Nathan Sweaney

10 Tips for Engaging a Security Services Vendor

The Information Security market brought in an estimated $167 billion in 2019 and that’s expected to double in the next 4-5 years according to some estimates. With that huge growth comes an avalanche of security companies promising to fix all of your cyber worries. Some of them offer amazing services with fantastic value. Others, not …

10 Tips for Engaging a Security Services Vendor Read More »

How to Test Your Security Controls for Small/Medium Businesses

We often get contacted by small businesses requesting their first penetration test because of compliance reasons, or because of “industry best practices,” or just to get an idea of how bad things really are. In many of those cases, their environment isn’t nearly mature enough to make a pentest worthwhile. Sometimes they’re insistent and we …

How to Test Your Security Controls for Small/Medium Businesses Read More »

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Silencing Firefox’s Chattiness for Web App Testing

Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly making requests out to the internet for things like updates, checking network status, and sending telemetry data back to Mozilla. When using Firefox for web app testing, I’ve often noticed the constant stream of additional requests that get in …

Silencing Firefox’s Chattiness for Web App Testing Read More »

Checking Under the Bed

I’ve got four kids and part of their chores involve cleaning up their bedrooms. Inevitably, their understanding of “clean enough” never quite matches our expectations. Now I could just live with the fact that there will always be a huge mess under their beds, but that doesn’t serve the point. My goal isn’t to just …

Checking Under the Bed Read More »

These Aren’t the Password Guidelines You’re Looking For

“You don’t need to see his identification.” It’s a classic line.  With a flick of the wrist old Ben Kenobi deftly bypasses the identity & access management system of the poor Stormtroopers just doing their job. One would think, in that technological era, so long ago, that more advanced (and less spoofable) methods of authentication would …

These Aren’t the Password Guidelines You’re Looking For Read More »

Protecting your Kids from Online Threats

“The greatest gifts you can give your children are the roots of responsibility and the wings of independence.” — Denis Waitley As information security professionals, we’re often asked about how to best protect children online. I’ve got four of my own, and discussions about what is or isn’t appropriate, are nearly endless. Because let’s be honest, …

Protecting your Kids from Online Threats Read More »

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears

We all recognize clickbait when we see it. And yet thousands still click on the links. In today’s world of social media and ad-funded news, a range of techniques are utilized to grab your attention, some with more success than others. One of these, used in the title of this post, is to create a …

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears Read More »

We’re Just Like the NSA, and Nothing Like Them

During penetration tests, and especially scoping calls, we often get quizzed about what secret, proprietary techniques we’ll use to gain access to privileged resources. Most folks assume they’re doing “good enough” or at least meeting “industry best practices” so only the latest, unknown attacks will be successful. The notorious ZeroDay always seems to take the …

We’re Just Like the NSA, and Nothing Like Them Read More »

Scroll to Top