Alchemy Security

Peter Schawacker to present on Agile SOC at UNIX Users Association of Southern California- LA Chapter

Peter Schawacker, Principal Consultant SOC Services will be presenting at the UNIX Users Association of Southern California- LA Chapter on May 6 to discuss Agile SOC practices used to build world-class security operations centers.

Damon Cortesi to Present At Seattle Chapter of National Information Security Group (NAISG)

Damon Cortesi, Principal Consultant at Alchemy Security will present on common security failures associated with Social Media Web Applications such as Twitter, Facebook, and other online web sites at the Seattle chapter of NAISG.

Peter Schawacker Presents on Agile Security at UNIX Users Association of Southern California

Peter Schawacker, Principal Consultant for our SOC Consulting group discusses how Agile Security techniques can be used to better secure environments at the UNIX Users Association of Southern California.

Damon Cortesi to Present at Security BSides Las Vegas

Principal Consultant Damon Cortesi will be presenting at Security BSides Las Vegas. Damon’s talk will cover security considerations within social networking sites such as Twitter, as well as web-application related challenges organizations face in the web 2.0 space.

PCI Compliance Becomes Scorecard for CSOs

Companies recertifying for the second or third year of PCI compliance are having a rough go of things as of late. A combination of the latest clarifications within the revised PCI DSS standard, along with the recent scoring matrix that compels assessors to ensure they have done a thorough job as part of the review, have caught an unfortunate number [...]

The Way Forward for Information Security

Every system has within it the limitation that it cannot exist unto itself. The big problems of Information Security will remain intractable as long as industry participants continue to focus inward.

For the past year or so, I have noticed that, at the same time that security technologies are reaching a certain degree of maturity, security projects remain [...]

Twitter Confidential Information Compromised Via Weak Password

As noted, poor password management trumps strong security technology every time. Any bets on how long before google *requires* strong passwords? Both are victims, both share blame. A side note about this hack is that it highlights the trust relationships (and residual risk) that business partnerships impart upon each other.

Preparing for your PCI-DSS v1.2 assessment

A number of dynamics are at work that have made attaining PCI compliance a more difficult proposition over previous years. The guidance assessors are receiving from the PCI Council is that evidence must be provided that demonstrates your Infosec program is in place and functioning as designed. Expect to respond to requests for multiple change records that cover [...]

Verizon Business releases annual data breach investigation report

Each year Verizon Business publishes aggregate data breach information from forensics investigations the company has performed. This report yielded a number of interesting data points including:

The majority of data breaches were caused by external sources. 74% emanated from external sources, 32% were linked to business partners, and only 20% percent were caused by insiders. This statistic flips on [...]

SSN numbers can be predicted

SSNs can be predicted