- Assessments Security Assessment Testing for Client-Side Vulnerabilities
Client-side penetration testing mimics real attacks by targeting unpatched desktop software via malicious emails or websites. Three approaches offer increasing intrusiveness: tracking link clicks to...
- Tools The Importance of Feeling Secure
Feeling secure differs from being secure—both matter. Users may abandon effective but quiet security tools, CISOs need compelling metrics and reports even when doing excellent work, and clients need...
- Assessments Security Assessment Report as a Critique, Not Criticism
Write security assessment reports as critique, not criticism. Focus on factual findings, processes, and organizational structure rather than chastising individuals—angry readers ignore key messages....
- Career 6 Tips for Hiring and Working With Security Consultants
Before engaging security consultants, understand your requirements to stay in control. Reach out to multiple firms for perspectives and price validation, assess who specifically will work on the...
- Assessments Perception of Value in Security Consulting Projects
Clients can't evaluate specialized security work directly, so they estimate value by assessing effort—usually time. A skilled locksmith opening locks in seconds gets fewer tips than when...
- Assessments Dealing with Misinformation During Security Assessments and Forensic Investigations
Interview subjects don't always provide accurate information—they may not know details, remember incorrectly, or have incentives to mislead. Look for discrepancies between sources, ask similar...