Adrian Sanabria – WindowsTechs.com

Qualys, Twistlock, & Tenable – Enterprise Security Weekly #94

Posted on June 8, 2018 by Security Weekly Productions

In the news, Infoblox research finds explosion of personal and IoT devices, Qualys announces letter of intent to acquire second front systems, Fortinet acquires Bradford Networks, Tenable extends cloud application security scanning capabilities, and mo… Continue reading Qualys, Twistlock, & Tenable – Enterprise Security Weekly #94→

Group Discussion: Penetration Testing – Enterprise Security Weekly #94

Posted on June 7, 2018 by Security Weekly Productions

Paul and John welcome Adrian Sanabria, Director of Research for Savage Security; Dave Kennedy, Founder of TrustedSec, Binary Defense, and DerbyCon; and Security Weekly’s very own Jeff Man! Paul and John have a group discussion with Adrian, Jeff, … Continue reading Group Discussion: Penetration Testing – Enterprise Security Weekly #94→

Long Live Penetration Testing – Paul’s Security Weekly #556

Posted on April 23, 2018 by Security Weekly Productions

We’ve spent time defining the value of penetration testing, how we can do them better and how organizations can make the most out of this activity. The question today is, “Do we still need penetration tests?”. If you are conducting pe… Continue reading Long Live Penetration Testing – Paul’s Security Weekly #556→

Adrian Sanabria, Savage Security – Paul’s Security Weekly #556

Posted on April 22, 2018 by Security Weekly Productions

Adrian is the Research Director and Co-Founder of Savage Security. He spent a decade building security programs and defending large financial firms. He also spent many years as a consultant, performing penetration tests, PCI audits and other security-r… Continue reading Adrian Sanabria, Savage Security – Paul’s Security Weekly #556→

Beware of Security by Press Release

Posted on August 10, 2017 by BrianKrebs

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “Security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed.

At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product. Continue reading Beware of Security by Press Release→

We Need to Change the Psychology of Security

Posted on July 28, 2016 by Adrian Sanabria for Motherboard

What’s wrong in the world of cybersecurity, and how it can be fixed. Continue reading We Need to Change the Psychology of Security→