Intelligence

Our latest thinking and insights.

Cyber Intelligence Weekly
View all editions of our weekly cyber security newsletter.
Packet Paranoia – Manipulating ICMP Packets to Covertly Exfil and Infil Data
Packet Paranoia – Manipulating ICMP Packets to Covertly Exfil and Infil Data
Posted on Jun 11 / 2024
The Latest in FedRAMP Compliance: Breaking Down Red Teaming for Enhanced Security
The Latest in FedRAMP Compliance: Breaking Down Red Teaming for Enhanced Security
FedRAMP announced a new red team requirement impacting cloud service providers. This article breaks down the details of the requirement and the difference between red teaming and pen testing.
Posted on Apr 18 / 2024
SEC’s Cybersecurity: Insights into the SEC's Recent Cybersecurity Disclosure Mandates
SEC’s Cybersecurity: Insights into the SEC's Recent Cybersecurity Disclosure Mandates
Discover insights into the U.S. Securities and Exchange Commission's (SEC) recent cybersecurity disclosure mandates, exploring the evolving intersection of finance and technology. Learn about critical updates, implications for the cybersecurity landscape, and the importance of compliance for companies and investors.
Posted on Apr 08 / 2024
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2024 Global Threat Landscape
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2024 Global Threat Landscape
Dive into CrowdStrike's 2024 Global Threat Report with insights from Daniela Villalobos and Mitchel Sykes. Understand the most important cyber threat trends and learn strategies to stay ahead by focusing on identity protection and cloud security while fostering a cybersecurity culture.
Posted on Mar 05 / 2024
Navigating the Top Cybersecurity Risks in 2024
Navigating the Top Cybersecurity Risks in 2024
In the rapidly evolving landscape of cybersecurity threats, organizations face an array of risks that demand proactive measures to safeguard sensitive data. This article emphasizes the importance of creating a robust risk register and outlines a four-step process to identify, assess, and manage potential risks effectively.
Posted on Feb 09 / 2024
2023's Top Picks: The 10 Must-Read Cybersecurity Articles Authored by Our Team
2023's Top Picks: The 10 Must-Read Cybersecurity Articles Authored by Our Team
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2023.
Posted on Jan 02 / 2024
Is My Cyber Incident ‘Material’? 10 Questions to Ask to Determine SEC Cybersecurity Materiality
Is My Cyber Incident ‘Material’? 10 Questions to Ask to Determine SEC Cybersecurity Materiality
Understand the materiality of cyber incidents according to the Securities and Exchange Commission (SEC) rules. Explore 10 questions to assess the materiality of cybersecurity incidents.
Posted on Dec 16 / 2023
CISOs, Are You Doing Enough to Evaluate and Address Your Vendor Risk?
CISOs, Are You Doing Enough to Evaluate and Address Your Vendor Risk?
Is your organization's Vendor Risk Management strategy robust enough? This article explores the critical role of CISOs in assessing new vendors and monitoring existing ones to safeguard against data breaches and potential disruptions. Stay ahead in the evolving landscape of third-party threats and enhance your cybersecurity posture.
Posted on Dec 15 / 2023
The CISO’s Guide to Ramping Up Cybersecurity During the Holidays: 7 Essential Steps for Incident Preparedness
The CISO’s Guide to Ramping Up Cybersecurity During the Holidays: 7 Essential Steps for Incident Preparedness
Discover 7 essential steps for CISOs to bolster cybersecurity during the holiday season. Learn how to recognize and prepare for heightened cyber threats, including data-backed insights and attack-specific playbooks.
Posted on Dec 14 / 2023
A Six-Step Starter Guide for HIPAA Compliance
A Six-Step Starter Guide for HIPAA Compliance
Embark on a journey to HIPAA compliance with Daniela Villalobos' comprehensive guide. Explore the six essential steps, understand HIPAA's importance, and discover how Drata's automation tool streamlines the process.
Posted on Nov 27 / 2023
NYDFS Second Amendment to 23NYCRR500: Changes and Updates to the Regulation
NYDFS Second Amendment to 23NYCRR500: Changes and Updates to the Regulation
Explore the significant changes and updates introduced by the NYDFS Second Amendment to 23NYCRR500, impacting cybersecurity regulations for financial institutions. Erin Conway provides insights on critical amendments, timelines, and actions for compliance.
