In the Media

Marriott hit by another data breach
Marriott hit by another data breach
Jul 12 / 2022

Tom Garruba, our Director of TPRM, is quoted in a featured article by SC Media on the second Marriott data breach.

Read More
For the second time this year, Marriott has suffered a data breach
For the second time this year, Marriott has suffered a data breach
Jul 12 / 2022

Tom Garrubba, our director of Third Party Risk Management, gets quoted on a featured articles by SiliconANGLE:

“As an organization’s security team continues to educate end-users on ways to identify phishing and other cyber threats, this latest report emphasizes the continued danger of social-engineering exploitations particularly as employees have begun a mass return to the office.”

Read More
LinkedIn May Reveal Crucial Details To Hackers
LinkedIn May Reveal Crucial Details To Hackers
Jul 07 / 2022

Forbes recently quoted Tom Garrubba, our director of TPRM, in a article that talks about the risks of revealing too much information on LinkedIn:

"All social platforms have the potential to be exploited by nefarious people and LinkedIn is certainly no exception," said Tom Garrubba, director of TPRM (Third Party Risk Management) professional services with Echelon Risk + Cyber. "Recent FBI warnings of incidents of thieves befriending people on the app and then baiting or even goading these unsuspecting users into crypto currency scams and other types of scams provide horrific examples of what can happen if one isn't careful..."

Read More
Why You Shouldn't Use Chrome's Updated Password Manager
Why You Shouldn't Use Chrome's Updated Password Manager
Jul 07 / 2022

Dahvid Schloss, our Offensive Security Lead, was quoted in this featured article by Lifewire:

"Password Managers enable you to create strong, complex passwords without having the memory of an elephant," said Schloss, "and most of them provide some level of breach monitoring to let you know when you need to change a site password."

Read More
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
Jun 30 / 2022

DarkReading quoted offensive security Lead, Dahvid Schloss, in this featured article: ZuoRAT Hijacks SOHO Routers From Cisco, Netgear

"Once you are on the router you have a full trusted connection to poke and prod at whatever device is connected to it," Dahvid Schloss, offensive security team lead at Echelon, said via email. "From there, you could attempt to use proxychains to throw exploits into the network or just monitor all the traffic going in, out, and around the network."

Read More
Echelon Risk + Cyber Welcomes Tom Garrubba as Director of Third-Party Risk Management Services
Echelon Risk + Cyber Welcomes Tom Garrubba as Director of Third-Party Risk Management Services
Jun 28 / 2022

Echelon Risk + Cyber announced the addition of Tom Garrubba as Director of Third-Party Risk Management (TPRM) Professional Services. Tom is an internationally recognized subject matter expert, consultant, author, and lecturer on business, cyber and privacy risk. He will leverage more than 20 years of experience to continue the momentum and growth of Echelon's TPRM services.

Read More
International Law Enforcement Operation Takes Down Russian Botnet
International Law Enforcement Operation Takes Down Russian Botnet
Jun 21 / 2022

Tom Garrubba, our director of TPRM, is quoted in this article by SiliconANGLE that talks about how Botnets work and how dangerous they can be:

“Botnets are so dangerous because they control large swaths of vulnerable computer systems at a scale, unlike any other attack. Those infected computer pools can then be pointed at legitimate resources and cause havoc,” Garrubba added. “Botnets can perform very disruptive attacks like distributed denial of service or large-scale vulnerability exploitation to sell to initial access brokers who will later lend that access to ransomware gangs.”

Read More
Why You Shouldn’t Store Sensitive Details in a Web Browser
Why You Shouldn’t Store Sensitive Details in a Web Browser
Jun 21 / 2022

Lifewire quoted our offensive security lead, Dahvid Schloss, in this featured article: Why You Shouldn’t Store Sensitive Details in a Web Browser.

"The fact that the malware goes after Chrome, in particular, doesn't surprise Dahvid Schloss, Managing Lead, Offensive Security, At Echelon Risk + Cyber. In an email exchange with Lifewire, Schloss said the attack appears to exploit a long-standing issue in Chrome."

