PODCAST: A Look Inside: Bug Bounties and Pen Testing. As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products, Christie Terrill, partner at Bishop Fox, reports what she sees as the pros and cons of either approach. Read more
CAREERS: Building A Strong Foundation For A Career In Cybersecurity Penetration Testing. Penetration testing is an unusual job. You break into companies through their technology and then show them where their weaknesses lie so they can fix them. It’s a job for good people with the ability to do bad things. I started penetration testing in the late 1990s and eventually founded a consulting company. Over the course of 15 years, we’ve tested thousands of critical applications for vulnerabilities and I’ve hired and trained many penetration testers. Here are a few thoughts about what knowledge and skills you’ll need to excel as a penetration tester and what prospective employers ought to look for. Read more
NETWORKS: The Importance of Innovation in Network Monitoring. Companies are faced with an almost overwhelming barrage of evolving threats to their networks ranging from the disclosure of backdoor “troubleshooting” accounts in infrastructure devices, to zero-day vulnerabilities, to stockpiled exploits leaked from government agencies. To detect and respond to these varied threats, organizations must maintain a flexible approach to information security. One strategy, tool, or technique isn’t enough to provide adequate coverage. Read more
HACKERS: What We Can Learn from the Good-Guy Hackers. To most people who work in computing, an ethical hacker is someone who is hired, either as an employee or a consultant, to hunt for flaws in a computer system so they can be fixed before a criminal finds his way in. Yet federal law does not distinguish between “good” and “bad” hacking; anyone who “intentionally accesses a computer without authorization” can be prosecuted, and many states have similarly strict laws. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems April 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-april-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.