Posted on Nov 13 / 2023
The Language Revolution: Enhancing Cybersecurity with Large Language Models
The Language Revolution: Enhancing Cybersecurity with Large Language Models
In this article, Renata Uribe Sánchez explores the transformative impact of large language models (LLMs) in the field of cybersecurity. LLMs, particularly Transformers, are powerful tools within deep neural networks that can interpret and generate natural language, making them invaluable in various applications. The article discusses the benefits of integrating LLMs into cybersecurity, including advanced threat detection, phishing prevention, malware detection, and investigative data analysis. It also highlights the challenges associated with biases, AI-driven hacking, and data privacy.
Posted on Sep 18 / 2023
Hackin’ SaaS – Echelon’s Top 10 Web App Vulnerabilities
Hackin’ SaaS – Echelon’s Top 10 Web App Vulnerabilities
Echelon's Offensive Security (OffSec) team of ethical hackers conducts daily penetration tests on web applications, uncovering common vulnerabilities that threaten online security. In this article, we explore the top 10 web app vulnerabilities frequently encountered during penetration tests. From SQL injection to CORS misconfigurations, we'll delve into each vulnerability and discuss how to both exploit and safeguard against them.
Posted on Sep 13 / 2023
How to Attract and Retain Women in Cybersecurity
How to Attract and Retain Women in Cybersecurity
Discover effective strategies and insights to bridge the gender gap in the cybersecurity field with our senior cybersecurity consultant, Shir Butbul. Explore her findings, recruitment practices, mentorship programs, and more as we delve into the crucial mission of attracting and retaining women in cybersecurity. Learn from Shir's expertise and contribute to building a diverse and resilient cybersecurity workforce for a safer digital future.
Posted on Sep 07 / 2023
eLearnSecurity Web Application Penetration Tester (eWPT): Overview and How to Prepare for the Exam
eLearnSecurity Web Application Penetration Tester (eWPT): Overview and How to Prepare for the Exam
Prepare for the eLearnSecurity Web Application Penetration Tester (eWPT) exam with this comprehensive guide. Learn about the exam format, prerequisites, and tips to pass the practical and written assessments. Acquire valuable web application penetration testing skills and enhance your professional profile.
Posted on Aug 01 / 2023
Network Pivoting and the eCPPT Exam
Network Pivoting and the eCPPT Exam
Learn about network pivoting techniques for the eCPPT exam and penetration testing. Understand the concept of pivoting, explore tools like Metasploit, Proxychains, SOCKS Proxy, Chisel, and Ligolo-ng, and discover the differences between reverse shells and bind shells.
Posted on Jul 05 / 2023
Adaptability and Perseverance – Breaking Down the 2023 CrowdStrike Global Threat Report
Adaptability and Perseverance – Breaking Down the 2023 CrowdStrike Global Threat Report
Here are our key takeaways from CrowdStrike's 2023 Global Threat Report. Discover the latest threat trends and explore recommendations for staying ahead of threats.
Posted on May 23 / 2023
Busting Myths about Microsoft 365 Security (Healthcare Edition)
Busting Myths about Microsoft 365 Security (Healthcare Edition)
Uncover the truth about Microsoft 365 security in healthcare organizations. Learn why myths about security tools, Microsoft's default settings, third-party filters, and HIPAA certification can leave your organization vulnerable.
Posted on May 23 / 2023
It’s Time for Healthcare to Focus on Vendor Risk Maturity
It’s Time for Healthcare to Focus on Vendor Risk Maturity
Cybersecurity breaches are on the rise for healthcare, with many coming through the supply chain. Here's practical advice on how to assess the maturity of a third-party risk management program and reduce the risk associated with vendors and business partners.
Posted on May 22 / 2023
Why Every Healthcare Organization Should Assess their Microsoft 365 Environment
Why Every Healthcare Organization Should Assess their Microsoft 365 Environment
Healthcare organizations should assess their Microsoft 365 environment to protect sensitive data and reduce cyber threats. Read on to learn more.
Posted on May 10 / 2023
Hacker's Perspective: A Modern Approach to Cross-Site Request Forgery
Hacker's Perspective: A Modern Approach to Cross-Site Request Forgery
Learn how to locate and exploit Cross-Site Request Forgery (CSRF) vulnerabilities in modern web applications by understanding client-side and server-side code interactions, CSRF tokens, and SameSite cookie policies.
