Security Compass’s Subu was on CNN Money last week talking about hackers and the banking sector. Here’s the link to the article and the video after the jump. Link: http://hub.am/17uGHEb

The following article is written by guest blogger Thomas Mackenzie. One of the biggest problems that businesses and individuals face today is the cost of web application security. It is not uncommon in the UK, for example, to pay a daily rate of around £1000 to have a website tested by an application security consultant. Web…

We all think of deploying amazing Security CBT to our teams, envision them taking it, loving it and your company becomes more secure for it.  Yet in practice, there are a couple steps that are essential to ensure success whether your training is for SDLC, general awareness or PCI compliance. One overlooked criteria is when…

Note: At the end of this series, I’ll provide a free tool that you can use to make your own evaluations easier, so keep an eye out for it! With the variety of Computer Based Security Training (CBTs) out there, it can be tough to make a decision around what to consider when choosing the…

Last month, a story ran on Dark Reading around why security awareness is useless. I cringe reading such stories because I believe that one fundamental problem of security people is our inability to make security relevant to everyday folks.  I want to hammer at the one of the key problems with security awareness training, which…

We’ve had Java and .NET secure coding CBTs for a number of years now.  If I remember correctly we were one of the first to have Application Security CBTs bundled with hands-on lab exercises (TrueLabs), which was amazing.  This year, I’m excited to say that we’ve brought our Tailored learning format into our .NET secure…

As the need to develop for multiple mobile platforms increase, so has the need to outsource mobile development.  There are software security concerns from mobile hacking that you should be aware of as you build your list of security requirements for your app.  For some of you, security may not be the top concern but…

Late last year, I was in on a meeting where our Training team was gathering requirements for a Custom CBT to be built for a huge, recognizable client. This client had offices worldwide and our course would be viewed many teams so it was imperative that we got the details right.  After a productive meeting…

I’ve performed a number of Payment Card Industry (PCI) assessments and know that some of the PCI Data Security Standard (DSS) audit requirements can be unclear.  I’ll help by breaking down the requirements important to training your staff to meet your PCI Compliance goals. Keep in mind that a checklist approach to training won’t solve…

A short while back we released ExploitMe Mobile (EMM), our free, open source project demonstrating common Mobile Security vulnerabilities  in the iOS and Android platforms. ExploitMe Mobile is a training platform built based on the common Mobile Security and Application Security pitfalls. The objectives of the ExploitMe Mobile training platform are: Capture the common security…