In the Media

New app for teens has safety upgrades, but experts say it might not be enough
New app for teens has safety upgrades, but experts say it might not be enough
Sep 26 / 2023

Dan Desko, CEO & Managing Partner at Echelon Risk + Cyber, was recently quoted on an article by Yahoo! News on App security for teens:

“I think they should have looked at that before the app went out because if you’re going to gear something toward middle and high school students, you have to think like a parent. I said ‘oh no, here’s another app that people will be up and arms about.’ To me, it was just like ‘here we go again.’ It feels like this happens quite a bit, and it’s hard to keep up with it all,”

Read More
Echelon Risk + Cyber Welcomes Chad LeMaire as Chief Security Officer
Echelon Risk + Cyber Welcomes Chad LeMaire as Chief Security Officer
Jul 31 / 2023

“We are excited and humbled to add someone of Chad’s caliber to our already high-performing team,” said Dan Desko, CEO of Echelon Risk + Cyber. “His unparalleled leadership combined with deep cybersecurity expertise and exemplary service to our country make him the perfect match for Echelon and our clients as we double down on our commitment to protect the basic human right to security and privacy.”

Read More
Why cybersecurity professionals require more mental health support now more than ever
Why cybersecurity professionals require more mental health support now more than ever
Mar 24 / 2023

Ross Flynn, Cybersecurity Manager at Echelon Risk + Cyber, gets quoted in an article by Worklife on why cybersecurity professionals require more mental health support now more than ever:

"While organizations can create cultures that foster good mental health practices, it is still up to us as cybersecurity practitioners to practice good boundaries, spend time with loved ones, take breaks when needed and make time for other hobbies outside the field.”

Read More
LastPass hack aftermath: can we trust password managers?
LastPass hack aftermath: can we trust password managers?
Jan 09 / 2023

Paul Matvey, Cybersecurity Manager at Echelon Risk + Cyber, gets quoted on an article by CyberNews on the aftermath of the LastPass hack:

"One of the concerning things about the LastPass breach is that some of the metadata fields were not encrypted, such as the URLs of sites visited by the users. Therefore, threat actors have an inventory of many services you use and secrets you possess, which gives them greater intelligence to use in targeted attacks"

Read More
Echelon Risk + Cyber Welcomes Matt Donato as New Partner
Echelon Risk + Cyber Welcomes Matt Donato as New Partner
Jan 04 / 2023

"As a Partner at Echelon, I hope to play an integral role in building a top-notch professional services firm that provides a unique, fulfilling, and dynamic company culture and an experience that both our team and clients will undoubtedly enjoy.”

Read More
Echelon Risk + Cyber Welcomes Shea Nangle as Director of Advisory Services
Echelon Risk + Cyber Welcomes Shea Nangle as Director of Advisory Services
Oct 19 / 2022

"This is an exciting time to be joining Echelon. Today we face an ever-evolving array of cyber threats, and Echelon is well-positioned to make the world a safer and more secure place," said Nangle. "I look forward to the opportunity to build out Echelon's Advisory Services offerings and apply my skills and experience to help Echelon's clients improve their security posture."

Read More
Echelon Risk + Cyber Welcomes Kaushik Kiran as Director of vCISO and Cyber Strategy Services
Echelon Risk + Cyber Welcomes Kaushik Kiran as Director of vCISO and Cyber Strategy Services
Oct 06 / 2022

“Cybersecurity is increasingly becoming an integral part of business success. With my extensive experience across technology risk and CISO workstreams, I was looking for an opportunity to either lead or be part of a team that helps drive the strategic transformation of cyber initiatives,” said Kiran. “The opportunity at Echelon provides excellent synergy for my professional growth while allowing me to solve clients’ needs.”

Read More
Data Regulations Follow – and Go Beyond – Europe’s GDPR
Data Regulations Follow – and Go Beyond – Europe’s GDPR
Sep 08 / 2022

Our Director of TPRM, Tom Garrubba, is quoted in an article by the Global Association of Risk Professionals (GARP) on how data regulations in Europe like GDPR have set high standards worldwide while privacy is still a debate in the US. “Now every other privacy regulation in the world has used GDPR as a foundation,” Tom said.

Read More
Children's Online Privacy May Soon Get the Big Boost It Needs
Children's Online Privacy May Soon Get the Big Boost It Needs
Sep 06 / 2022

Tom Garrubba, our director of TPRM, recently got qouten on a article by LifeWire:

"The bill is heavy on ensuring the "health and well-being" of children, which is something that many parental organizations and privacy activists for years have been criticizing big tech for turning a blind eye to."

