Security Awareness ProgramsSecurity Awareness Programs are something every company should have. An effective security awareness program empowers your end users to prevent security incidents before they happen. One of the problems I'm encountering at most companies I consult with is, a [...]
OWASP Oklahoma City I was looking for a way to contribute more to the information security community in Oklahoma City, and noticed that we didn't have an OWASP Oklahoma City Chapter. I applied for, and was approved to be the leader of the chapter. Previously this chapter existed, but has been [...]
Moving up from Helpdesk If you want to move up from helpdesk into information security, you have to do more than open tickets. Here's a problem I see a lot with helpdesk technicians:They open a ticket without doing any troubleshooting If there was a recent network scan, they'll blame the [...]
Cross Site Scripting Cross Site Scripting vulnerabilities are still listed in the OWASP Top 10, and are still a major web application vulnerability. I recently leveraged a cross site scripting vulnerability to gain access to a corporate network during a penetration test. I'll change the name of the[...]
Infosec Conferences and Training It's been a busy few months! We've had a lot going on with training and infosec conferences. Back in February I attended CPX 360 which is Check Point's conference. I was also a presenter at CPX 360 and talked about Check Point Endpoint, which is their endpoint [...]
Network Security Defense in Depth is Failing Network security and defense in depth seem to be all I hear about lately. We use that term "defense in depth", but do we really know what it means? We discuss the layers of security such as appliances, software, processes, and procedures, but we miss what[...]
SANS SEC504 Course Oklahoma City Our very own Joe Sullivan will be mentoring the SANS SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling course here in Oklahoma City.This course contains elements of both offense and defense. You will learn how to hack into systems, attack [...]
Crossroads Information Security Crossroads Information Security is an information security company. You may be asking yourself: What does Crossroads Information Security do?The answer can be found in: Why does Crossroads Information Security perform information security services?Crossroads [...]
Updated for 2021 Gifts for Information Security Geeks are hard to find according to my wife. If you are looking for a gift for an information security geek this holiday season, I've put together some ideas for you. Raspberry Pi - Coming in at around $99.00 the Raspberry Pi 4 will provide lots of [...]
Password Complexity Password Complexity is a debate that comes up at almost every penetration test. As part of our penetration tests we capture and crack password hashes. When we do this we are looking at two things:How easy are the hashes to obtain How long does it take to crack them so [...]
Newsletter
