by Jesper Kråkhede, Sweden
Posted in Business on Dec 7th, 2014
What better way to spend one´s birthday on than blogging? 😉 I´m currently in the process of recruiting a lot of security personnel and thought that I should provide a few insights I have accumulated during the years. There are several qualities I look for when I recruit. First of all is the ability to […]
Posted in Business on Nov 15th, 2014
I was recently contacted by a company that sells vulnerability scanners and hacking tools. They promise that they had access to exploit code for vulnerabilities that are unknown. The reason why this was a sales argument was that we could show our expertise by always finding a vulnerability. I argued that this was NOT a […]
Posted in Business, Compliance, Security Architecture on Sep 28th, 2014
The events currently unfolding at a large car producer points at a specific problem within security: The fears of letting other know. In many organizations today security has a somewhat impenetrable workflow. The board is briefed by the CSO or CIO with only a minimum off information according to “need to know”. Non-security personnel have […]
Posted in Business on Sep 10th, 2014
During a visit to a client today we discussed AST (Application Security Testing) and that it would have been an interesting concept to add to their security. During the visit I was tasked with investigating what the cost would be. I have to say that I was somewhat baffled by the prices for licenses when […]
Posted in Business, Methodology on Aug 12th, 2014
During the last months I have looked into breach detection. There are several numbers on the web from different reports and of course there is no exact figure but an estimate is somewhere around 263 days give or take 50. In any case it is still a way to large a number. During a presentation […]
Posted in Business, Security Architecture on Jul 28th, 2014
Running a small business with an unknown brand is not protection enough anymore or attacks. As soon as you have a web presence you will be scanned and possible hacked. The reason that small business are in scope for attacks now is that they quite often have lower defences and simply are easier to breach. […]
Posted in Business, Security Architecture on Jun 21st, 2014
Military attacks are quite often interesting from the viewpoint that they will sooner or later find its way into the attacks geared towards different civil companies. I doubt that there is a possible gain to target civil nuclear centrifuges but of course there are other possibilities. Reading this article you get a bit of an […]
Posted in Business, Security Architecture on Jun 20th, 2014
If you ever been to Sweden you now that the third Friday in June is Midsummer Eve and all of Sweden goes to celebrate that summer has finally arrived. I´m not an exception here so just a short post today. If a credit card costs as much as $40 and is resold for $20, $10$, […]
Posted in Business on May 23rd, 2014
If you decided to start working with security you have understood by now that you need to read, read and read a lot more that you originally thought. Not everything is about that happy moment when you manage to open up a DOS-prompt and get full root access to a server. Most of the time […]
Posted in Business on Feb 15th, 2014
I have returned to the problems with not testing the business systems during a pen-test. ‘They are way too critical for us to take the risk of a test. Beside they are way too complex for a hacker to understand.’ When has that ever stopped a hacker? During an architectural review a few years back […]