In an age pushing for diversity, is it fair to say cyber security is still an industry dominated by men? A quick Google search seems to suggest so. Admittedly, “cyber security industry male dominated” is a somewhat loaded search, but the point still stands. By simply peering over my monitor and surveying the Bulletproof office, I am greeted by the many grizzled faces of men staring fixedly at their screens hard at work, or at least pretending to be.

PCI DSS is an incredibly important compliance standard for those processing card payments. It stands for Payment Card Industry Data Security Standard. Whilst that doesn’t exactly roll off the tongue, it is a very resilient set of standard requirements that aims to make a business more secure. A 2018 payment security report revealed that no company affected by a data breach was completely compliant with PCI DSS.

2018 is rapidly drawing to a close. The winter chill is setting in and a festive spirit permeates the air. 2019 is hurtling towards us carrying the promise of new challenges and opportunities. However, there’s still a couple of weeks to get a few more massive data breaches in.

We at Bulletproof provide a range of different cyber security services, including penetration tests, managed SIEM, and compliance consultancy. Though undoubtedly the most interesting (and cool) service we offer are our red team assessments.

You’ll often find that ‘vulnerability scan’ and ‘penetration test’ are wrongly used interchangeably, creating confusion about which is the right security choice for businesses. Broadly speaking, a vulnerability scan could be thought of as a surface-level security assessment, whereas a penetration test delves that much deeper. In fact, penetration testers often make use of a vulnerability scan as part of their process.

Even if you don’t work in the cyber-security world, you won’t have failed to notice that businesses of all sizes appear to be getting hacked on a scarily regular basis. These news reports may even help you decide whether to stay with a company or not. For example, if your gas provider experienced a security breach and lost your personal information, would you stick with them, or would you move to a seemingly more secure provider?

Prove you are a human. If you think about that sentence for too long, you realise it’s actually incredibly complex and can bring about a sense of existential angst. Yet, it’s something that is demanded of us on a near daily basis, sometimes more. It turns out, proving our humanity doesn’t require showing the capacity to love, or even passing Blade Runner’s Voight-Kampff test. Rather, we just need to be able to click on pictures of cars or shop fronts.

Let’s get one thing out there from the get-go. Being a Bulletproof consultant is awesome. I haven’t been coerced to say that. I mean, let’s start with that brand name. How cool is it to say I work for Bulletproof? I have several T-shirts with the logo emblazoned across the chest. Sometimes, I even wear them on a non-work day.

Last week, we spoke about the common issues that come up throughout a penetration test. We left out what many of our penetration testers think of as the ‘biggest issues’, however, as the finished article rivalled Dickens at his wordiest. Still, they’re definitely worth raising, as some of the most common issues that emerge from a penetration test don’t involve misconfigurations, vulnerabilities or hacking of any kind.