Blog

With major support having ended for Windows 7, companies and end/home users who continue to rely on Windows 7 may be at risk. Microsoft announced that as of January 14th of 2020, they will no longer be pushing security updates for Windows 7, which are meant to cover new and existing vulnerabilities. With these updates no longer being pushed out for that operating system, there is an increased risk that some new vulnerabilities will be found and exploited. These vulnerabilities may cause loss of data or even allow for the creation of back doors for hackers to leave malicious malware on existing systems.

The below commentary is an excerpt from a longer white paper being produced by the Silent Sector team on how to hire and retain quality security, and by extension, IT resources.  This excerpt addresses retaining the professionals you’ve hired.

The below commentary is an excerpt from a longer white paper being produced by the Silent Sector team on how to hire and retain quality security, and by extension, IT resources.  This excerpt addresses finding and hiring IT and security professionals.

In early May of 2019, Microsoft reported that a new security vulnerability had been discovered and could be a tremendous threat to their users. The bug was originally detected by the United Kingdom’s National Cyber Security Centre. Officially tracked “CVE-2019-0708”, but referred to as “BlueKeep”, this exploit is a remote code execution vulnerability that is present in Remote Desktop Services.

The below commentary is an excerpt from a longer white paper being produced by the Silent Sector team on how to hire and retain quality security, and by extension, IT resources.  This excerpt addresses compensation.

Cyber-crime is here to stay. Neither technology, compliance frameworks, nor government regulation will stop the threat.  It is a fight we didn’t choose but has forced business leaders to take new measures to protect their organizations. 

Penetration testing is now a permanent requirement in most governance frameworks from NIST to PCI DSS, making it a mandatory step in the annual budgets and operations. While most understand a penetration test is necessary in order to meet their client and regulatory requirements for the year, there is little knowledge on what these tests actually accomplish for the organization and how they are conducted.  In addition, an industry-wide consensus of what defines a true penetration test does not exist, creating further confusion.