Read More
Your Facebook App Might Still Track You, Even After Being Told Not to
Your Facebook App Might Still Track You, Even After Being Told Not to
Aug 18 / 2022

Tom Garruba, our director of Third Party Risk Management (TPRM), is quoted in a featured article by LifeWire on how your Facebook app can still track you, even after being told not to.

Read More
Marriott hit by another data breach
Marriott hit by another data breach
Jul 12 / 2022

Tom Garruba, our Director of TPRM, is quoted in a featured article by SC Media on the second Marriott data breach.

"As an organizations security team continues to educate end-users on ways to identify phishing and other cyber threats, this latest report emphasizes the continued danger of social-engineering exploitations particularly as employees have begun a mass return to the office," Garrubba added.

Read More
For the second time this year, Marriott has suffered a data breach
For the second time this year, Marriott has suffered a data breach
Jul 12 / 2022

Tom Garrubba, our director of Third Party Risk Management, gets quoted on a featured articles by SiliconANGLE:

“As an organization’s security team continues to educate end-users on ways to identify phishing and other cyber threats, this latest report emphasizes the continued danger of social-engineering exploitations particularly as employees have begun a mass return to the office.”

Read More
LinkedIn May Reveal Crucial Details To Hackers
LinkedIn May Reveal Crucial Details To Hackers
Jul 07 / 2022

Forbes recently quoted Tom Garrubba, our director of TPRM, in a article that talks about the risks of revealing too much information on LinkedIn:

"All social platforms have the potential to be exploited by nefarious people and LinkedIn is certainly no exception," said Tom Garrubba, director of TPRM (Third Party Risk Management) professional services with Echelon Risk + Cyber.

Read More
Why You Shouldn't Use Chrome's Updated Password Manager
Why You Shouldn't Use Chrome's Updated Password Manager
Jul 07 / 2022

Dahvid Schloss, our Offensive Security Lead, was quoted in this featured article by Lifewire:

"Password Managers enable you to create strong, complex passwords without having the memory of an elephant," said Schloss, "and most of them provide some level of breach monitoring to let you know when you need to change a site password."

Read More
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
Jun 30 / 2022

"Once you are on the router you have a full trusted connection to poke and prod at whatever device is connected to it," Dahvid Schloss, offensive security team lead at Echelon, said via email. "From there, you could attempt to use proxychains to throw exploits into the network or just monitor all the traffic going in, out, and around the network."

Read More
Echelon Risk + Cyber Welcomes Tom Garrubba as Director of Third-Party Risk Management Services
Echelon Risk + Cyber Welcomes Tom Garrubba as Director of Third-Party Risk Management Services
Jun 28 / 2022

“My entire career has been focused on operational risk, security, privacy, audit, resilience and compliance in various industries,” said Garrubba. “I look forward to helping Echelon clients in a variety of industries identify, assess and mitigate third-party risks to improve their risk posture.”

Read More
International Law Enforcement Operation Takes Down Russian Botnet
International Law Enforcement Operation Takes Down Russian Botnet
Jun 21 / 2022

Tom Garrubba, our director of TPRM, is quoted in this article by SiliconANGLE that talks about how Botnets work and how dangerous they can be:

“Botnets are so dangerous because they control large swaths of vulnerable computer systems at a scale, unlike any other attack. Those infected computer pools can then be pointed at legitimate resources and cause havoc,” Garrubba added. “Botnets can perform very disruptive attacks like distributed denial of service or large-scale vulnerability exploitation to sell to initial access brokers who will later lend that access to ransomware gangs.”

Read More
Why You Shouldn’t Store Sensitive Details in a Web Browser
Why You Shouldn’t Store Sensitive Details in a Web Browser
Jun 21 / 2022

Lifewire quoted our offensive security lead, Dahvid Schloss, in this featured article.

"The fact that the malware goes after Chrome, in particular, doesn't surprise Dahvid Schloss, Managing Lead, Offensive Security, At Echelon Risk + Cyber. In an email exchange with Lifewire, Schloss said the attack appears to exploit a long-standing issue in Chrome."

Read More
9 tipos de virus informáticos y cómo hacen su trabajo sucio
9 tipos de virus informáticos y cómo hacen su trabajo sucio
Jun 21 / 2022

CSO Magazine entrevistó a Dahvid Schloss, jefe de seguridad ofensiva enb Echelon Cyber para un artículo destacado: 9 tipos de virus informáticos y cómo hacen su trabajo sucio.