Read More
9 tipos de virus informáticos y cómo hacen su trabajo sucio
9 tipos de virus informáticos y cómo hacen su trabajo sucio
Jun 21 / 2022

CSO Magazine entrevistó a Dahvid SchlCSO Magazine entrevistó a Dahvid Schloss, jefe de seguridad ofensiva enb Echelon Cyber para un artículo destacado: 9 tipos de virus informáticos y cómo hacen su trabajo sucio.

"Si quieres tener una buena perspectiva de los diferentes tipos de malware,lo mejor es que hables con alguien que se gana la vida escribiendo. Esees el trabajo de Dahvid Schloss: es el jefe de gestión de la seguridad ofensiva en la empresa de servicios profesionales de ciberseguridad Echelon Risk + Cyber, donde trabaja en el malware destinado a emular a actores de amenazas reales para ejecutar plataformas de mando ycontrol en los compromisos de emulación adversaria y equipo rojo de su empresa. Desglosó los diferentes tipos de virus con los que trabaja según su función."

Read More
9 types of computer virus and how they do their dirty work
9 types of computer virus and how they do their dirty work
Jun 13 / 2022

Dahvid Schloss gets quoted in this CSO article where he explains the types of computer viruses and how they work.

"If you want a great perspective on the different types of malware, you could do worse than talk to someone who writes it for a living. That's Dahvid Schloss's job: he's the managing lead for offensive security at cybersecurity professional services firm Echelon Risk + Cyber, where he works on malware meant to emulate real threat actors to execute command-and-control platforms on his company's adversarial emulation and red team engagements. He broke down the different types of viruses he works with by their function."

Read More
What Influencers Should Know About Digital Security
What Influencers Should Know About Digital Security
Apr 06 / 2022

Lily Clark is featured in this incfile blog for social media influencers on on how NOT to get hacked.

According to Lily, one of the main things that influencers can do to protect accounts is add two-factor authentication or multi-factor authentication (MFA). “Cracking passwords and finding passwords in breaches is easier than people realize, so that added layer of protection can prevent a lot of damage from threat actors,” she explains.

Read More
Companies Going to Greater Lengths to Hire Cybersecurity Staff
Companies Going to Greater Lengths to Hire Cybersecurity Staff
Apr 06 / 2022

Echelon's Dan Desko and Lily Clark are quoted in this article about finding creative ways to fill cybersecurity roles.

“On the talent development side of the house, we look for those who exhibit the underlying values that we see as critical for a firm like us, and couple that with a strong ability to learn," says Echelon Risk's Desko. "Once we find those people, we help turn them into cyber superstars.”

Read More
Why SASE—an emerging cybersecurity term—is crucial for protecting your company's work-from-home data and systems
Why SASE—an emerging cybersecurity term—is crucial for protecting your company's work-from-home data and systems
Apr 06 / 2022

Paul Matvey speaks about the importance of Zero Trust and SASE on remote work environments.

"You may find that you already have many of the required components in place, and now need to apply some elbow grease to orchestrate them together," Paul Matvey, a cybersecurity manager at Echelon, said.

Read More
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Mar 01 / 2022

Echelon Risk + Cyber announced it has joined the CrowdStrike Elevate Partner Program. Echelon will combine their expert advice and full suite of cybersecurity services with CrowdStrike's industry-leading endpoint protection platform to help customers stop breaches.

Read More
Echelon team uses cyber skills to aid mass Afghanistan evacuation
Echelon team uses cyber skills to aid mass Afghanistan evacuation
Oct 08 / 2021

Veterans, volunteers and government workers and officials all worked together to create a virtual global network that provided secure communications, open-source intelligence and logistical aid to usher vulnerable and endangered individuals out of the country.

Cybersecurity skills proved to be quite valuable to the operation, according to CEO and managing partner Dan Desko, and Dahvid Schloss, offensive security lead.

