Pen Tests and Red Teams are NOT the same

Posted by:

So the other day, I was debating the ins and outs of a cyber strategy to protect a network. At one point, my learned friend scoffed at me, saying I was splitting hairs – that there was essentially no difference between “red teaming” and penetration testing.

I respectfully disagreed, and here’s why:

Actually, let’s first admit that they do have one thing is common. They both are key to a holistic defense strategy, but they should not be conflated.

Let’s define what we ...

Read More →
0

Social engineering series: the psychological norms exploited by fraudsters

Posted by:

Be nice.
Be helpful.

These life lessons are ingrained into most of us early on, and, sadly, it’s one of the reasons why many social engineering tactics are successful.

Social engineers manipulate targets into saying or doing things that will provide the desired information, which could be login information or sensitive data like customer lists, development plans or company strategies.

In order to control these ingrained friendly and helpful behaviours – by which I mean being able to identify situations that do not ...

Read More →
0

Social engineering attacks: Is security focused on the wrong problem?

Posted by:

social engineeringMalicious social-engineering attacks are on the rise and branching out far beyond simply targeting the financial sector. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far.

Adopting a “know thy data” approach — in terms of what it is, how valuable it is and where it is — and then ...

Read More →
0
})
SEC Cybersecurity Exams