Information Security in Today's Digital Culture

Most penetration testers are focused on one thing and one thing only: compromising the client. Heck, that’s what they are being paid for, right? That doesn’t even make my top four goals. I see a penetration test as a building block for a larger security program. My goals are simple:


Is your healthcare information security program aligned with the current threat landscape? I periodically review the DHHS Office of Civil Rights (OCR) Breach Portal Data to better understand the US healthcare threat landscape. Here’s what I found with the major breach cause categories:


It’s time we give application security the attention it requires. All IT organizations need to address application security. It doesn’t matter if you develop applications in-house or buy third party-developed applications. According to the Ponemon Institute’s recent Application Security in the Changing Risk Landscape report: The frequency and severity of application layer attacks is greater …
Read more


The first time I compromised a Windows domain using this printer misconfiguration my jaw dropped to the floor. I had to walk away from the computer for a minute to soak it in. I had just escalated from zero access to Domain Administrator in under two minutes through the printer user interface. The keys to …
Read more


True is honored to support the Tulsa community. Since we opened our doors in 2004, that support has taken many forms from volunteering for community outreach events and work days to donating funds to local causes. In recent years, that support has expanded to include sponsoring and mentoring the University of Tulsa (TU) security and …
Read more