Monthly Archives: December 2012

Happy New Years!

As we finish 2012 and look forward to
2013, Secure Ideas’ staff would like to wish everyone a happy new year.
 We also thought it would be fun to do a quick review of the year, with
each of our staff including their thoughts.  So here goes….
What a great second year for Secure
Ideas!  We have put together an amazing team and due to that, have
accomplished much.  We have seen 50% growth in our business this year, added
two new team members (and therefore expanded into a new state – Utah),
completed two DARPA research projects – turning both into open source projects,
and started a third DARPA project before the year came to a close.  We
continue to grow our security consulting services, while we watch our
MySecurityScanner service take ground – and take off.  Over the course of
the year, our team members have done a multitude of webcasts and SANS vLive
teaching events, as well as provided various conference presentations or
training in 21 different cities around the country (a number of those cities
multiple times), and as far away as Sydney, Australia.  But now let’s let
each of our team members tell their side, too.
Kevin Johnson:
At this time of year I look at what we
have and what has been accomplished over the last year and I am amazed.  I
still can’t believe that I was allowed to be part of this amazing group.
 We have done a ton of things and are planning on even more growth in 2013.
 DARPA has awarded us three different contracts, one of which is in
progress and very exciting.  We also have
continued to provide great service to our clients.  I look at the skillset
of our consultants and can’t believe the cool stuff they are working on.
 We have rolled out a new class through SANS, Security 642 Advanced Web
Penetration Testing, and are working on a few others.  We continue to work
with IANS, with me as a faculty member, and are growing the MySecurityScanner
service as you read this.  I can’t wait to see what we accomplish in 2013
and look forward to being allowed to continue this crazy rollercoaster we call
Secure Ideas!
Lara Dawson:
I love working with Kevin, Denise, and
the Secure Ideas team.  It’s been about a half dozen years since I’ve been
really happy going to work every day, but now I am once again!  There is
nothing better than working my tail off and knowing all my coworkers are doing
the same to help our little company grow.  We may be small, but we’re
mighty…just like my two-year-old daughter!  Some days I feel torn about
working so much with two little ones at home, and if I didn’t enjoy what I did,
I’d simply walk away at this point.  But I can’t drag myself away.
 As the non-technical one out of this bunch of geeks, sometimes it’s
overwhelming to have to make security a priority in the everyday grind of
running a company, so I can truly relate to many of our clients.  However,
through the 13 years I’ve been in this business, I’ve learned tremendous
amounts and many very scary things about how easy it is to be manipulated and
compromised.  I hope I can bring this type of understanding to even more
individuals and clients in 2013.
Denise Johnson:
As I look over the past year, I am amazed
at everything that has been accomplished by our small company.  Secure
Ideas has been blessed with a powerhouse of talent who has achieved so much.
 I am the lucky one who gets to see everything that goes on behind the
scenes. From when the clients first contact us, to the sales calls, travel
arrangements and the final resolution.  I know from personal experience
how hard all of our staff works and I realize the sacrifices they have all have
made.  I look forward to next year to see how we all grow personally and
as a company.     
Tony DeLaGrange:
I’ve been with Secure Ideas for over a
year now, and have had a year of many “firsts”.  I have led two
DARPA CFT projects, which both are now open source projects.  I have
presented at conferences such as Derby Con, ShmooCon, AppSec DC, and Good
Technologies Mobile Summit, as well as co-chaired the first SANS Mobile
Security summit.   I’ve also thoroughly enjoyed many fun tasks with
our client engagements, such as performing social engineering and physical
penetration testing (which is always an absolute blast), as well as participated
in some interesting “hacks” that we performed along the way,
attacking web applications and networks.  Both Jason and James have been
great additions to the Secure Ideas team; both guys are very knowledgeable and
great to work with.  I’m looking forward to 2013 with new challenges to
solve and new opportunities that lie ahead.
James Jardine:
I can’t believe the year is over already.
 I have been with Secure Ideas since May and I still remember my first
day, a Sunday, traveling to a client engagement and one of my first company
meals being Denny’s (eating with the owner).   I can honestly say
this is the most fun I have had at a job in a long time.  Don’t get me
wrong, I have loved other jobs, but the opportunities I have had are amazing.
 In addition, my coworker’s are the best.  I am thankful that I did
gain a little seniority the first week on the job when I found out Jason was
joining the team two weeks after me.  I have to say the best time I have
had so far was the trip to DerbyCon.  Nothing says fun like a 12 hour car
ride to Louisville, KY with co-workers, overcrowded rooms, really late nights,
and a great con.  Secure Ideas has come a long way in 2012 and I can’t wait
to see what is in store for 2013.
Jason Wood:
I started in late May at Secure Ideas (a
few weeks after James, hence my status as the “new guy”) and it has
been an incredibly fun and challenging experience.  All of the jobs I have
had posed different challenges, but after a while things settle down into a
routine.  One of the great things about Secure Ideas is that every client
engagement requires me to learn more about something, perform an attack in a
different way, and determine how our clients could have stopped me.  This
year has been a challenge and next year we are looking at even better things to
do.  2013 should be an absolute blast and provide our clients and
colleagues with some pretty cool stuff to work with.
There is already quite a bit planned for
2013, including the vast amount of speaking and teaching events again, further growth
and development of our services, more webcasts, and additional research and
development.  We thank you all for your support and look forward to
working with you in 2013.
Don’t Trust the Replacement Delivery Guy

Don’t Trust the Replacement Delivery Guy

Here at Secure Ideas we have had a ton of fun experiences during our work. When we teach or present, people often ask us to talk about the things we have been able to do, such as pulling credit cards out of a network via a Facebook application or tricking staff at a client into… Continue Reading

Gone Phishing

Gone Phishing

Many organizations do not include phishing in their annual penetration tests, as they believe that most phishing emails will be stopped by their email filtering solutions.  Any “phishy” emails that get through will likely be clicked on by their employees but stopped by anti-virus or web filtering controls.  These controls are good, but they typically… Continue Reading

Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for credentials to an application when discussing the penetration test.  The thought is that if we are testing the system like an attacker,   providing credentials is breaking… Continue Reading