The CISO (Chief Information Security Officer) reporting structure is a hotly debated topic and the solution often differs depending on the organization. This question has perplexed many organizations. It’s a topic of growing importance as cyber attacks grow in frequency and breach costs increase. Many organizations initially place the cybersecurity responsibility within the IT department […]
The Triangle Net has a vision to build a better world and provide opportunities to those striving to join the cyber security field. This amazing organization interviewed Stern Security’s founder, Jon Sternstein, to discuss his security career. View the full interview here: https://www.thetrianglenet.com/episode-2-jon-sternstein/
Vendor Risk Management Accuracy is all that Matters! Are Vendors Secure? If you ask any company if they are secure, most would say “Yes, of course we are!” This is especially true of vendors. No vendor ever says, “No, we’re not secure, but trust us with your data.” Most vendors are not being dishonest, but […]
Vendor risk management is an incredibly complicated process. While some methods are much more efficient than others, there is no consensus on how all organizations accurately manage vendor risk. We generally see that organizations measure vendor risk in five ways, each with an increasing level of security: Nothing at all Contract verbiage only Audit check […]
Introduction Imagine building a strong, stable fortress around your most important assets. All of your focus is on stopping the intruder that will directly target your organization. However, there is an indirect way to breach the gates – through your third parties. Your organization relies on third parties (vendors) for necessary services and you have […]
CBS17 Stern Security’s CEO, Jon Sternstein met with CBS17 to discuss the FBI warning of ransomware targeting healthcare organizations. See the full story here: https://www.cbs17.com/community/health/coronavirus/hackers-targeting-hospitals-amid-covid-19-case-surge-fbi-warns/
Duo Security is one of the most popular 2-factor authentication applications on the market today. All of the authentication and administrative logs are stored in the admin portal located at https://admin.duosecurity.com. Up until recently, if you wanted to view the logs, you either had to log into the admin portal or use the Duo API […]
Without using any 3rd party tools, you can use simple Window commands to display the saved passwords for remembered wireless networks. This is helpful if you forget or during security engagements. We were recently on a penetration test and gained access to a laptop. We needed to gain access to a particular wireless network didn’t want to risk tripping […]
One would think that most data breaches were caused by hacking as those are the breaches that are always mentioned in the news. However, up until the end of 2019, Theft was still the top cause of breaches in healthcare according to data compiled from the U.S. Department of Health and Human Services (HHS) Office […]
Pyoneer was created to assist with the search for sensitive information while on customer engagements. The tool has been used in different scenarios, not just for penetration testing, but that is where the tools development began. Pyoneer’s base script was written overnight while sitting in a hotel room on an engagement. The idea came while […]