Black Hills Information Security: Security with a Difference

“It’s a common story in many enterprises; their computers are more secure in a Starbucks than in their own environment. And that’s a travesty. Let’s talk about host-based firewalls...” begins John Strand, owner and security analyst at Black Hills Information Security (BHIS), starting a conversation on one of the biggest concerns facing organizations across the board: cybersecurity. Given the fact that cloud and digital technology has become an inevitable fixture in every enterprise’s strategy, it’s time to stop decrying cloud gaps and instead begin modifying our security architectures to effectively work and secure them. While for years penetration testing has been a surefire way to determine security risks, BHIS is tipping the scales with their unique approach to penetration testing that simply doesn’t stop at uncovering vulnerabilities. “Our main goal is not to prove that we can hack into a company but to help the customer develop a series of on point solutions and technologies that will improve the overall security of the company. Testing should never be adversarial, but collaborative,” ascertains Strand.

Although penetration testing is BHIS’s flagship, their focus is on a more noble cause. The company is going all out to educate everyone in and outside the industry on information security through regular webcasts, open source projects, and development of assessment tools. For example, BHIS’s tools MailSniper, CredKing, and CredSniper—made available for free—allows organizations to assess the security vulnerabilities of their cloud and on-premise infrastructure. On top of that, BHIS has over 253 online training presentations with no restrictions to accessibility. “We want to give out as much security knowledge as possible not just for our customers but for the global community as a whole,” states Strand.

Interestingly, as an outcome of their strong outreach, often a client has accessed BHIS’s webcasts or training modules, many times for years, and has a clear understanding of the company’s value proposition before officially coming onboard for a penetration testing.

At the onset of every project, BHIS engages in a ‘pent test preparations call’ with clients to gather sound know-how of the challenge at hand and the outcomes desired. Following which, BHIS crafts a tailored solution with any necessary add-ons, rendering superior security practices. “It makes very little difference what technology you are using against an attacker, it’s how you implement and orchestrate that technology that matters even more and that’s what we bring to the table,” says Strand.