Hat, BSides) arrives in a flurry of anticipation, presentations, and great ideas that often take reflection to determine how best to implement in our daily lives. Each year, in addition to new skills and information, we look for themes that may come to dominate the security world […]

Read More