Alchemy Security

Alchemy Security Announces Hosting of “Mile High Security” B-Sides Event

Alchemy Security is proud to announce that we’ll be hosting a Security B-Sides “Mile High Security” event at our corporate headquarters here in Denver on June 18th. To learn more or to attend the event you can check out the details here.

Peter Schawacker to Present at ISSA Ottawa Chapter

Mark your calendars. Peter Schawacker, Managing Principal SOC Services, will be sharing his latest thoughts on the subjects of Agile Security & SOC at the Ottawa Chapter of ISSA April 29th.

Peter Schawacker to present on Agile SOC at UNIX Users Association of Southern California- LA Chapter

Peter Schawacker, Principal Consultant SOC Services will be presenting at the UNIX Users Association of Southern California- LA Chapter on May 6 to discuss Agile SOC practices used to build world-class security operations centers.

Damon Cortesi to Present At Seattle Chapter of National Information Security Group (NAISG)

Damon Cortesi, Principal Consultant at Alchemy Security will present on common security failures associated with Social Media Web Applications such as Twitter, Facebook, and other online web sites at the Seattle chapter of NAISG.

Peter Schawacker Presents on Agile Security at UNIX Users Association of Southern California

Peter Schawacker, Principal Consultant for our SOC Consulting group discusses how Agile Security techniques can be used to better secure environments at the UNIX Users Association of Southern California.

Damon Cortesi to Present at Security BSides Las Vegas

Principal Consultant Damon Cortesi will be presenting at Security BSides Las Vegas. Damon’s talk will cover security considerations within social networking sites such as Twitter, as well as web-application related challenges organizations face in the web 2.0 space.

PCI Compliance Becomes Scorecard for CSOs

Companies recertifying for the second or third year of PCI compliance are having a rough go of things as of late. A combination of the latest clarifications within the revised PCI DSS standard, along with the recent scoring matrix that compels assessors to ensure they have done a thorough job as part of the review, have caught an unfortunate number [...]

The Way Forward for Information Security

Every system has within it the limitation that it cannot exist unto itself. The big problems of Information Security will remain intractable as long as industry participants continue to focus inward.

For the past year or so, I have noticed that, at the same time that security technologies are reaching a certain degree of maturity, security projects remain [...]

Twitter Confidential Information Compromised Via Weak Password

As noted, poor password management trumps strong security technology every time. Any bets on how long before google *requires* strong passwords? Both are victims, both share blame. A side note about this hack is that it highlights the trust relationships (and residual risk) that business partnerships impart upon each other.

Preparing for your PCI-DSS v1.2 assessment

A number of dynamics are at work that have made attaining PCI compliance a more difficult proposition over previous years. The guidance assessors are receiving from the PCI Council is that evidence must be provided that demonstrates your Infosec program is in place and functioning as designed. Expect to respond to requests for multiple change records that cover [...]