Consulting

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Breaking in to Security

Some of the roles within security are all about breaking in to systems, but what about just breaking into the field?  Jobs in security are popping up all over the place and recruiters are trying desperately to help fill them.  There are many people interested in security, but without previous experience, they often want to …

Breaking in to Security Read More »

Professionally Evil Perspective Podcast – Methodology Continues with Discovery

James and I recorded the next episode of the Professionally Evil Perspective podcast this morning.  In it we get back to walking through the methodology that we use during a web application penetration test.  We had covered recon and mapping, so in this episode we go through the third step; discovery! James and I discuss …

Professionally Evil Perspective Podcast – Methodology Continues with Discovery Read More »

Industry Issues: New Vulnerabilities and Marketing Problems

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including consulting, penetration testing, training, and other services.  But the foundation of what I do is explain the what, why, and how of information security.  And …

Industry Issues: New Vulnerabilities and Marketing Problems Read More »

Scroll to Top