Read More
Pittsburgh cybersecurity company helps Afghan refugees in ‘Digital Dunkirk’
Pittsburgh cybersecurity company helps Afghan refugees in ‘Digital Dunkirk’
Aug 30 / 2021

From behind a keyboard, there’s a nationwide effort called “Digital Dunkirk,” and the goal is to help people escape Afghanistan.

The Echelon team usually spends their time helping companies with the tools they need to stay safe when it comes to hackers and ransomware attacks. But over the last few weeks, they’ve also had another mission — to get Afghans safely out of Afghanistan.

Read More

Events

Upcoming Events

Aug 27–28 2022
Blue Team Con 2022

Ross Flynn will speak about how cyber employees from non-traditional backgrounds can help mature a cybersecurity program.

Sep 9 2022
Triangle InfoseCon
Raleigh, North Carolina

Jeff Hoge will present his talk Zero Trust's 800-63 lb. Gorilla were he will explain how passwords are still a critical part of most organizations’ security infrastructure, and different techniques on how to employ controls like privileged access management (PAM), password auditing techniques, user training, and more to strengthen password security.

Past Events

Aug 15–16 2022
[DefCon Training] Zero 2 Emulated Criminal: Intro to Windows Malware Dev

Step up your emulated criminal game with a practical, hands-on introduction to malware development. Join Dahvid Scholoss at Zero 2 Emulated Criminal: Intro to Windows Dev on this year's Defcon Training Sesions.

Jul 28 2022
Triad NC ISSA Monthly Meeting
Greensboro, North Carolina

Jeff Hoge is presenting his talk Instituting a Boredom-Free Cyber Awareness Culture on the Triad NC ISSA Monthly Meeting where he talk will about how companies need to devote resources to build their culture through boredom-free security awareness training.

Jul 8 2022
B-Sides PGH
Pittsburgh, Pennsylvania

Ross Flynn speaks about how cyber employees from non-traditional backgrounds can help mature a cybersecurity program.

Jun 6–9 2022
RSA Conference 2022

Dahvid Schloss and Paul Matvey attend the RSA Conference 2022 on San Francisco to learn, network, and interact with this world-leading cybersecurity event.

Jun 4–5 2022
B-Sides Buffalo

Ross Flynn speaks about how cyber employees from non-traditional backgrounds can help mature a cybersecurity program.

Jun 4–5 2022
B-Sides San Francisco

Dahvid presents his talk How to Fake Friends and Find People: A Build-A-Buddy Case Study. Watch his full talk at the link:

May 13 2022
B-Sides Knoxville

Ross Flynn spoke about how cyber employees from non-traditional backgrounds can help mature a cybersecurity program

May 12–15 2022
PA Bankers 2022 Convention

Join Dan Desko at this annual event to talk about cybersecurity in the banking industry! Reach out to set up a time to meet.

May 5–6 2022
Central Ohio Infosec Summit

Paul Matvey and Ross Flynn will be heading to the event this year. Let us know if you'll be there - we'd love to meet up!

May 4–5 2022
Shared Assessments Third Party Risk Summit

Dan Desko and Luke Wawrzeniak will join this year's in person event. Reach out to meet with us there!

Mar 30 2022
ISACA South Florida Chapter: Understanding the CMMC 2.0 Framework

Luke Wawrzeniak presented on the main points of CMMC 2.0 and provided recommendations for governance, risk, compliance, security and audit professionals.

Mar 23 2022
Horizon3 Tech Talk: The Attackers Journey, Part II – SQL Injection Attack

Jake Murphy joined Noah King of Horizon3 to discuss topics like understanding SQL injection; what SQL injection leads to; why defenders, IT Operators, etc. should care; more.

Mar 15 2022
INE Pentester Academy: A Seat at the Table – Pulling Up Your Own Chair

Guest speaker Lily Clark shares her inspirational story of Client Success rep turned marketing guru turned cyber security pro. Learn how Lily navigated the complex world of training from novice to expert, and bring your questions!

Are you ready to get started?
Latest Intelligence