Hacking into your system!
Hey y’all,
The Friday sec-pod has finally landed in your mailbox!
Scale to Zero brings together a lot of experts, and each expert has a different energy. Nathaniel Shere was a great guest, and we had a great time hearing him.
There was a lot discussed in Nat's episode about penetration testing and ethical hacking, among other topics!
Here are a few key takeaways from the episode:
Seeing the world as a hacker Do you ever wonder what a system or software looks like from the point of view of a hacker?
By default, while operating in the ethical hacking space, you feel the urge to break into every system so you can discover your vulnerabilities. “Sometimes I feel a little bit like Jason Bourne looking around, trying to think about how would I actually try to get in here if I could. “ The attackers should inform the developers of vulnerabilities that can be fixed and remediated rather than just bandaging them up. Re-building Trust Did you ever learn a new language in one day? To learn anything new, you need to practice throughout, and the same goes for security. Organize tabletop exercises for employees where they are hacked and have to figure out how to get out of it or mitigate the damage. You need to address the problems that caused you to be hacked in the first place, and part of that will require the assistance of security experts with the necessary training. “A mindblowing study from McKinsey in 2020 – that showed more people, more customers actually would trust a company that was hacked but handled it well than a company that wasn’t hacked, to begin with.” Two key metrics It is common for organizations to get a tool for alerting on security breaches and then forget about it. Do you know what kind of alerts you've been receiving? Do you have your KPIs in order? There are two most important metrics to consider: 1. Increasing the amount of time to exploit a vulnerability for a hacker 2. Decrease the amount of time to detect the attack “I’ve seen organizations and worked with teams that are tracking a number of vulnerabilities. I think that’s an okay metric to track, but that’s going to boil right up into increasing the amount of time it takes for a hacker to find a vulnerability. Right. Because the fewer vulnerabilities there are, the more time it’s going to take them to find them in the same vein.”
Oh, there are so many nuggets we could add to this newsletter, but we would suggest you watch the entire episode:
About Nat Shere: Nat is currently working as a Technical Services Director at Craft Compliance, where he helps customers to set up Security Programs, Performs Pen Tests, and Vulnerability Scanning.
Scale to Zero releases new episodes every week! We have just released our 23rd episode, shot with Rodrigo Montoro! Here's the link to the episode:
Keep up with us!
See you next Friday!