Securus Global is looking to expand its technical delivery team, so that as we grow, we can continue to deliver top-quality security assessments to our clients.
Location: Sydney or Melbourne CBD
Salary: Dependent upon experience.
Work Type: Full Time
The Penetration Tester is a hands-on technical role, primarily involving:
Performing penetration testing (web apps, networks, mobile apps, code reviews, you name it)
Reviewing other technical deliverables, such as penetration testing work and client reports
Presenting technical work to clients and be able to explain various security issues and why they’re important to both technical and non-technical audiences
Contributing to the development of internal tools and methodologies
This month’s newsletter is chockablock full of technical blog posts from our security consultants, alongside our usual industry wrap-up; SG in the community and a mention of current career opps going at Securus.
View the original version online
Following the slew of private celebrity photos leaked earlier this week, both end-users and organisations are understandably concerned. Invariably, user confidence in the security of online services, and the confidentiality of any data stored, has been shaken by such leaks.
This is especially worrying for organisations, as more and more enterprise services move onto remotely hosted cloud platforms, which are now home to the corporate crown jewels (emails, commercially sensitive information, intellectual property etc).
The same security issues that appear to have caused the recent iCloud breaches typically affect these cloud platforms. From a security perspective, using a cloud system is effectively outsourcing and therefore should be treated as diligently as any other outsourcing arrangement.
, the recent celebrity photo compromise occurred due to a “very targeted attack on user names, passwords and security questions” – in other words,
Table of Contents:
• A CIO’s Approach to Developing a Security Framework 101
• Penetration Testing Applications
• Practical Security: Browser Security Settings
• Upcoming Events
• Achieving Comprehensive PCI DSS 3.0 Compliance
• The SG Community
A CIO’s Approach to Developing a Security Framework 101
One of the biggest questions we always get asked by CIOs and other senior business management in regards to Information Security and IT Risk Management is where to begin. Do you focus on purchasing security tools first, developing policies and standards or getting an audit done and working from the results of that audit?
From our experience, while all of the above can assist in some way, developing a framework about how you will think about your security position is the number one priority before you make a major investment in tools, your staff’s time or the costs of hiring consultants. You may find that a lot of the costs you estimated originally may not be needed.
By Jay Davis,
We have been investigating RFID access control security and the models typically implemented by businesses in Australia. The iClass line of devices developed by HID are an interesting subject as they are commonly used throughout Australia (and globally) and have been proven to have security flaws. We conducted some research to see if we could create a covert cloning device for use in our engagements. Read on for more details of our successes!
Latest SG Newsletter is now available. Featuring;
How I got root with Sudo – Solutions!
Enhancements to Imperva’s SecureSphere 10.5 Platform
Does Spear Phishing Work?
Careers with Securus Global
Securus Global – Community
We hope you enjoy reading the case studies in this months newsletter.
We’ve included a variety of articles to appeal to the range of our stakeholders, from the technically minded to the executive levels and everything in between. Eg:
* Board communications security and the move to mobile technologies
* How I got root with Sudo
* Security Pitfalls of a Shared Portal
* Tripwire – Security Configuration Management
* Securus Global – Community
This months edition is jam packed full of articles, including:
* Testing New Technologies – Smoke Detection, Alarms, CCTV etc.
* Cracking .NET Membership Password Hashes
* The “most asked question” – What should companies do to minimise their security risks?
* Upcoming Events – Breakfast Brief
* Mitigate DDoS Attacks with Cloud & On-Premise DDoS Protection
* 5 Critical Steps of a Complete Security Risk & Compliance Lifecycle
* What makes good application security knowledge?
* New Securus Global Social Engineering Services
* Industry Round-up
* Securus Global – Community