by Mike Zusman | Jan 11, 2021 | Digital Transformation, Featured, News, Strategy, Threat Modelling
Do you know what your organization’s attack surface is? Attack surface is everything that a bad person (aka “attacker”) can interact with or touch. Your organization’s attack surface consists of PIA: People, Infrastructure and Applications. By considering the...
by Mike Zusman | Jan 7, 2021 | Digital Transformation, Featured, News, Strategy, Techniques, Threat Modelling
As a business leader, you are likely familiar with SWOT analysis. SWOT is a strategic planning exercise to help identify a business’s Strengths, Weaknesses, and Opportunities, as well as Threats jeopardizing it’s growth and existence. You are probably less familiar...
by Mike Zusman | Dec 28, 2020 | Cloud, Digital Transformation, IOT, Mobile, News, Techniques, Web
Carve COO Max Sobell presenting on “Shifting Security Left” at Giphy HQ. Many a CTO and VP of Engineering has begrudgingly spent money on penetration tests in order to make their enterprise customers or auditors happy. You know how it goes: your team...
by Mike Zusman | May 13, 2020 | Cloud, Digital Transformation, Featured, News
Application Security, or AppSec, is a race between your business and bad actors. Whether you realize it or not, people and bots are constantly attacking and probing your Internet-facing and cloud hosted applications. In fact, it’s not uncommon to hear of...
by Mike Zusman | Apr 22, 2020 | Digital Transformation, Featured, News
As we discussed in our previous post: your best appsec engineer is already on your team, you just need to find them. In larger development organizations, however, this one person might not be enough to create the culture of security necessary for long term risk...
by Mike Zusman | Apr 13, 2020 | Digital Transformation, Featured, News
There are things you can do to improve application security even if you’re unable to recruit and retain an application security engineer. In a previous post, I highlighted some of the challenges associated with hiring appsec people. We see companies struggle to hire a...