In the last 12 months, Penetration Testing as a Service has exploded in popularity. Is that because it’s a better business model for penetration testing vendors? Or because there’s more security and business value in the practice for companies? That’s what I set out to explore in this article. Below, I’ve outlined what exactly PTaaS […]
Penetration Testing as a Service: Is it a Viable Option? Read More »
There’s no debate on this one: Penetration testing is crucial for SaaS companies. It’s only in the details that arguments arise: How often should you test your app? What should be in scope? Which vendor should you use? How much should you spend? It is those questions that we will seek to answer in this
Proper Penetration Testing for SaaS Companies: Tips & Cost Read More »
Most startups only consider SOC 2 certification after a request from a new or potential new client. At that point there’s a decision to make: Will the time and money spent on attaining SOC 2 certification be worth the revenue it creates in new business? Having worked as a CISO across multiple industries, I’ve managed
Insider’s Guide to SOC 2 for Startups: Is it Really Worth It? Read More »
In a 2023 survey of cybersecurity leaders, 51% said they believe an AI-based tool like ChatGPT will be used in a successful data breach within the next year. There is no question that AI tools pose cybersecurity risks, and as such, keeping an eye on exactly how they are being used by malicious actors is
ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections Read More »
As with most services in cybersecurity, costs can be difficult to predict. For firms looking to engage security services, this fact is a burden on the due diligence process. Vendors rarely publicize their costs, and clients rarely publicize their spending. Rarely is this more true than for Managed Security Service Providers. For one, the term
How Much Do Managed Security Service Providers Cost? Read More »
How common is cybersecurity insurance in the US compared to globally? How much does it cost? How much does it actually help companies in the event of a breach? These are some of the questions we set out to answer when we took a deep dive into the state of the cybersecurity insurance market in
23 Eye-Opening Cybersecurity Insurance Statistics Read More »
The payment Card Industry (PCI) is a set of requirements that organizations are required to be audited against to accept, process, or store any payment card information. This standard is designed to help the brand label cards (AMEX, Discovery, Visa, etc.) reduce fraud risk through the loss or compromise of credit cards. As part of
PCI Compliance Logging Requirements & How to Meet Them Read More »
Red teaming is an advanced form of penetration testing, which is not for every organization. While it may identify vulnerabilities that exist within your environment, that is not the primary goal. Other forms of penetration testing (e.g. application, IoT, or network to name a few) focus on identifying vulnerabilities and providing a story of how
What is Red Teaming? Is it Worth Doing? Read More »
Nearly every security framework and regulation requires risk management to be integrated into an organization’s operations. The premise is that to understand the priorities, the organization must first understand the threats and what risk or impact those threats pose. It may seem obvious, but many organizations and security practitioners lose sight of this key fundamental
How Much Does a Cyber Security Risk Assessment Cost Today? Read More »
A cyber security risk assessment, not to be confused with a vulnerability assessment, is the process of evaluating and codifying the risk to your organization through a process of evaluating assets, controls, threats, and attack techniques. Many components of the risk assessment will be subjective, in that decisions will be based on opinion or experience,
What is a Cyber Security Risk Assessment? Is it Worthwhile? Read More »
