Seriously, do you know where your data is? It’s an often overlooked question in cybersecurity. In the case of an incident, without knowing where your data is, how do you know what’s been accessed? Where else that data might be? What’s needed to remediate? And what’s less crucial to restore? But even before an incident, how do you know what to protect if you don’t know where your critical and privileged information is? How do you best allocate time, manpower, and resources in the absence of knowing what needs most attention? In this episode, we'll discuss how to answer these questions, from wha ..read more

What good is a Pen Test? There are a host of answers - knowing your environment, identifying dangers, implementing remediations, meeting compliance.   But how should a CISO view a Pen Test given their unique role in the organization? How do they best understand the need, the conduct, the reporting, and the follow through?  On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt shares his experience and expertise both in his years in the role and as a consultant for other organizations.    Watch the full video at youtube.com/@aliascybersecurity. Catch the ..read more

Alias stays at the cutting edge of the cybersecurity threat frontier. Today on the SecureAF Podcast, Donovan Farrow and Tanner Shinn discuss a 2023 retrospective with a view to how last year helps us understand and prepare for 2024.  Listen, learn, be prepared. We're here to support you, 24/7/365. Watch the full video at youtube.com/@aliascybersecurity. Catch the whole episode now at https://bit.ly/47eYPTK Listen on Apple Podcasts, Spotify and anywhere you get you're podcasts ..read more

Cybersecurity is critical to an organization. But cybersecurity is only part of a robust security posture. It’s equally important, and in fact of first importance, to assess information security. You need to assess what privacy guidelines, compliance, and best practices entail what data you can have so you can determine the security needed to keep it safe. On this episode of the SecureAF Podcast, host Jonathan Kimmitt is joined by Andrew Hernandez, Director of Risk Management at Trapp Technology to discuss why this framework matters and how to position your organization for secure information ..read more

Scheduling a cybersecurity engagement can be stressful, for client and pentester alike. Both want the same thing - a well conducted, accurate assessment of the client infrastructure to provide the best value add to bolster cybersecurity.   It helps to start from a shared set of standard expectations and practices. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox discuss the 5 Rules of Engagement that every pentester and customer should know and commit to.  Watch the full video at youtube.com/@aliascybersecurity. Catch the whole episode now at https://bit.ly ..read more

wWhat's the Final Frontier? For Trekkies, it's space. For cybersecurity, it's Critical Infrastructure. Might not sound exciting, but the risks from poor security and the rewards of strong controls might get you to sit up and take notice. Maybe even motivate you to boldly go where no ethical hacker has gone before.  On this episode of the SecureAF Podcast, Donovan Farro and Phillip Wylie discuss why Critical Infrastructure matters, where the vulnerabilities are (such as being 20 yrs behind in awareness and implementation), what Alias does to test, and what you can do to secure your environ ..read more

AI is on the rise, and like it or not, it's here to stay. In this episode of Secure After Dark, Tanner and Dan talk about the many ways AI has been and will be used to enhance both cybersecurity and cyber threats.  Watch the full video at youtube.com/@aliascybersecurity. Catch the whole episode now at https://bit.ly/47eYPTK Listen on Apple Podcasts, Spotify and anywhere you get you're podcasts ..read more

Wondering what the best path into cybersecurity is? Here's a hint: There's not one answer. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox share very different stories of getting into the field. Even with different paths, they'll share what they have in common and what you should think about and do if you want to become an ethical hacker. Spoiler alert - one of their recommendations is to find internships. Alias is currently accepting applications here: https://bit.ly/3TMDWM0 Watch the full video at youtube.com/@aliascybersecurity. Catch the whole episode now at https://b ..read more

You know you need regular penetration tests to ensure your network is secure. You know the steps to remediate the findings and take the recommended actions to continue on a path toward cybersecurity. But what about what you don't know? What about what the penetration test doesn't cover or doesn't reveal? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Director of Security Phillip Wylie share their insights on what penetration tests should cover, what they often don't, and how to verify you're getting what your organization needs. These two bring a holistic viewpoint, f ..read more

The Solar Winds breach is not news. The CISO being personally named in the investigation is. Although not the first CISO to be so identified, this is the most high profile.  This raises questions for the future of CISO role and responsibility and IT more generally. Should an individual be held responsible for an incident? What is their responsibility to monitor and report? Does this responsibility extend from C-Suite to SOC Analyst? What legal precedent might this set? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Principal Engineer Tanner Shinn discuss these qu ..read more