Why Common Vulnerability Scanning Practice is Useless?

I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful!  Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional […]

Vendor Risk Assessment: Hassle or Blessing?!

A Security Questionnaire, RFI, VRA (Vendor Risk Assessment), VR Management…helps customers identify and evaluate the risks of using a vendor’s product or service. Performing such a review is sometimes mandatory based on the industry (e.g. healthcare). During this standard business process, customer collects written information about security capabilities of a supplier and you could barely […]

One Strategy to Win the Cyber-security Battle: Change the Focus!

Sales pitch force us to worry about things that are not so important; Change your mindset to win the battle!   “Battle” would not be the right term if we didn’t have a market full of competition to sell cybersecurity products rather than focusing on the right and real way of defense. In other words, focusing […]