John Strand, Owner & Security Analyst“It’s a common story in many enterprises; their computers are more secure in a Starbucks than in their own environment. And that’s a travesty. Let’s talk about host-based firewalls...” begins John Strand, owner and security analyst at Black Hills Information Security (BHIS), starting a conversation on one of the biggest concerns facing organizations across the board: cybersecurity. Given the fact that cloud and digital technology has become an inevitable fixture in every enterprise’s strategy, it’s time to stop decrying cloud gaps and instead begin modifying our security architectures to effectively work and secure them. While for years penetration testing has been a surefire way to determine security risks, BHIS is tipping the scales with their unique approach to penetration testing that simply doesn’t stop at uncovering vulnerabilities. “Our main goal is not to prove that we can hack into a company but to help the customer develop a series of on point solutions and technologies that will improve the overall security of the company. Testing should never be adversarial, but collaborative,” ascertains Strand.
Although penetration testing is BHIS’s flagship, their focus is on a more noble cause. The company is going all out to educate everyone in and outside the industry on information security through regular webcasts, open source projects, and development of assessment tools. For example, BHIS’s tools MailSniper, CredKing, and CredSniper—made available for free—allows organizations to assess the security vulnerabilities of their cloud and on-premise infrastructure. On top of that, BHIS has over 253 online training presentations with no restrictions to accessibility. “We want to give out as much security knowledge as possible not just for our customers but for the global community as a whole,” states Strand.
Interestingly, as an outcome of their strong outreach, often a client has accessed BHIS’s webcasts or training modules, many times for years, and has a clear understanding of the company’s value proposition before officially coming onboard for a penetration testing.
At the onset of every project, BHIS engages in a ‘pent test preparations call’ with clients to gather sound know-how of the challenge at hand and the outcomes desired. Following which, BHIS crafts a tailored solution with any necessary add-ons, rendering superior security practices. “It makes very little difference what technology you are using against an attacker, it’s how you implement and orchestrate that technology that matters even more and that’s what we bring to the table,” says Strand.
Our main goal is not to prove that we can hack into a company but to help the customer develop a series of on point solutions and technologies that will improve the overall security of the company. Testing should never be adversarial, but collaborative
Through it all, the company never loses sight of quality, which is their top priority. “We suck at capitalism,” says Strand on a humorous note. “In this sense, profit maximization is never our agenda and it’s all about client satisfaction. Testers at BHIS work at only one assessment at a time in order to offer undivided attention to a client’s needs.”
Nothing better describes BHIS’ value proposition other than the fact that a client readily agreed to testify for them at DerbyCon last year. Having worked with BHIS for years, this financial company in question has no appetite for risk as a single breach can put them out of business. With BHIS the client has implemented cutting-edge defenses and best-of-breed technology. Based on the situation, BHIS has also written custom malware and zero-day exploits to model how a nation state or an organized crime threat actor is likely to attack. Long story short, today the client has one of the best security defenses in the world.
Going forward, BHIS is placing their cards on threat hunting and has designed next-gen service line and tools. “So far we are helping organizations ensure there are no unknown adversaries lurking in their environment that traditional technology might have bypassed. Apart from this we keep our eyes open for the best talent that we can find and invite them to join us reinstating the ‘absolute quality’ that BHIS stands for,” ends Strand.