Did you know? With over 69 years on the throne, Queen Elizabeth II is the longest reigning monarch in British history. After her, Charles, the Prince of Wales will ascend to the throne, his son William will follow, and so on.

Maybe you’re ahead of the game, but in today’s day and age, more and more organizations are recognizing the inherent advantages to fostering a multigenerational workforce.

(And Why I Did It) For those of you who work in web application security, maybe you’re familiar with Burp.

We all know that cybercriminals are now a thing.

Background First coined in 1994 by Stephen Marsh in his doctoral thesis, Formalising Trust as a Computational Concept, the term Zero Trust was later popularized by a Gartner research analyst. Some years later in 2011, when Google announced its internal implementation of Zero Trust architecture, the concept helped spark a new, wide-spread interest in the technology and security communities. In response to this increased public interest, the National Institute of Standards and Technology (NIST), in coordination with the National Cybersecurity Center of Excellence (NCCoE), developed a special publication (SP 800-207) on Zero Trust architecture and have since published additional information on implementation practices.

During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.

Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.

Overview Offensive Security has released several new courses recently, including Evasion Techniques and Breaching Defenses (PEN-300), which primarily focuses on “penetration tests against mature organizations with an established security function.” After reading that overview on the website, I was excited to take on the challenge and expand my knowledge base in preparation for obtaining the OSEP certification.