By: Rob Chaykoski, Consultant at RC Consulting and Managed Security I remember the first risk assessment I was to complete. It was messy essay on defining the use of a specific port to allow an application through our firewall. Truthfully, it was downright ugly to get to the point that the […]

Assessing Risk – Helping the SMB market understand



By Dave Howe OK, so thought I would write this one up in more detail. The cheapest way to build a home lab for pentesting purposes is virtualization – obviously, physical hardware is still required, but provided you have an existing machine with enough ram, that is good enough (my […]

Home Lab on a shoestring



by Gina Roberson, Analyst This post is inspired by Bally Kehal‍s series on “how to become X”. What is a security analyst? Security analyst is a very broad job description containing a lot of sub-categories. In theory it’s someone analyzing something security, right? Security analyst can cover everything from someone […]

How to become a Security Analyst


I’ve been writing about bots and ad fraud over the last several years. And despite the proliferation of bot and Fraud Detection services, the ad fraud problem is not getting better. In fact, it is getting worse. But occasionally, you read industry reports that say fraud is lower and tout […]

Any Device with CPU + Internet Can be Used as ...





When I gave a talk at CCC about harm reduction for hackers, I included information from the only study on hackers and Aspergers that has ever been performed. The report is fascinating and I highly recommend giving it a read. What it found was surprising: Contrary to popular perceptions of […]

Can hackers be emotionally resilient?


Security firm Fortinet recently posted about a nasty little piece of banking malware that I feel hasn’t gotten enough press. It’s more than banking malware, as it nabs creds not just from institutions like Wells Fargo, but also paypal and Coinbase (just to name a few). It steals a credit […]

Check your [Android] phone for new malware affecting bank apps, ...




By: Violet Blue Blink, and you missed it: This week the Justice Department quietly made public its guidelines for prosecutors as to when they should open investigations or press charges under the Computer Fraud and Abuse Act (CFAA). The Computer Fraud and Abuse Act is a serious issue and source […]

Under pressure, DoJ finally reveals its CFAA prosecution guidelines




Today I realized it was October 11th – and while many Canadians are returning to work after a long Thanksgiving weekend, quite a few people have taken further time off to be thankful with their friends and families. Yet for others across the globe – Today is known as the […]

Girls, Girls, Girls!


October is “cybersecurity month” (National Cyber Security Awareness Month, aka NCSAM). In the effort to educate people about being afraid of things they really can’t control anyway, and are tired of hearing about, the federal government has a different theme every week for getting people in the, uh, spirit of […]

Security Fatigue Awareness Month