"Si quieres tener una buena perspectiva de los diferentes tipos de malware,lo mejor es que hables con alguien que se gana la vida escribiendo. Esees el trabajo de Dahvid Schloss: es el jefe de gestión de la seguridad ofensiva en la empresa de servicios profesionales de ciberseguridad Echelon Risk + Cyber, donde trabaja en el malware destinado a emular a actores de amenazas reales para ejecutar plataformas de mando ycontrol en los compromisos de emulación adversaria y equipo rojo de su empresa. Desglosó los diferentes tipos de virus con los que trabaja según su función."

Read More
9 types of computer virus and how they do their dirty work
9 types of computer virus and how they do their dirty work
Jun 13 / 2022

Dahvid Schloss was quoted in this CSO article where he explains the nine types of computer viruses and how they work.

"If you want a great perspective on the different types of malware, you could do worse than talk to someone who writes it for a living. That's Dahvid Schloss's job: he's the managing lead for offensive security at cybersecurity professional services firm Echelon Risk + Cyber, where he works on malware meant to emulate real threat actors to execute command-and-control platforms on his company's adversarial emulation and red team engagements. He broke down the different types of viruses he works with by their function."

Read More
What Influencers Should Know About Digital Security
What Influencers Should Know About Digital Security
Apr 06 / 2022

Lily Clark is featured in this incfile blog for social media influencers on on how NOT to get hacked.

According to Lily, one of the main things that influencers can do to protect accounts is add two-factor authentication or multi-factor authentication (MFA). “Cracking passwords and finding passwords in breaches is easier than people realize, so that added layer of protection can prevent a lot of damage from threat actors,” she explains.

Read More
Companies Going to Greater Lengths to Hire Cybersecurity Staff
Companies Going to Greater Lengths to Hire Cybersecurity Staff
Apr 06 / 2022

Echelon's Dan Desko and Lily Clark are quoted in this article about finding creative ways to fill cybersecurity roles.

“On the talent development side of the house, we look for those who exhibit the underlying values that we see as critical for a firm like us, and couple that with a strong ability to learn," says Echelon Risk's Desko. "Once we find those people, we help turn them into cyber superstars.”

Read More
Why SASE—an emerging cybersecurity term—is crucial for protecting your company's work-from-home data and systems
Why SASE—an emerging cybersecurity term—is crucial for protecting your company's work-from-home data and systems
Apr 06 / 2022

Paul Matvey speaks about the importance of Zero Trust and SASE on remote work environments.

"You may find that you already have many of the required components in place, and now need to apply some elbow grease to orchestrate them together," Paul Matvey, a cybersecurity manager at Echelon, said.

Read More
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Mar 01 / 2022

Echelon Risk + Cyber announced it has joined the CrowdStrike Elevate Partner Program. Echelon will combine their expert advice and full suite of cybersecurity services with CrowdStrike's industry-leading endpoint protection platform to help customers stop breaches.

Read More
Echelon team uses cyber skills to aid mass Afghanistan evacuation
Echelon team uses cyber skills to aid mass Afghanistan evacuation
Oct 08 / 2021

Veterans, volunteers and government workers and officials all worked together to create a virtual global network that provided secure communications, open-source intelligence and logistical aid to usher vulnerable and endangered individuals out of the country.

Cybersecurity skills proved to be quite valuable to the operation, according to CEO and managing partner Dan Desko, and Dahvid Schloss, offensive security lead.

Read More
Pittsburgh cybersecurity company helps Afghan refugees in ‘Digital Dunkirk’
Pittsburgh cybersecurity company helps Afghan refugees in ‘Digital Dunkirk’
Aug 30 / 2021

From behind a keyboard, there’s a nationwide effort called “Digital Dunkirk,” and the goal is to help people escape Afghanistan.

The Echelon team usually spends their time helping companies with the tools they need to stay safe when it comes to hackers and ransomware attacks. But over the last few weeks, they’ve also had another mission — to get Afghans safely out of Afghanistan.

Read More

Events

Upcoming Events

Oct 6–7 2023
RaicesCon 2023: College Student to Penetration Tester Using Discord
Philadelphia, Pennsylvania

Come see Evan Isaac, a cybersecurity associate at Echelon, who will be taking the stage at RaicesCon 2023! Join him for an engaging presentation as he shares his extraordinary journey, going from a college student with no cybersecurity experience to becoming a skilled penetration tester.

Past Events

Sep 19 2023
Best Practices: Do's and Dont's of Preparing for Incident Response featuring Salesforce
Las Vegas, Nevada

Join Dan Desko, CEO & Managing Partner, uncovers how an organization's preparation for incidents significantly shapes their outcomes. Gain practical insights on effective strategies, documented practices, leadership empowerment, and more. Don't miss this chance to learn from industry experts, including CrowdStrike and Services partners.

