TPG Blog
What should you expect from a vCISO engagement?
Organizations are facing ever-increasing challenges related to security and compliance. Security issues are in the news every day with targeted attacks, phishing, malware, and especially ransomware on the increase. A last-minute reaction-based strategy is no longer sufficient, and cyber insurance will not pay for your breach if you have not done due diligence to protect…
Your Ears as a Security Control
Recently, I was at a customer site to discuss monitoring, correlation, and alerting. They told a tale that I have heard so many times, all I could do was sit there and nod my head sympathetically. They described a failed SIEM (Security Information and Event Management) implementation that they had recently gone through. After hearing…
Burnin’ Down the House
“Oh my God! The office is on fire!” David exclaimed to his wife as he hung up the phone and drug himself out of bed. This was the moment he had dreaded for years. So many irreplaceable documents stored there. So much data to be lost. The fire department had called and alerted him in…
SOLVED!!!
I was recently fortunate enough to be the face of The Pinnacle Group’s CryptoChallenge at DerbyCon in Louisville Kentucky. I am always amazed to watch the depth of talent brought to bear in these type challenges and I marvel at the process of watching these big brains crunch away at complex mathematic and observational puzzles.…
Tip of the ‘Berg
If you know me, you know that I regularly preach the need for full scope penetration testing (internal and external with physical, digital, and social engineering attack methods). If I do not think and act as the bad guys do, I will likely miss attack vectors they may not. I have done numerous external-ONLY penetration…
Do Diligence?
As I travel around speaking, performing network assessments, and discussing security with various corporate leaders, I often hear a fairly consistent and disturbing mantra. “If you find vulnerabilities and risks in our environment, then we will have to fix it.” The prevailing wisdom from a security and compliance perspective seems to be. “If we don’t…
What should you expect from a vCISO engagement?
Organizations are facing ever-increasing challenges related to security and compliance. Security issues are in the news every day with targeted attacks, phishing, malware, and especially ransomware on the increase. A last-minute reaction-based strategy is no longer sufficient, and cyber insurance will not pay for your breach if you have not done due diligence to protect…
Your Ears as a Security Control
Recently, I was at a customer site to discuss monitoring, correlation, and alerting. They told a tale that I have heard so many times, all I could do was sit there and nod my head sympathetically. They described a failed SIEM (Security Information and Event Management) implementation that they had recently gone through. After hearing…
Burnin’ Down the House
“Oh my God! The office is on fire!” David exclaimed to his wife as he hung up the phone and drug himself out of bed. This was the moment he had dreaded for years. So many irreplaceable documents stored there. So much data to be lost. The fire department had called and alerted him in…
SOLVED!!!
I was recently fortunate enough to be the face of The Pinnacle Group’s CryptoChallenge at DerbyCon in Louisville Kentucky. I am always amazed to watch the depth of talent brought to bear in these type challenges and I marvel at the process of watching these big brains crunch away at complex mathematic and observational puzzles.…
Tip of the ‘Berg
If you know me, you know that I regularly preach the need for full scope penetration testing (internal and external with physical, digital, and social engineering attack methods). If I do not think and act as the bad guys do, I will likely miss attack vectors they may not. I have done numerous external-ONLY penetration…
Do Diligence?
As I travel around speaking, performing network assessments, and discussing security with various corporate leaders, I often hear a fairly consistent and disturbing mantra. “If you find vulnerabilities and risks in our environment, then we will have to fix it.” The prevailing wisdom from a security and compliance perspective seems to be. “If we don’t…
Subscribe
About the Author
Eddie “the Y3t1” Mize is CSO and Director of Information Security for The Pinnacle Group. He has over 31 years experience in the Computer Industry as well as over 18 years experience in Information Security. He is an integration and security specialist with years of experience building Information Security Programs. He has led numerous PenTest and Red Team events for a wide variety of industries and served on Cisco’s Enterprise Advisory Board for Information Security.
Eddie is a frequent security speaker on real world information security and compliance, mobile security, red-team/penetration testing techniques, and cloud security. He is a security evangelist, podcast SME and DEFCON speaker and Staff Goon and is a “Distinguished Speaker” for the CiscoLIVE conferences. Eddie’s work has been published in Network World, Pentest Magazine, and Hakin9 Magazine.