Balancing legal frameworks and enterprise security governance

In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also ad… Continue reading Balancing legal frameworks and enterprise security governance

Risk management focus shifts from external to internal exposure

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishin… Continue reading Risk management focus shifts from external to internal exposure

NightDragon partners with Coalfire to accelerate portfolio compliance and cybersecurity readiness

NightDragon and Coalfire announced a partnership to advance the maturity of NightDragon’s portfolio companies around key cybersecurity and compliance requirements, including FedRAMP. Backed by Coalfire’s expertise, NightDragon companies wil… Continue reading NightDragon partners with Coalfire to accelerate portfolio compliance and cybersecurity readiness

The long-lasting consequences of Coalfire’s Iowa pentest fiasco

The two security pros who were arrested for doing their job are still angry. Gary DeMurcurio and Justin Wynn, who work as penetration testers for Colorado-based security firm Coalfire Labs, were charged with burglary in September 2019 after they broke into an Iowa courthouse. Unlike in a typical break-in, though, Iowa state officials had hired DeMercurio and Wynn to test the courthouse’s defenses, then alert the authorities about any vulnerabilities that actual thieves may try to exploit. While prosecutors eventually dropped charges against the two pen-testers, the case made national headlines and highlighted the risks that security professionals take as part of their employment. Now, DeMercurio and Wynn are breaking their silence with a presentation at Black Hat, the virtual cybersecurity conference where they plan to detail their experience, and may delve into how performative security tactics, like arresting people without grounds, doesn’t actually solve anything. “The citizens of Iowa […]

The post The long-lasting consequences of Coalfire’s Iowa pentest fiasco appeared first on CyberScoop.

Continue reading The long-lasting consequences of Coalfire’s Iowa pentest fiasco

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. Continue reading COVID-19 ‘Breach Bubble’ Waiting to Pop?

Cyber Security Roundup for February 2020

A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, January 2020.After years of dither and delay the UK government finally nailed its colours to the mast, no… Continue reading Cyber Security Roundup for February 2020

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumps… Continue reading Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

Coalfire partners with Qualys to further strengthen its cloud automation services

Coalfire, a trusted provider of cybersecurity assessment and advisory services, announced that it has partnered with Qualys, a leading provider of cloud-based security and compliance solutions, to integrate Qualys’ vulnerability management and co… Continue reading Coalfire partners with Qualys to further strengthen its cloud automation services

Coalfire ASV Scanning – Enterprise Security Weekly #132

Mike Weber is the Vice President of Coalfire and Rebecca Larson is the Director, Vulnerability Assessment Operations of Coalfire. Coalfire ASV Scanning: – ASV program (love, praise, struggle)– Development and growth of scanning, 1-5 person … Continue reading Coalfire ASV Scanning – Enterprise Security Weekly #132