Jul 6–7 2023
ISACA Silicon Valley Chapter: Instituting a Boredom-Free Cyber Awareness Culture

Join Jeff Hoge, Senior Cybersecurity Engineer at Echelon Risk + Cyber, on this webinar organized by ISACA Silicon Valley Chapter, were he will present his talk on Instituting a Boredom-Free Cyber Awareness Culture.

Jun 3 2023
BSides Buffalo: Mitigating (Radio)Active Directory
Buffalo, New York

Jeff Hoge will be presenting a talk on Mitigating (Radio)Active Directory at Bsides Buffalo. Attendees will learn about the vulnerabilities of Active Directory, common attack paths to AD, and actionable takeaways to prevent future radioactivity in their AD.

May 20 2023
BSides Roanoke: Instituting a Boredom-Free Cyber Awareness Culture
Roanoke, Virginia

Jeff Hoge will be giving a talk about the importance of instituting a boredom-free cyber awareness culture at Bsides Roanoke. During the presentation, he will discuss why typical canned training modules don't work on their own, how to implement incentives to help, and the benefits of making security awareness training fun through gamification and competition.

May 5 2023
LegalSec Summit 2023: Tools, Services, and Tips for Dealing with Client Audit Process
Baltimore, Maryland

Tom Garrubba, Director of Third Party Risk Management services at Echelon Risk + Cyber, gave a talk with Lynn Watson, Director of Security, Risk & Compliance at Dinsmore & Shohl LLP, on "Tools, Services, and Tips for Dealing with Client Audit Process."

May 4 2023
LegalSEC Summit 2023: Creating a Security Awareness Program that Works
Baltimore, Maryland

Jeff Hoge, Senior Cybersecurity Engineer at Echelon Risk+Cyber, will be co-presenting with Narda Carlson, Director of IT/IS Coordinator at Primmer Piper Eggleston & Cramer PC, at the LegalSEC Summit 2023.

Apr 20 2023
ISC2 Charlotte Metro: April Chapter Meeting with Ira Winker
Charlotte, North Carolina

Echelon Risk+Cyber will be sponsoring ISC2 April Chapter Meeting. Another can't miss ISC2 event with award winning CISO, top-rated keynote speaker, and bestselling author- Ira Winkler! Get your tickets today.

Apr 19 2023
An Expert Panel Discussion: Protecting Your Business from Cyber Risk
Pittsburgh, Pennsylvania

S&T Bank, in partnership with The Reschini Group, Evergreen Insurance, Echelon Risk + Cyber, and Isler Specialty Insurance will host a panel discussion on the important topic of cybersecurity and how to best protect your business from cybersecurity risks.

Apr 19 2023
Cyber Breakfast Club DC: Insider Threat Panel Discussion

On April 19th, the Cyber Breakfast Club (DC) will host a panel discussion on insider threat, featuring expert insights from both commercial and government sectors. Matt Donato and Nick Bakewell will host the discussion, and the esteemed panelists Mark Freedman, Stacey Champagne, Jess Vachon, and Brett Mencin will share their experiences and knowledge about building a program that fits your organization.

Apr 18 2023
Beyond Compliance: Mitigate Risk to Level Up Cybersecurity

Join us on April 18th to learn how to transition to a risk-based approach to compliance and improve your company's security posture in the long term. Kaushik Kiran, Director of vCISO services at Echelon Risk + Cyber and Alev Viggio, Director of Compliance at Drata, will be sharing tips on how to identify risk areas for your company, how to improve data visibility through a risk and compliance lens, how to quantify business risks by using a common framework, and how to identify and quantify KPIs.

Apr 13–15 2023
Hack Space Con 2023
Kennedy Space Center, Florida

Dahvid Schloss, Director of Offensive Security Services, and Ross Flynn, Cybersecurity Manager, will be speaking at Hack Space Con 23. Join Dahvid and Ross as they share their expertise on understanding the basics of command and control systems, identifying potential C2 systems in everyday objects, techniques for turning anything into a C2 system, creative approaches to C2 design and implementation, and best practices for developing and deploying unconventional C2 systems.

Are you ready to get started?
Latest Intelligence
Cyber Intelligence Weekly (October 1, 2023): Our Take on Three Things You Need to Know
Posted on Oct 01 / 2023
Cyber Intelligence Weekly (September 24, 2023): Our Take on Three Things You Need to Know
Posted on Sep 24 / 2023
The Language Revolution: Enhancing Cybersecurity with Large Language Models
Posted on Sep 18 / 2023