Sep 11, 2019 | Cybersecurity, Millennials, Penetration Testing, Risk Management, System Security, Vulnerabilities
Andrew Plato, CEO & Founder of Anitian, recently sat down with podcast host David “Ledge” Ledgerwood from Gun.io to discuss accidentally finding SQL attacks, gaining his deep appreciation for security, and how the combination of both inspired him to start his own...
Jun 18, 2019 | Compliance
After a decade of doing compliance assessment work, I’m coming to terms with an uncomfortable truth: nobody likes compliance. It’s a miserable time-suck that slows down forward momentum. How did this happen? Where did compliance go wrong? Why is compliance...
May 28, 2019 | Compliance
When the technology industry is not inventing new gadgets, it is inventing new words, such as a next-generation firewall. This contrived word ultimately reshaped an entire market segment. The newest word on the market is Compliance Automation. Which is near and dear...
Dec 12, 2018 | Business of Security, Compliance, Opinion, Security Leadership
“Four years!” As soon as the words left my mouth, I regretted saying them. Not because they were wrong, rather the incredulousness in my voice was instantly met with furrowed brows and folded arms. Across the table was a potential customer, and thanks to my lack of...
Oct 13, 2018 | Application Security, Vulnerabilities, Vulnerability Management, Vulnerability Research
Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom authentication mechanism our...
Sep 14, 2018 | Breaches, Compliance, Human Factors, Opinion, RSA Conference, RSAC 2018, Security Leadership, Security Management
In her keynote at the RSA Conference this year, futurist and game designer Jane McGonigal said: any useful statement about the future should at first seem ridiculous. In the post-RSAC recovery period, I pondered the future trends in information security and built my...
Aug 10, 2018 | Business of Security, Opinion, UTM / NGFW
Let’s get this out of the way: the next-generation firewall (NGFW) is dead. The cause of death: cloud. However, this is not an execution, rather a slow, decline into irrelevance in the face of a more agile competitor. The shroud of death and decay are all around the...
Apr 25, 2018 | RSA Conference, RSAC 2018
RSA Conference is fertile ground for buzzwords. Remember “Big Data” or “threat intelligence” from years past? Well, this year things are getting a little weirder. Here are some buzzwords that were tossed around at RSA, with my thoughts on their real meanings....
Apr 19, 2018 | RSA Conference, RSAC 2018
If there is one thing RSA does well, its chaos. However, this is partially because San Francisco is a giant, elegant, stinky, haphazardly-engineered, cacophony of chaos. From the pungent weed clouds to the automated compute clouds, San Francisco has mastered chaos....