Posted on May 10 / 2023
To hire, or not to hire a CISO? That is the question. Or is it though?
To hire, or not to hire a CISO? That is the question. Or is it though?
Small to mid-sized businesses often wonder whether to hire a Chief Information Security Officer (CISO). This article examines the factors for SMBs to consider when deciding to hire a full-time or fractional CISO.
Posted on May 04 / 2023
Level-Up Your Testing with Adversarial-Based Red Teaming and the TIBER-EU Framework
Level-Up Your Testing with Adversarial-Based Red Teaming and the TIBER-EU Framework
Traditional penetration testing may not be enough to simulate real-world attack scenarios. Discover the benefits of adversarial-based red teaming with the TIBER-EU Framework to improve your organization's ability to detect, respond to, and mitigate sophisticated attacks.
Posted on Apr 27 / 2023
Cyber Definition Problems: Red Teaming vs. Penetration Testing
Cyber Definition Problems: Red Teaming vs. Penetration Testing
Cybersecurity terms like "red teaming" and "penetration testing" are often used interchangeably, leading to confusion and misinformation. This article explores the differences between these assessments and why the misuse of terms can be detrimental to the industry.
Posted on Apr 17 / 2023
The 5 Things I Learned About Consulting in My First 5 Months as a Consultant at Echelon Risk + Cyber
The 5 Things I Learned About Consulting in My First 5 Months as a Consultant at Echelon Risk + Cyber
Six years into her professional career, Shir Butbul decided to make a career change and move into consulting after working as a GRC Lead for various companies. Here's what she has learned on her journey.
Posted on Apr 10 / 2023
Vulnerability Management: Minimizing Risks, Maximizing Security
Vulnerability Management: Minimizing Risks, Maximizing Security
A reactive approach to mitigating infrastructure vulnerabilities - or playing “vulnerability whack-a-mole” - is both unsustainable and ineffective. Here's how a formal vulnerability management program provides proactive, sustainable, and effective measures to defend against cyberattacks.
Posted on Mar 31 / 2023
Pen Testing is Not Enough – Red Team Assessments in Healthcare
Pen Testing is Not Enough – Red Team Assessments in Healthcare
Learn why pen testing alone isn't enough to secure healthcare organizations from cyber threats, and how red team assessments can help identify and mitigate vulnerabilities. Here's a comprehensive overview of red teaming and its importance in healthcare cybersecurity.
Posted on Mar 14 / 2023
eLearnSecurity Certified Professional Penetration Tester (eCPPT): Overview and How to Prepare for the Exam
eLearnSecurity Certified Professional Penetration Tester (eCPPT): Overview and How to Prepare for the Exam
Preparing for the eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) exam? Here are three experiences from the Echelon Offensive Security Team and tips on how to prepare.
Posted on Mar 06 / 2023
eJPTv2 Certification: Overview and How to Prepare for the Exam
eJPTv2 Certification: Overview and How to Prepare for the Exam
The eJPTv2 certification is a globally recognized entry-level information security certification that validates practical penetration testing skills. Take a look at this article redacted by our Offsec team where they provide an overview of the certification and tips on how to prepare for the exam.
Posted on Feb 16 / 2023
Practical Strategies to Enhance Your Organization’s Information Security Awareness and Training Program
Practical Strategies to Enhance Your Organization’s Information Security Awareness and Training Program
When it comes to cybersecurity, all organizations share a similar risk – the possibility of human error. When it comes to educating your people about cyber, one size does NOT fit all. Here are six strategies to mature your information security awareness and training program.
Posted on Feb 09 / 2023
Top 10 Cybersecurity Articles in 2022
Top 10 Cybersecurity Articles in 2022
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2022.
Posted on Dec 12 / 2022
Hacker’s Perspective: Securing JSON Web Tokens
Hacker’s Perspective: Securing JSON Web Tokens
If you are a modern-day developer, you’re probably plenty familiar with JSON Web Tokens (JWT’s). They perform their job efficiently when correctly implemented. Unfortunately, they can also be vulnerable to malicious threat actors.
Posted on Nov 28 / 2022
ISO/IEC 27001:2022 – Your Guide to the Updates and How to Get (and Stay) Compliant
ISO/IEC 27001:2022 – Your Guide to the Updates and How to Get (and Stay) Compliant
The highly anticipated ISO 27001:2022 updates modernize the standard to keep up with the evolving cyber landscape. Here's everything you need to know about the changes and how you can get (and stay) compliant.
