Tag: red team

  • The Ian Amit Spectrum of Pentesting Efficacy

    It’s been a while since I posted (duh), but recently I’ve had something brewing in my mind that appeared to not have been clearly discussed before, so here goes. I’ve been seeing some discussions and ambiguity around pentesting, vulnerability assessment, and red teaming (again – no huge shocker for those of us in the industry).…

  • ISTS12 Keynote and Red Team

    I’ve had the pleasure and the honor to keynote this year’s ISTS (Information Security Talent Search) that ran at the Rochester Institute of Technology (RIT). Additionally I was also fortunate to get a seat with the Red Team during the event itself and work closely with some of my friends and colleagues. It has been…

  • Sensationalism – doing more damage than good

    It took me a while to really decide to pull the trigger on this post. For several reasons: 1. I think the way that @ZeroFOX handled this was impeccable. As far as “we” are concerned this issue was to bed once the instigator (@avriette) balked out on actually having a constructive discussion when invited to. 2.…

  • Seeing RED in your future? – Recap from DerbyCon 3.0

    Yes, I know, It’s been a while since I updated anything here. Work, life, etc… So here’s a quick update/recap on some of the latest: SecurityZone 2013 was an excellent experience. Always great to get back to Cali to meet who are now friends rather than just colleagues and conference organizers. I delivered the keynote…

  • Do as I say, not as I do. RSA, Bit9, Adobe, and others…

    So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to the gutter), and focused on protecting your assets by applying the right controls in a risk-focused way. You had your processes, technologies, and logs all figured out.…