Open Mobile Menu

Contact us for a free consultation.

Learn more

Security Testing

We provide thorough assessments of all types of applications, networks, and infrastructure with guidance for improving your security posture.

Strategic Consulting

Our team of Security Experts provide industry-leading Risk Assessment, Project Management, and InfoSec Program and Policy Development services.

Compliance, Privacy, and PCI

Audit preparation, compliance, and privacy services with a focus on real security.  Our experienced staff can help you reach your security, privacy, and compliance goals in a manner best suited to your unique requirements.

Training

We offer engaging and interactive security awareness and technical training, both online and instructor-led.

From the Blog

How organizations can prepare for and contain the inevitable; a cyber breach

Tim Jensen

Tim Jensen

September 12, 2019

Views: 291

It’s not a matter of ‘if’ your organization will experience a cyber-attack, but ‘when’. That’s BSI’s approach to cyber security and information resilience, through either our advisory services or certification and training. We help thousands of organizations around the world embed excellence with a focus on Organizational Resilience. One of the best ways for organizations to manage and protect their information assets is to implement ISO/IEC 27001, the internationally recognized information security management standard. Cyber-attacks are commonplace at this point; the blog post below discusses one of the most recent; an attack on twenty-two local governments in the state of Texas. Unfortunately, this is just the latest in a string of attacks on government entities, which includes the attack on the City of Baltimore earlier this year. Below, Stephen Haywood and Tim Jensen, discuss what companies should be aware of, what they need to think about, and what they can do to prepare for data breaches.

Lure: Phishing Target Recon for GoPhish

Jayme Hancock

Jayme Hancock

August 12, 2019

Views: 833

Phishing is hard. Arguably, the most important part of a successful phishing campaign is ensuring your email actually reaches the right people in the first place. This week I’m releasing Lure, a tool for helping automate target collection on phishing campaigns. 

Ten Useful Burp Suite Pro Extensions for Web Application Testing

Danielle Wong

Danielle Wong

June 20, 2019

Views: 1472

If you are an Information Security professional, it’s likely you have used Burp Suite by Portswigger - a proxy tool to intercept, analyze, and alter network traffic. The following is a quick overview of some handy extensions that you can add easily to your current Burp Suite setup.

News & Events

Effective Phishing with GoPhish

11.4.19

Jayme Hancock will be presenting at CactusCon on December 6-7, 2019 in Mesa, AZ. Come learn how to create an effective phishing user awareness training program on a budget, using the free phishing framework GoPhish.

read more

BSI AppSec to Present at (ISC)2 Congress - A Shot from 5,000 Miles

10.1.19

This session will examine common external attack vectors which can lead to an attacker gaining a foothold into the organization.These vectors include phishing, compromised common websites, and interfaces which should not be internet facing. Additionally, we’ll look at what information an attacker is likely to now have from the initial compromise, and how this information can be leveraged to access the internal network and pivot through the network. Common tools used during penetration tests, red team exercises, and malware campaigns will be demonstrated. From there, we will discuss how utilizing a security framework such as ISO 27001 can reduce the risk and damage caused by these tactics

read more

Ransomware attacks reveal weakness in government cyber defenses

08.20.19

Written by Tim Jensen and published on Information Management magazine, this article covers the attacks becoming more common and affecting multiple computer systems used to run the government, remotely encrypting all the systems’ files. As officials across the country continue to deal with fallout from cyber-attacks, the lack of organizational resilience both in and out of cyber space is laid bare as repercussions continue to impact constituents and day to day operations of city and state governments.

read more