Archive for

Cybersecurity – General

Security Assessment 101: Planning a Successful Security Assessment

Posted: May 13, 2021

It’s important to evaluate your security posture and identify areas that need improvement, but a successful security assessment does not happen on accident. Have you ever wondered what goes into planning a security assessment? There is no “one-size-fits-all” security assessment strategy. ...

Continue Reading

Journey of Learning: Server-Side Template Injection

Posted: April 30, 2021

Welcome to my journey of learning.  This series is about my preparation for the OSCP exam.  More specifically this series is about how I use the things I am learning for my CTF hobby in my role on the Data Analytics team here at Set Solutions.  If you would like to know more about how this got ...

Continue Reading

Best Practices and Effective Vulnerability Management Strategy

Posted: April 1, 2021

Vulnerabilities are a fact of life. It’s an imperfect world. There is simply no way to avoid them. Fortunately, vulnerabilities can be detected, and resolved or mitigated to remove or limit the risk they present. The goal is not to try and achieve a world with zero vulnerabilities—the goal is ...

Continue Reading

A Journey of Learning: Introduction

Posted: March 23, 2021

I have spent a lot of time around security professionals, but I am not sure that I would consider myself one of them. Maybe a better way to say that is that I am a not traditional security professional.  In a field as diverse as information security, maybe the idea of a traditional security ...

Continue Reading

Developing a Risk Based Vulnerability Management Program

Posted: March 11, 2021

There are many vectors for an attacker to penetrate an organization. The method of taking advantage of vulnerabilities in an environment is one of the common vectors for an attacker. I have had an opportunity to work with some of the vulnerability assessment tools; they are not listed in any ...

Continue Reading

One Does Not Simply Hack APIs… Actually, One Probably Does

Posted: February 12, 2021

Geek Alert Before you read further into this first blog post of my two-part series, be warned that I am about to make analogies comparing Web API security to the epic fantasy trilogy The Lord of the Rings by J.R.R. Tolkien. Yes, I am unapologetically going full geek in this short series. One ...

Continue Reading

SolarWinds Sunburst

Posted: January 26, 2021

Background If you work in Information Security, Technology, or even if you are just a person who stays up to date with recent news headlines, you probably already know about the “Sunburst” hacking fiasco that came to light at the end of December 2020.  I use the term “fiasco” ...

Continue Reading

Implementing a Risk-Based Vulnerability Management Strategy

Posted: January 21, 2021

Effective cybersecurity is a continuous process. There is no such thing as absolute or perfect security—but even if you could achieve it, it would be fleeting. New vulnerabilities are discovered, and new exploits and attack techniques are developed every day. Just because you were secure ...

Continue Reading

Defining a Solid Vulnerability Management Strategy

Posted: January 8, 2021

There is no such thing as perfect code. Vulnerabilities are a fact of life. Applications contain mistakes, and flaws, and bugs—no matter how small—and attackers work around the clock to find exploits to take advantage of those flaws, gain access to your networks and applications, and compromise ...

Continue Reading

Finding the FireEye Breach IOCs with Data Analytics

Posted: December 16, 2020

The last thing we need to hear about is another big breach, but here we are.  Our friends at FireEye were attacked recently.  From what I have seen so far, it sounds like this was a nation-state level attack and all the attackers got for their effort was some tools.  If an organization is ...

Continue Reading