Social engineering is a special form of penetration testing that simulates an attack vector which leverages the human element of an organization’s security program. Chris has years of social engineering experience in a professional setting as well as in a competition setting — Chris won the SECTF at Def Con 24 and was awarded a Black Badge. While traditional social engineering tests normally only include the general user community, Chris prefers to include IT support areas and executive staff as well, since those groups’ roles and access represent more risk to the organization.
Our approach to penetration testing is similar to our approach to social engineering: while finding and exploiting vulnerabilities is important, what’s more useful is testing a client’s monitoring, detection and response processes. A vulnerability discovered and exploited without the testing activity being detected by the organization is a much larger risk than it would be after the tester has been detected. While any vulnerability should be addressed, any that can be exploited without being detected should be given a higher priority.
CG Silvers helps you prepare for and react to a cybersecurity incident. Our comprehensive incident response (IR) services range from developing an IR response program to actually responding to a security emergency. We customize our IR services to your specific needs -- whether you need IR training for your existing team or simply evaluation of your existing environment for security breaches.
RISK & COMPLIANCE
Leveraging a wide range of professional experience that includes mail-order retail, contract services, financial services, and corporate mergers, CG Silvers Consulting brings a unique understanding of business realities to risk and compliance consulting.
Specializing in NIST, PCI, HIPAA, and SANS risk frameworks, we apply the intent of each control to enable our clients to implement creative solutions that do not compromise their ability to maximize company success. For example, while conducting a PCI DSS Gap assessment, the client expressed concerns over forcing their employees to remember passwords that contained upper-case letters, lower-case letters, and numbers. By interpreting the password requirements, CG Silvers Consulting was able to advise the client to use longer passwords without complexity requirements. Since this met the intent of the control (strong password entropy), it satisfied the requirement.
INFORMATION SECURITY EDUCATION
CG Silvers Consulting provides pragmatic, hard-hitting security awareness in a customized setting. It’s common for employees, executives and IT staff alike to doze off when the security awareness training they receive is just like any other. CG Silvers Consulting delivers something different. We engage our audience with hands-on demonstrations and stories from our years of experience, administering eye-opening lessons that stick with our students. Audiences come away from security awareness sessions with a set of concrete skills that enable them to play an active role in the security of the company.
SECURITY DOCUMENTATION DEVELOPMENT
Don't waste your investment in your security program by overlooking the power of documentation.
Your organization has decided to invest in security – risk assessments, penetration tests, teamwide trainings, you name it. How do you ensure you get maximum return on your investment year over year? At CGSC, we believe the best way to ensure sustainability in your security program is to develop and maintain supporting documentation that has its own life outside of any one project or team member's tenure at your organization. Get the most of your investment by continuing your security journey with CGSC, the trusted experts in security documentation with decades of industry experience.