Posted on Nov 11 / 2022
Bite-Sized Cyber Essentials: Network VPNs
Bite-Sized Cyber Essentials: Network VPNs
Virtual Private Networks (VPNs) are often presented as the ultimate tool for privacy and anonymity. But this is a strong misconception. Using a VPN does not guarantee protection from location tracking, social and web profiling, and most importantly, using a VPN does not guarantee anonymity.
Posted on Nov 09 / 2022
Case Study: Utility Cloud Partners with Echelon to Boost Security of their Web Application
Case Study: Utility Cloud Partners with Echelon to Boost Security of their Web Application
Utility Cloud is an operations management software designed to help utilities such as water, wastewater, and natural gas digitally manage their assets and work orders. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Oct 21 / 2022
Bite-Sized Cyber Essentials: Multi-Factor Authentication
Bite-Sized Cyber Essentials: Multi-Factor Authentication
Multi-factor authentication (MFA) is the process of having more than one form of authentication to ensure that if one methods is compromised, an attacker is still unable to access the account.
Posted on Oct 12 / 2022
Bite-Sized Cyber Essentials: Password Practices and Password Managers
Bite-Sized Cyber Essentials: Password Practices and Password Managers
Passwords have not gone away yet. Although there may be new forms of logging in, such as biometric logins, passwords still ultimately serve as our master key to sign in. This means we need to take better care of how we create, use, and store our passwords.
Posted on Oct 12 / 2022
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
Buckle up for the story of how the Echelon team won the coveted DEF CON Black Badge, and dive deep into Ross Flynn's detail breaking down the Black Badge.
Posted on Sep 13 / 2022
Are Your Vendors “Tall enough to Ride the Ride”?
Are Your Vendors “Tall enough to Ride the Ride”?
We can think about an amusement park’s rider height and restriction requirements as a useful way to describe risk tolerances when onboarding new vendors or increasing scopes of work to existing ones.
Posted on Aug 22 / 2022
RSA 2022 Recap: Our Main Takeaways
RSA 2022 Recap: Our Main Takeaways
This year’s RSA 2022 event was centered around the theme of “Transform,” which is really on-point for the world we live in. Here are Paul Matvey's big takeaways from the event.
Posted on Jun 20 / 2022
Postcard from the 2022 PA Bankers Convention
Postcard from the 2022 PA Bankers Convention
Upon returning home from Scottsdale, AZ for the PA Bankers Convention of 2022, I had some time to reflect on my three key takeaways from my time spent amongst leaders in the great banking industry of Pennsylvania.
Posted on May 29 / 2022
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
File uploads are ubiquitous, making them a prime target for attackers. Here's how ethical hackers test your resilience against these kinds of attacks.
Posted on May 25 / 2022
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Are you exposing your company's internal data? Algolia APIs are extremely useful for efficient access to stored data, but the keys used to access them are easily misconfigured and can give attackers access to allow an attacker to launch a site-wide attack.
Posted on May 16 / 2022
Right in your Lapsus$ – How Attackers are Playing a Different Game
Right in your Lapsus$ – How Attackers are Playing a Different Game
Many cutting-edge security programs base their defenses on sophisticated, nation-state level threat actors. How, then, have so many of them gotten hacked recently by a new and less-sophisticated group, Lapsus$?
Posted on Apr 19 / 2022
What the Lapsus$ Attacks Should Teach Us About Third-Party Insider Threat
What the Lapsus$ Attacks Should Teach Us About Third-Party Insider Threat
The Lapsus$ attacks have helped companies realize that third-party vendors can be the 'weakest link' within their own organizations. This article summarizes what companies can learn (and do) to protect data.

Posted on Apr 11 / 2022
Looking Inward, Charting a New Course for Effective TPRM
Looking Inward, Charting a New Course for Effective TPRM
Most current third-party risk management (TPRM) programs are external-facing. But what if the greatest threat to your organization wasn’t external?
Posted on Apr 06 / 2022
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2022 Global Threat Landscape
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2022 Global Threat Landscape
The year 2021 brought about some serious cyber challenges. This article summarizes key takeaways from CrowdStrike's Global Threat Landscape report, provides a breakdown of the five 2021 themes, and gives our take on seven recommendations that resonate most with us.
