Analytics Insight Cover Story 2020
COMBATING CYBER RISKS WITH CUSTOMIZED CYBER SECURITY PROGRAMS
Specialized Security Services, Inc. (S3 Security) develops and maintains custom-tailored cyber security programs, allowing enterprises to elevate security where it belongs— top of mind and top-down. S3 Security is a women-owned, global cyber security firm with headquarters in both Dallas, TX and Europe. For over two decades, the company’s expert team has successfully assisted businesses with the implementation and oversight of their information security, privacy, and regulatory compliance programs. Specialized Security Services, Inc. bridges the gap between an organization’s business goals, cyber security needs and compliance requirements to become their trusted and valued security partner for life. S3 Security was founded by Mitchelle Schanbaum, CEO and Scott Schanbaum, CTO in 1999. Together, they created a team that provides trusted advice and project management in all areas of information security including risk management, incident response, policy and procedure development, security architecture, secure payment solutions, ASV, PCI, NIST, HIPAA, and HITRUST compliance.
”With a growing threat landscape, it is imperative to find a trusted security advisor to help guide you through the daily attacks and compliance initiatives.
AN EMPOWERING LEADER TRANSFORMING CYBER SECURITY PROGRAMS
John Knight is the Senior Vice President (SVP) of Cyber Security & Technology Services at S3 Security and leads the company’s team of expert cyber security engineers and penetration testers. As part of the Cyber Security Services Team, John’s areas of expertise include identifying system shortfalls, assessing and implementing solutions, in addition to managing complex security requirements for clients.
John leads the S3 Security’s team of Cyber Security Engineers in identifying and assessing vulnerabilities, threats, and attacks on enterprise products and environments. He and his team skillfully perform advanced technical assessments, conduct attack surface reviews, and recommend layered defenses to prevent exploits, detect and intercept attacks, and discover threat agents. These findings are then translated from highly technical concepts into business impact with remediation recommendations for S3 Security’s impressive list of clients. With 20 years of experience in Systems and Network Security and nearly a decade of tenure at S3 Security, John has performed both Compliance Assessments and Engineering Services for clients in a broad range of industries. He applies his extensive technical knowledge to understand the most complex information technology environments and explain multifaceted security concepts to non-technical business partners.
This range of experience gives John the unique ability to evaluate S3 Security clients’ complete security posture and provide actionable recommendations for improvement without sacrificing business goals. John leverages his excellent interpersonal skills in his directorial use of resources, team building, and staff development. He has held many professional certifications over his career but currently maintains five which includes QSA, ASV, HITRUST, CISA, and CISM.
MANAGING RISKS WITH ENHANCED INFORMATION AND CYBER SECURITY SOLUTIONS
According to John, 2020 has been full of the unexpected. In a matter of months, the world has been thrust into the most extensive work-from-home experiment that has ever been conducted. Information Security Teams have had to scramble not only to get employees equipment and access, but also to implement new security strategies simultaneously. He suggests, “It is like changing the wheels on a bus as it’s going down the road.”
Overall, John says he is proud to see how the industry has responded and adapted to the rapidly changing needs of their businesses and IT security needs. S3 Security has helped its clients navigate this unpredictable and reactive environment, and the company remains committed to providing their clients with the latest cyber and information security guidance.
However, John emphasizes that today’s cyber attackers are more advanced than at any time in modern history. Social distancing requirements have stimulated wide-ranging technology changes such as the shift to remote workforces, the use of cloud platforms, video conferencing, and even managed IT services to reduce costs. All of these new remote access points create many more opportunities for cybercriminals to compromise. The same technologies that have been deployed to safeguard clients’ environments and securely store data such as AI, machine learning and cloudbased services, are now being utilized by cybercriminals to do the opposite.
Hackers are now leveraging brute force attacks by password generators to deduce passwords up to 100 billion guesses per second. Further, combine that with cloud-based technology, and criminals can guess an eight-character password in as little as 12 minutes. Even multi-factor authentication has come under attack with criminals leveraging various techniques to defeat second and third-layer security protections such as spoofing SMS text messages or reverse-engineering authentication flows and excerpting credentials from mobile apps.
How can this threat be mitigated? John suggests one of the most crucial needs for IT Security Teams in this environment is a real-world look at how attackers could exploit an organization’s vulnerabilities and guidance on how to stop them. Many organizations have implemented a variety of cyber security measures to protect their environment. But penetration testing is the best way to truly discover how well a cyber security strategy is working.
S3 Security has cultivated and invested in the best penetration testing talent the world has to offer. The company’s dynamic crew of expert cyber security engineers perform advanced penetration testing for networks, web applications, business applications, mobile applications, cloud infrastructure and APIs, to name a few. Unlike other cyber security companies, S3 Security doesn’t use one single tool to perform automated penetration testing and pass along a generic and templated report. The S3 Security Penetration Testing Team uses a variety of tools and manual processes to simulate an authentic attack. “What better way to understand your organization’s potential vulnerabilities than to approach it from a criminal’s perspective?” asks John.
ENSURING SECURE ENVIRONMENTS TO PROMOTE CLIENTS’ BUSINESS GROWTH
Our S3 Security Penetration Testing Team holds some of the most intense certifications in the industry, are natural problem solvers, and are unrelenting in their quest to find any potential exploits.
S3 Cyber Security engineers use leading industry standard tools when it comes to penetration testing and has partnered with several scanning vendors to help build up their ASV scanning programs; however, they perform the majority of their penetration testing using manual techniques. The company promotes collaborative efforts from its engineering team on services to ensure all aspects are covered to identify security risks. The Cyber Security Engineering Team is also relentless in its pursuit to gain access to identified systems during their engagement.
Further, S3 Security’s proprietary strategic reporting model calls upon its 21 years of experience to provide enterprises with detailed findings and actionable recommendations for improvement without sacrificing business goals.
The company’s clients who have experienced S3 Security’s penetration testing services have described it as “one of the best penetration testing offerings in the industry.” Many of S3 Security’s clients who regularly have vulnerability scans with few findings and are compliant within their required frameworks are astounded to find that S3 Security’s Cyber Security Engineers can still bypass their security and gain access to key infrastructure through penetration testing. S3 Security’s penetration testing reports provide a detailed description of what the penetration testing team was able to compromise and guidance on how to fix the problem. S3 Security also offers a Vulnerability Management Center (VMC) Program that helps clients identify new threats and provides assistance from S3 Security Cyber Security Engineers to remediate vulnerabilities and mitigate the risk of potential threats.
INSIGHTS INTO THE FUTURE OF S3 SECURITY AND CYBER SECURITY
S3 Security has witnessed the change of the threat landscape over the past 20 years and has continually adjusted the skill sets of their teams to identify and mitigate the risk of these evolving cyber threats. The company has always encouraged self-learning/improvement for it’s employees and career advancement from within.
As the industry has had to adapt to the presence of cloud threats, John projects that this space will only grow in the future with more complex and multi-level cloud, web, and API security threats. “Opportunistic and predatory criminals will never cease utilizing opportunities to exploit vulnerabilities. As long as these threats exist, teams like ours will be there working alongside clients to mitigate them.”