what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Thursday, October 07, 2010

playing tigerteam at the end of SecureICT talks

Tigerteam, a TV show about pentesting, released back into 2007 was screened at SecureICT conference on 6th, in the evening. Tigerteam, composes of Nickerson Chris, Ryan Jones and Luke McOmie, shows them break into targets they are hired to by their clients. Attacks include exploitation of Human vulnerability, technological attacks, physical attacks etc.



Tuesday, October 05, 2010

Bad Security Service adds up sum to Losses after a threat succeeds

One funny thing i have learned is that several Security Vendors dont really test security effectively even when contracted to do so. Others may say its more of jurisdiction purposes or the scope, but i think if you are paid to minimize risks for a corporation you should do it at the best value possible.

This comes to the topic pentest. A lot of the vendors don't understand what pentest is and thus, that affects their clients, so leaving them at a greater risk due to the fact they leave, telling them they are secure and so letting them, let gaurd down.

One of the Pentest report i got hold of was explaining how there were open ports which they dint or were not able to exploit but had holes as seen from a scanner. To keep it short, should a pentest report have False positives. No, its should have info on entries that were used to get into the target.

They problem is that the above may require a team which is qualified, talented, intelligent and advanced in the field. Lemmie know your thoughts


Saturday, September 11, 2010

Kenya Banking infoinsecurity

Hi Guys.

SecureICT dates were changed to 5th and 6th of October.

I will also be doing a presentation on the above topic, where my main concerns will be on Internet banking, Mobile Banking, Bank Vendors, Physical and operational Security in banking, and several other topics which over the year 2010 i experienced.

This was inspired after a Head of Information security in a certain bank told me that they rely on TRUST.

See you there.


Wednesday, September 01, 2010

SecureICT 2010

Awesome, seven days to SecureICT.PanAfric from 8th to 9th this Month. John Long, with Google Hacking, Lucy Munga from E and Y with Information Risk and Assurance Services. Dr Bitange will be opening the conference, hope to see you all there.


Wednesday, January 13, 2010

Info Security in 2010, my predections

Its a new year again, and we heard so much noise around and there, eg the big Google hacked by China hackers and several governments getting heavily ready on Cyber security. My predictions will heavily involve where i come from, Kenya.

Kenyan Banks will start taking Information security serious and security assessment will be actively deployed as part of security policies.

Kenyan media will investigate more on the topic and we will see several blog post and stories being written.

Cyber crime will heighten up as Mobile Banking and Internet Banking becomes deployed and high tech crime will be cause of the new venture for armed robbery.

Mungiki and other Secs will take Cyber terror, spying and espionage for more gain as the year proceeds.

A strong Police Cyber Crime unit to be deployed as the year rolls out

Compiled by Chuks