Posted on Apr 01 / 2022
The Countdown Begins for Financial Institutions Using FedLine Solutions
The Countdown Begins for Financial Institutions Using FedLine Solutions
In January 2021, the Federal Reserve Banks implemented the Security and Resiliency Assurance Program outlining new compliance requirements for banks that use FedLine® by the end of 2022. This article outlines everything you need to know about this new program.
Posted on Mar 23 / 2022
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
The eWPTX is an expert-level certification covering advanced web application exploitation and analysis. Here’s one cybersecurity consultant’s experience and tips on how to prepare.
Posted on Mar 17 / 2022
Maturing Your IAM Program: Role-Based Access Control (RBAC)
Maturing Your IAM Program: Role-Based Access Control (RBAC)
Role Based Access Control (RBAC) has become the holy grail of access management. So why isn't everyone using it? Here are a few tips on how to strategically approach your RBAC adoption journey.
Posted on Mar 16 / 2022
The Countdown is On: New Cyber Incident Reporting Requirements for Banks
The Countdown is On: New Cyber Incident Reporting Requirements for Banks
Lawmakers have argued about mandatory cyber incident reporting for years, but it has never gained the traction needed to become widespread law. For those in the banking industry, this is all about to change.
Posted on Mar 02 / 2022
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Partnership Delivers Best-in-Class Solutions and Services to Help Companies Stop Breaches and Achieve a Higher Level of Endpoint Protection
Posted on Feb 28 / 2022
Case Study: MetaOptima Enhances Security Practices through a Web Application Assessment
Case Study: MetaOptima Enhances Security Practices through a Web Application Assessment
As an organization that stores sensitive medical data, MetaOptima is focused on investing in their security posture. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Feb 22 / 2022
How Safe is it to Scan a QR Code?
How Safe is it to Scan a QR Code?
QR codes are clever (just ask Coinbase), but they can be security nightmares. Here’s what our CEO, Dan Desko, had to say when he was interviewed about this year’s Super Bowl ad.
Posted on Feb 15 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
GraphQL is a commonly used query language for manipulating APIs. Properly secured, it is a useful tool for web application development. Configured improperly, it can have devastating results.
Posted on Jan 31 / 2022
Continuous Penetration Testing: Shattering the Hourglass
Continuous Penetration Testing: Shattering the Hourglass
Threats are continuously evolving - your pen testing should too. As attackers constantly find new vulnerabilities to exploit, a continuous penetration testing approach persistently emulates threat actor activity within a company’s unique environment, helping them stay secure over time.
Posted on Jan 31 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Password Reset features can be dangerous and must be implemented securely. Otherwise, user accounts can be compromised.
Posted on Jan 24 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Detailed error messages may seem unimportant, but they can be very valuable for attackers. Here's more on why they are important and how you can fix this web app vulnerability.
Posted on Jan 18 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hidden dangers within your web app’s ‘invite’ feature, why it matters, and how you can fix it.
Posted on Jan 13 / 2022
CMMC 2.0 - Three Big Reasons to Start the Compliance Process Now
CMMC 2.0 - Three Big Reasons to Start the Compliance Process Now
The DoD’s Cybersecurity Maturity Model Certification (CMMC) framework is changing, but there are many advantages to beginning your compliance journey now rather than later.
Posted on Jan 13 / 2022
Top 10 Cybersecurity Articles in 2021
Top 10 Cybersecurity Articles in 2021
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2021.
Posted on Dec 20 / 2021
Log4shell: How Attackers are (Currently) Breaking the Internet, and How to Mitigate
Log4shell: How Attackers are (Currently) Breaking the Internet, and How to Mitigate
Websites are like buildings. If your website's foundation is vulnerable to Log4j, check out this overview of the attack, how to test for it, and how to mitigate it.
Posted on Dec 16 / 2021
Top 7 Cybersecurity Predictions for 2022
Top 7 Cybersecurity Predictions for 2022
As 2021 winds down, we take a peek into the future of cybersecurity for 2022. Will our predictions come true?
Posted on Dec 14 / 2021
Embracing New Technology? Here’s How to Keep Cybersecurity Top of Mind
Embracing New Technology? Here’s How to Keep Cybersecurity Top of Mind
As technology advances at an unprecedented pace, many businesses are aggressively accelerating adoption to maintain a competitive advantage. But there’s a big risk for those who don’t keep cybersecurity top of mind.
