In this episode of Razorwire, I had the pleasure of speaking with Phil Tonkin from Dragos about securing critical infrastructure. Phil and I delved into the definition of critical infrastructure, the fragility of supply chains and the importance of preparing for potential attacks. We also talked about the Colonial Pipeline incident and the inextricable link between IT and OT in critical infrastructure.

Welcome back to the show! In this episode of the Razorwire podcast, I have the pleasure of discussing defence in depth with Razorthorn’s own illustrious consultants, Jamie Hayward and Tom Mills. During our conversation, we talked about the increasing number of tools and solutions available, the perils of ‘reactive’ budget allocation, as well as the changes we’re seeing in the industry and within our clients’ requirements.

Penetration tests are crucial to any organization's cybersecurity strategy, but they're not the whole story. Without a way of tracking and resolving the issues uncovered in these tests, they become nothing more than a snapshot in time. In the same way that software defect systems help organizations track and manage bugs, it's essential to have a system in place for measuring and addressing cybersecurity vulnerabilities. Whether deciding to fix the issue immediately or scheduling it for a future release, tracking and actioning findings is essential for staying ahead of potential threats.

Are you conducting regular penetration testing on your organization's security measures? If so, you might be missing out on a crucial step that could make you even stronger. In this video, cybersecurity expert Megan Brown shares her insights on why it's essential to proactively seek out and address any potential gaps in your security measures. As Megan explains, knowing where the bodies are - where the bones are buried - can help you identify areas of weakness and take action before they become a major issue. So why wait until it's too late?

Jonathan Care shares a cautionary tale for those considering making a name for themselves by infiltrating criminal gangs on the dark web. While it may seem like an exciting and thrilling adventure, it's crucial to understand the real dangers involved. These are not just disaffected teenagers having a laugh together - these are serious and organized criminals with monetary intent.

In this video, we sit down with Jonathan Care, a renowned cybersecurity expert, to explore the question of whether or not money should be the primary motivation for pursuing a career in pen testing. Jonathan shares his insights on the importance of passion and the potential drawbacks of focusing solely on financial gain. Join us for a thought-provoking discussion on the role of money in the world of pen testing, and whether it should be a driving factor in your career decisions.

In this video, Jonathan Care shares his views on the usefulness of bug bounty programs in instilling public confidence in a product. He notes that for payment service providers, large online retailers, and those with substantial B2C or B2B2C offerings, bug bounty programs can be particularly valuable. Additionally, if a company's clientele is security conscious, implementing a bug bounty program can be a useful piece in their overall security strategy. Jonathan does not believe that bug bounty programs will replace traditional pen testing, as both are important measures of quality. Ultimately, he emphasizes the importance of implementing a comprehensive security strategy to maintain public trust in a product.

In this video, James Rees shares his concerns about the lack of transparency in bug bounty programs. He highlights the fact that testers are not always properly vetted or regularly checked, leaving companies unsure of who is testing their systems. He also notes that certain regions tend to have more malicious actors, raising questions about the validity of testers from those areas. This lack of transparency can be concerning for companies and users alike, and James encourages more accountability and validation measures to be put in place for bug bounty programs.

Megan Brown, the Head of International Sales at LogicGate, explains how investing in security testing can have a positive impact on your organization’s cyber risk, legal and compliance issues. She talks about how security testing can help you get better rates and coverage from your cyber insurance providers, as well as meet the expectations of your customers. She also discusses the changing standards of security testing and why you need to go beyond just showing your SOC 2 or ISO certifications. Watch this video to learn more about how investing in security testing can benefit your organization in multiple ways.

Megan Brown, the Head of International Sales at LogicGate, shares her insights on the emerging trend of continuous monitoring in the security testing space. She talks about how small startups are creating SaaS platforms that use AI and API connections to provide always-on testing for organizations. She also discusses the benefits and challenges of this approach and why she is curious to see how it evolves. Watch this video to learn more about how continuous monitoring is transforming the way we do security testing.