Open Mobile Menu

Contact us for a free consultation.

Learn more

Security Testing

We provide thorough assessments of all types of applications, networks, and infrastructure with guidance for improving your security posture.

Strategic Consulting

Our team of Security Experts provide industry-leading Risk Assessment, Project Management, and InfoSec Program and Policy Development services.

Compliance, Privacy, and PCI

Audit preparation, compliance, and privacy services with a focus on real security.  Our experienced staff can help you reach your security, privacy, and compliance goals in a manner best suited to your unique requirements.

Training

We offer engaging and interactive security awareness and technical training, both online and instructor-led.

From the Blog

Who’s Managing your LAPS Implementation

Michael Becher

Michael Becher

January 07, 2020

Views: 869

In May 2015, Microsoft released a password management tool to combat the rising abuse of encrypted passwords (which effectively became encoded when Microsoft released the key) stored in Group Policy Preferences, or worse, in cleartext scripts pushed via GPO. Every domain user was able to access these preferences and scripts in the ‘SYSVOL’ share and could obtain the single local administrator password for all machines on the domain, which would provide total lateral movement opportunities within the domain. The necessary problem here is that at least one user has to be able to see these LAPS passwords to administer the process. Who within your domain has this power? You might be surprised at how often this is overlooked, thus leading to the availability of all these passwords to more users than intended.

How organizations can prepare for and contain the inevitable; a cyber breach

Tim Jensen

Tim Jensen

September 12, 2019

Views: 643

It’s not a matter of ‘if’ your organization will experience a cyber-attack, but ‘when’. That’s BSI’s approach to cyber security and information resilience, through either our advisory services or certification and training. We help thousands of organizations around the world embed excellence with a focus on Organizational Resilience. One of the best ways for organizations to manage and protect their information assets is to implement ISO/IEC 27001, the internationally recognized information security management standard. Cyber-attacks are commonplace at this point; the blog post below discusses one of the most recent; an attack on twenty-two local governments in the state of Texas. Unfortunately, this is just the latest in a string of attacks on government entities, which includes the attack on the City of Baltimore earlier this year. Below, Stephen Haywood and Tim Jensen, discuss what companies should be aware of, what they need to think about, and what they can do to prepare for data breaches.

Lure: Phishing Target Recon for GoPhish

Jayme Hancock

Jayme Hancock

August 12, 2019

Views: 1214

Phishing is hard. Arguably, the most important part of a successful phishing campaign is ensuring your email actually reaches the right people in the first place. This week I’m releasing Lure, a tool for helping automate target collection on phishing campaigns. 

News & Events

Effective Phishing with GoPhish

11.4.19

Jayme Hancock will be presenting at CactusCon on December 6-7, 2019 in Mesa, AZ. Come learn how to create an effective phishing user awareness training program on a budget, using the free phishing framework GoPhish.

read more

BSI AppSec to Present at (ISC)2 Congress - A Shot from 5,000 Miles

10.1.19

This session will examine common external attack vectors which can lead to an attacker gaining a foothold into the organization.These vectors include phishing, compromised common websites, and interfaces which should not be internet facing. Additionally, we’ll look at what information an attacker is likely to now have from the initial compromise, and how this information can be leveraged to access the internal network and pivot through the network. Common tools used during penetration tests, red team exercises, and malware campaigns will be demonstrated. From there, we will discuss how utilizing a security framework such as ISO 27001 can reduce the risk and damage caused by these tactics

read more

Ransomware attacks reveal weakness in government cyber defenses

08.20.19

Written by Tim Jensen and published on Information Management magazine, this article covers the attacks becoming more common and affecting multiple computer systems used to run the government, remotely encrypting all the systems’ files. As officials across the country continue to deal with fallout from cyber-attacks, the lack of organizational resilience both in and out of cyber space is laid bare as repercussions continue to impact constituents and day to day operations of city and state governments.

read more