Secure Ideas, LLC on LinkedIn: The point in time Pentest that has been the staple of our industry for… (2024)

We’re still wrapping our brains around all the awesome research to come out of BlackHat this month. Did you catch Samy Kamkar, of MySpace “Samy Worm” fame, is back on stage?This time he would’ve made Dr. Evil happy by using “laser beams” to spy on your keyboard taps!You really have to check this one out. I know our pentesters' wheels are turning here…https://lnkd.in/dxBahjHi

2

Hey Kevin. Quick note. “Woot” just didn’t sound excited enough for me.🎉WOO HOO! 🎉 This is a huge milestone for the Secure Ideas team!Thanks for all the hard work from the team and the support from all of our clients, we’re now even better positioned to keep delivering top of the industry pentests to you all.Congrats on CREST accreditation Secure Ideas Team!

2

Wait a second. Are we calling vulnerabilities “product defects” now?It seems there is a lot of back and forth on this one. CISA’s Jen Easterly called for the terminology change on stage at BlackHat.“Easterly said it’s past time that software vendors no longer consider vulnerabilities “as an inevitable act of nature,” when other industries would consider similar flaws as alarming as “product defects.”There is a point there, we wouldn’t ship a plane with a known “vulnerability” that we’d get to next patch cycle, it would be considered defective and taken off the line immediately.What do you think on this one? Are you going to be changing your lingo?Cyberscoop article on the topic: https://lnkd.in/g37aF6PJ

10

It’s time for another edition of get to know our Secure Ideas consultants!This time we asked about what inspired them to get into cybersecurity consulting:Bill McCauley said: I’ve always gravitated towards security principles in my own life, and this provides me with the opportunity to take those concepts and engage with other people/organizations to help them protect themselves.Jennifer Shannon said: When I still worked in retail I was told “To catch a thief, you have to think like a thief”. This did not come naturally to me, so I had to spend a lot of time considering “If I was going to do a bad thing, how would I do it? Why would I do it?” This naturally carried over into my love of computers. If I was a bad guy, what would I do with this?How about you? What got you into cybersecurity??

6

ICYMI - our CEO Kevin Johnson showed up on last week’s episode of Shared Security Podcast to discuss the infamous Crowdstrike crash and the intricacies of internet accessibility. Do we think it’s the largest IT outage in history? Tune in below to find out!https://lnkd.in/gEkyN6A4

2

Need a break from all things Vegas? Next up is DevUp from August 14-16: Join us there for the below workshops and talks with CIO Jason Gillam and CEO Kevin Johnson. From a hands-on exploration of your AppSec understanding, to deep-dives into application flaws & how to improve your SDLC and security integration, we’ve got you covered!https://lnkd.in/gfwdWFPphttps://lnkd.in/gVgbT32t

3

The next iteration of our Get to know the Secure Ideas Consultants!We asked Travis how he got into cybersecurity and if he thinks knowing how to code is necessary to break in. Here is what he said!“[Security] was always interesting to me, but it boiled down to the fact that it is hard to defend against something you don’t understand. Therefore, the best approach was to learn how the attacks worked.”On code: “I would argue it is SUPER helpful. Knowing how to code will make modifying exploits easier, improve your EDR evasion by writing your own malware, and make reverse engineering much easier since you already understand APIs and how developers think.”

5

Who is all out at BlackHat this week? Here are 4 talks we’re really excited to see!

1