preview

The Security Service Provider And Solutions Provider Sector

Better Essays
Open Document

When you finish this series, you are either going to dislike me, or dislike me more, and I mean this sincerely. The following is a response to the CISO Manifesto, and it is coming from the Security Service Provider / Solutions Provider sector. While I don’t represent my industry as a whole, I will present my view from the technical side of the scope. While I enjoyed the manifesto, I couldn’t help but notice the same tried and true “follow the herd” conformity roles that too many security professionals follow, especially up at the higher end of the spectrum. With that said, this series (because it will be too long to fit into one article) will attempt to offer some insight (or counters) surrounding some of the gripes described in the CISO …show more content…

Who noticed it, and how fast did they notice?” Testing for me consists of more than just firing off tools. With that said, I shall begin. 1) Manifesto “Don’t Pitch Competition” | Realist: Always be HONEST During my experiences, testing, and analysis, I have found repeatedly, that I can get in and out of organizations with, and without the use of exploits. I can bypass policies, that either don’t exist, aren’t monitored, or aren’t enforced. Processes that should exist, and security baselines are lacking or don’t exist, and often times, the organizations I test, were often tested by other companies that issued reports with flying colors. “Look, such pie charts! You’re all green! Green lights for everyone!” These tests in my opinion were done by horrible security companies. To illustrate this, here is the most memorable quote from the CIO in front of the CSO, CISO, and multiple individuals from multiple teams at a hospital: “I feel like you came in here, and you were making fun of my security.” This came after me and my team took control over 95% of the infrastructure of a 800+ bed hospital. This hospital was partnered with dozens of other hospitals that used shared credentials which simply means: those visiting doctors, their credentials are likely the same in other hospitals which means: snowball effect, I’d likely own those

Get Access