
Getting Started in Cyber Physical System Security Defense
TL;DR – The best way to get started with Cyber Physical System Defense is to create a defense plan, collect asset inventory, and begin implementing monitoring infrastructure....

Penetration Testing in a Continuous Security Testing Program
Overview At SRA, we have seen firsthand that incorporating both penetration tests and purple teams in a cyber security program provides a healthy balance between increasing both...

Happy Birthday NIST CSF!
The NIST Cybersecurity Framework (CSF) turned 10 years old in February 2023. As the CSF begins its second decade, we revisit the framework itself, SRA’s experience with a few common challenges, and preview the coming changes.

PDCD: Orchestrating Payload Generation
PDCD is a command-line tool designed to generate payloads by running single-purpose Docker containers either locally or remotely.

Timberlake: AWS Attack Automation
Timberlake is a tool we are releasing that helps to automate AWS attack simulations. It was originally designed to support our purple team operations here at Security Risk Advisors. In this blog, we will introduce the Timberlake tool and its functionality.

S4x23 SBOM Challenge: Post-Conference Update
If you really need one, here’s the TL;DR – The SBOM market is emerging. Asset owners are unsure if they want them and suppliers/OEM’s are either considering adoption, have...

Listen to the Cyber Kumite Podcast and Video Series
Each week we deliver new discussions about the cybersecurity industry, challenges, and best practices. CISOs and other security specialists join us to bring their insight on each topic.
Interested in what we do?
Explore our Advisory Services to learn how our team can help improve your cyber program.