best practices

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”.  It is one of the primary certifications used as a stepping stone in your cybersecurity career.   Traditionally, students have two different options to gain this certification; self-study or a bootcamp.  Both …

Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Security Concerns around Remote Employees

In the cloud-based economy, businesses of every size are hiring remote employees. Remote employees may decrease their capital costs, free the business from location limitations, and provide many of the intangible benefits of remote working. The increased number of employees working from diverse locations on a growing number of devices create several issues a business …

Security Concerns around Remote Employees Read More »

Professionally Evil Courses: Ride Along Penetration Testing

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing.  This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course.  In this 2 hour course, James …

Professionally Evil Courses: Ride Along Penetration Testing Read More »

Secure Coding for Developers at Kingston MakerSpace, May 5-6

I’m excited to announce that I will be returning to my hometown of Kingston, Ontario to teach a two-day, hands-on Secure Coding course at Kingston MakerSpace, May 5-6, 2014.  This course is geared towards software developers who want to learn the details of common web application attacks and what coding strategies to use to properly …

Secure Coding for Developers at Kingston MakerSpace, May 5-6 Read More »

Professionally Evil Courses: Ride Along Penetration Testing

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing.  This course will be held on March 11th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course.  In this 2 hour course, …

Professionally Evil Courses: Ride Along Penetration Testing Read More »

HealthCare.gov: Basic Security Failures and IT Bloopers

Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business.  Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov.  As part of this review, Dave provided a …

HealthCare.gov: Basic Security Failures and IT Bloopers Read More »

Scroll to Top