Securus Global is looking to expand its technical delivery team, so that as we grow, we can continue to deliver top-quality security assessments to our clients.
Location: Sydney or Melbourne CBD
Salary: Dependent upon experience.
Work Type: Full Time
The Penetration Tester is a hands-on technical role, primarily involving:
Performing penetration testing (web apps, networks, mobile apps, code reviews, you name it)
Reviewing other technical deliverables, such as penetration testing work and client reports
Presenting technical work to clients and be able to explain various security issues and why they’re important to both technical and non-technical audiences
Contributing to the development of internal tools and methodologies
This month’s newsletter is chockablock full of technical blog posts from our security consultants, alongside our usual industry wrap-up; SG in the community and a mention of current career opps going at Securus.
View the original version online
Table of Contents:
• A CIO’s Approach to Developing a Security Framework 101
• Penetration Testing Applications
• Practical Security: Browser Security Settings
• Upcoming Events
• Achieving Comprehensive PCI DSS 3.0 Compliance
• The SG Community
A CIO’s Approach to Developing a Security Framework 101
One of the biggest questions we always get asked by CIOs and other senior business management in regards to Information Security and IT Risk Management is where to begin. Do you focus on purchasing security tools first, developing policies and standards or getting an audit done and working from the results of that audit?
From our experience, while all of the above can assist in some way, developing a framework about how you will think about your security position is the number one priority before you make a major investment in tools, your staff’s time or the costs of hiring consultants. You may find that a lot of the costs you estimated originally may not be needed.
Official Announcement from eBay:
“eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”
Latest SG Newsletter is now available. Featuring;
How I got root with Sudo – Solutions!
Enhancements to Imperva’s SecureSphere 10.5 Platform
Does Spear Phishing Work?
Careers with Securus Global
Securus Global – Community
We hope you enjoy reading the case studies in this months newsletter.
We’ve included a variety of articles to appeal to the range of our stakeholders, from the technically minded to the executive levels and everything in between. Eg:
* Board communications security and the move to mobile technologies
* How I got root with Sudo
* Security Pitfalls of a Shared Portal
* Tripwire – Security Configuration Management
* Securus Global – Community
Originally published: http://www.itnews.com.au/News/374722,telstra-breached-privacy-act-by-exposing-user-data.aspx
By Allie Coyne on Mar 11, 2014 10:32 AM
One day before new privacy laws take effect.
Telstra has been forced to pay $10,200 after being found to have breached the Australian Privacy Act by inadvertently exposing the details of over 15,000 customers online.
In May last year the personal information of 15,775 Telstra customers, detailed on internal Telstra spreadsheets, were discovered to be publicly accessible through a Google search.
The data included customer names, telephone numbers and in some cases addresses. It also included 1257 silent line customers.
This months edition is jam packed full of articles, including:
* Testing New Technologies – Smoke Detection, Alarms, CCTV etc.
* Cracking .NET Membership Password Hashes
* The “most asked question” – What should companies do to minimise their security risks?
* Upcoming Events – Breakfast Brief
* Mitigate DDoS Attacks with Cloud & On-Premise DDoS Protection
* 5 Critical Steps of a Complete Security Risk & Compliance Lifecycle
* What makes good application security knowledge?
* New Securus Global Social Engineering Services
* Industry Round-up
* Securus Global – Community