Category: Blog

Inside WISCON: How Ryan and Allie Are Building a Stronger Cybersecurity Community in Wisconsin

by Amanda Yacobian | May 26, 2026

What started as conversations on the drive home from cybersecurity conferences eventually became something much bigger. For years, Ryan and Allie attended events like DerbyCon, GrrCON, and THOTCON...

How to Validate Cybersecurity Controls and Prove Real Risk Reduction

by Kirk Hanratty | May 26, 2026

Introduction: The Question Most Security Programs Can’t Answer Most organizations can tell you: What security tools they own What vulnerabilities exist in their environment What controls are...

The Business Case for Purple Team Exercises

by Brian Judd | May 7, 2026

Most security programs spend millions on tools and people, then rely on dashboards and assumptions to tell them everything is working. Purple team exercises close that loop. A purple team...

How to Evaluate Penetration Testing Services Effectively (A Buyer’s Guide)

by Kirk Hanratty | Mar 26, 2026

How to Evaluate Penetration Testing Services Effectively (A Buyer’s Guide) Penetration testing services can be one of the highest-ROI security investments an organization makes, if the right...

AI Adoption Is Accelerating: How to Prove Your Governance and Controls Actually Work

by Kirk Hanratty | Feb 27, 2026

AI Adoption Is Accelerating: How to Prove Your Governance and Controls Actually Work Practical validation through adversary-informed testing and configuration alignment AI is no longer experimental....

How to Assess Active Directory Passwords and Hashes: Hash Master 1000 v2.0

by Brian Judd | Feb 12, 2026

Turning Password Data into Meaningful Insight Our consultants often spend time helping organizations better understand concerning truths about their environments. Password hygiene continues to be a...

CMMC Level 2 at Enterprise Scale

by Kirk Hanratty | Jan 15, 2026

CMMC Level 2 at Enterprise Scale: Why Programs Stall and How to Get Unstuck CMMC Level 2 readiness is no longer theoretical. For large enterprises, especially manufacturers with complex IT and OT...

DNS Security: The Internet’s Most Critical and Most Overlooked Attack Surface

by Lisa Niles | Jan 8, 2026

DNS is foundational to availability and trust, yet often under-protected. Discover key DNS attack vectors, modern threats, and how CISOs can implement layered DNS security.

When “Malicious” NTP Traffic Isn’t Malicious at All: Understanding False Positives from pool.ntp.org

by Brian Judd | Dec 3, 2025

Security teams rely heavily on reputation-based threat intelligence to block malicious traffic. These controls are effective at shutting down known command-and-control servers, botnet servers, Tor...

Healthcare Domains : The Prescription for Bypassing SSL Inspection

by Brian Judd | Nov 14, 2025

Next-gen firewalls with SSL inspection are one of the strongest defenses enterprises deploy to detect malicious traffic like command-and-control (C2). By decrypting and inspecting encrypted...

Blog

Inside WISCON: How Ryan and Allie Are Building a Stronger Cybersecurity Community in Wisconsin

How to Validate Cybersecurity Controls and Prove Real Risk Reduction

The Business Case for Purple Team Exercises

How to Evaluate Penetration Testing Services Effectively (A Buyer’s Guide)

AI Adoption Is Accelerating: How to Prove Your Governance and Controls Actually Work

How to Assess Active Directory Passwords and Hashes: Hash Master 1000 v2.0

CMMC Level 2 at Enterprise Scale

DNS Security: The Internet’s Most Critical and Most Overlooked Attack Surface

When “Malicious” NTP Traffic Isn’t Malicious at All: Understanding False Positives from pool.ntp.org

Healthcare Domains : The Prescription for Bypassing SSL Inspection

Contact Us

Subscribe to Our Newsletter