-
Why You Should Go Beyond The Typical Penetration Test
This post was originally published on Forbes If you’ve ever run across a penetration test report, they usually look bleak. I should know; I’ve authored hundreds of them. By their very nature, they try to focus on the most egregious security issues within a system or network. Having an understanding of how an actual adversary…
-
Two Frameworks For Securing A Decentralized Enterprise
This post was originally published on Forbes Many modern enterprises no longer operate in a highly centralized manner. Traditionally, cybersecurity in enterprise environments consisted of defining trust boundaries, placing controls over these boundaries, setting standards and policies for the safe and secure handling of data, enforcing said policies and scrutinizing any code/applications that were developed…
-
Random CSO Musing
One of the biggest challenges of running a security organization is balancing the ongoing efforts, with strategic directions, all while keeping the “pressure” on to increase the maturity across the prioritized elements that give you the most risk reduction over time. Seems like a bunch of management words, I admit, but it’s truly one of…
-
How to Vendor/Sales in the Security Industry
I’ve been on the receiving end of sales pitches for years now. Ever since I took on senior leadership roles the constant trickle of various sales pitches just kept increasing. These vary from completely out of the blue “cold calls” that attempt to push some solution, through the slightly better informed ones that take into…
-
Basic is great
Encouraged by the response to my last post (https://www.iamit.org/blog/2018/06/the-ian-amit-spectrum-of-pentesting-efficacy/ for those who missed it), and following up on a couple of recent Twitter/LinkedIn/WhatsApp conversations, I’d like to emphasize the importance of doing basic and simple work (in security, but it probably also applies to everything else). We are working in a weird industry. The industry…