Posted on Nov 10 / 2021
CMMC Update: November 5, 2021 - Five Key Takeaways
CMMC Update: November 5, 2021 - Five Key Takeaways
The Cybersecurity Maturity Model Certification (CMMC) underwent a huge makeover in the last 48 hours. Here is what you need to know.
Posted on Nov 05 / 2021
SC Media Interview: Cyber pros used OSINT and sock puppets to aid mass Afghanistan evacuation
SC Media Interview: Cyber pros used OSINT and sock puppets to aid mass Afghanistan evacuation
In this interview and article from SC Media, Dan Desko and Dahvid Schloss discuss how the Echelon Risk + Cyber team used their cyber skills to help at least 50 Afghan refugees to safety.
Posted on Oct 08 / 2021
Risk + Cyber Perspectives: Securing Financial Services
Risk + Cyber Perspectives: Securing Financial Services
In this video discussion with Matt Tolbert, Senior Cybersecurity Examiner for the Federal Reserve Bank of Cleveland, Matt and Dan discuss risks of remote workforces, planning for disruptions, mitigating 3rd party risks, going to the cloud, supply chain threats, and resilience in the future.
Posted on Oct 07 / 2021
Case Study: Bell and Howell Improves Cyber Posture with Echelon’s Unique Collaborative Approach to Pen Testing
Case Study: Bell and Howell Improves Cyber Posture with Echelon’s Unique Collaborative Approach to Pen Testing
Bell and Howell partnered with Echelon Risk + Cyber to test the security of their systems, ensuring that they will continue to be protected from future cyberattacks and avoid any future disruption to their systems.
Posted on Oct 06 / 2021
Mission Matters Interview: Dan Desko + Adam Torres
Mission Matters Interview: Dan Desko + Adam Torres
Our CEO and Founder Dan Desko was recently interviewed for Mission Matters Innovation with Adam Torres. The interview focuses on our core belief that security and privacy are basic human rights. We're built to live that mission every day.
Posted on Oct 06 / 2021
Banking in the Cloud: Key Considerations for IT Leaders
Banking in the Cloud: Key Considerations for IT Leaders
Considering a move to the cloud? There's a lot to think about, especially for financial institutions. This article lays out those obstacles and some considerations for overcoming them.
Posted on Sep 28 / 2021
Four Ways to Spice Up Your Penetration Testing Routine
Four Ways to Spice Up Your Penetration Testing Routine
Another year, another penetration test? Attackers are evolving, and so should you. Here are four ways to spice up your pen testing routine to be better prepared and reduce your attack surface.
Posted on Sep 22 / 2021
DefCon 29 in Review: The Best Sessions, Badge Spoilers and More
DefCon 29 in Review: The Best Sessions, Badge Spoilers and More
Have you solved your badges yet? With another DefCon in the books, here's our take on the best sessions and a close up look at some of the badges.
Posted on Aug 26 / 2021
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
From a hacker’s perspective, the essence of password security boils down to two things: how guessable is it and how easy is it to crack encrypted passwords. Here are our tips for creating stronger passwords.
Posted on Aug 24 / 2021
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
More people fell victim to phishing than any other form of internet crime in 2020, and this trend is likely to continue. But phishing is not just prevalent - it is evolving. Here are three mitigation strategies for modern phishing techniques, from the perspective of a hacker.
Posted on Aug 04 / 2021
CMMC Compliance 101: Answers to Common Questions
CMMC Compliance 101: Answers to Common Questions
Have you Googled CMMC compliance lately? We want to help clear the air. Avoid the marketing jargon and confusing content with these answers to common questions.
Posted on Aug 02 / 2021
Flexible & Secure Remote Penetration Testing in a Changing World
Flexible & Secure Remote Penetration Testing in a Changing World
Over the past year and a half, the worldwide workforce underwent a drastic and rapid paradigm shift that has brought with it new opportunities, attack vectors, and methods to test security. When testing security with penetration testing, partner with a firm using the most modern, advanced tactics to test your readiness for tomorrow’s attackers.
Posted on Jul 29 / 2021
Search
Articles
Webinars
Sections
Cyber Intelligence Weekly Offensive Security: How to Level Up Hacker's Perspective: Tips for Defenders Compliance Beyond the Baseline: A New Approach to IT Audits CISO's Corner Tech Dives Cyber Career Tips Financial Services Higher Education Healthcare Technology & SaaS Manufacturing Improving Cyber Hygiene

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.