Office of the CISO
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
AI Need-to-Know
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Thought Leadership
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Evaluating AI Performance: Practical Tools for ExCyTIn-Bench
Discover how to evaluate and refine AI investigation workflows with ExCyTIn-Bench tools. Learn about Python scripts for data ingestion and benchmarking, enabling repeatable metrics and improved performance.
Intune Suite Is Included in E3/E5 Starting July 2026: What’s Included and How to Plan for Adoption.
Discover how the inclusion of Intune Suite in Microsoft 365 E3/E5 licenses starting July 2026 will transform endpoint management. Explore features like Advanced Analytics, Endpoint Privilege Management, and Cloud PKI, and learn how to plan for adoption effectively.
Examining the ExCYTIn-Bench Approach for Benchmarking AI Incident Response Capabilities
Explore ExCyTIn-Bench, a pioneering framework for benchmarking AI in cybersecurity investigations. Learn how advanced reasoning strategies and process engineering can enhance AI’s role in SOC workflows and incident response.
Threat Simulation Index 2026 Release
The 2026 Threat Simulation Index (“Threat Index” or TSI) is a Threat-Driven Test Plan built annually with 100+ organizations across sectors. It changes annually so that it can reflect updated threat groups, software, and active TTPs used by adversaries. The Threat Index includes 55 test cases, applicable to any industry, and can be used to establish a common ground and prioritization for alignment with MITRE ATT&CK and to measure threat resilience against an industry benchmark.
Closing the Gap in Cyber Resilience: Why AI Investigation Benchmarks Matter for CISOs
Explore ExCyTIn-Bench, an open-source framework for evaluating AI in cybersecurity investigations. Learn how it challenges AI agents with realistic SOC scenarios, testing their reasoning, query formulation, and evidence synthesis capabilities.
The Shiny New Object: Is It Worth Deploying Purview’s New AI Functionality Yet?
Microsoft’s new AI functionalities in Purview offer exciting possibilities for data security investigations and posture management. Our blog explores the features, deployment challenges, and cost considerations to help organizations make informed decisions.
Microsoft Ignite 2025: The 6 Security Announcements Shaping 2026
Microsoft Ignite 2025 introduced six pivotal security updates, including AI governance tools, passwordless authentication, and autonomous threat response. Discover how these innovations can transform your security operations in 2026.
PRESS RELEASE: SRA Appoints Suzanne Hall as CISO in Residence to Advance Global Cybersecurity Strategy and Capabilities
Security Risk Advisors welcomes Suzanne Hall as CISO in Residence to advance global cybersecurity strategies and deliver business-aligned solutions for clients.
Clean Up Your DNS Records Before We Get Ants (or Hacked)
Dangling DNS records can lead to subdomain takeovers and other security risks. Learn how to maintain good DNS hygiene and protect your organization from malicious actors in our latest blog by Joel Wadley.
PRESS RELEASE: CrowPilot by Security Risk Advisors now generally available in Microsoft Security Copilot
Security Risk Advisors announces the general availability of CrowPilot in the Microsoft Security Store, an AI agent that integrates Microsoft Security Copilot with CrowdStrike Falcon EDR, empowering SOC teams to streamline operations and achieve faster, smarter threat responses.
Getting Specific with Ransomware Preparedness
Most industry ransomware guidance is focused on SMB protections for commodity malware that exploits low-hanging fruit via worming and trashing share drives and document folders. “Have good backups” is still good advice, but there is much more we can do and with more...
PAM: High Impact, High Failure Rate
Privileged Account Management (PAM) is a critical function in a modern cyber security program. PAM programs have a high fail rate for a variety of reasons, including: Lack of understanding of key risks around privileged accounts Resistance from system administrators...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
New Health Industry Cybersecurity Practices (HICP) Guidance Released: What You Need to Know
Explore HPH SCC’s new cybersecurity guidance for healthcare, offering a prescriptive approach to enhance industry-wide security practices.
Open Letter to the FDA
This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here). In our previous blog post, we provided an overview of the draft. We believe that...
FDA Pre-Market Medical Device Draft Guidance Review
FDA’s draft guidance on medical device cybersecurity could revolutionize industry practices for manufacturers and healthcare providers.
A Closer Look at MITRE ATT&CK Evaluation Data
MITRE ATT&CK’s first endpoint security evaluations of APT-3 reveal key insights into vendor performance and detection capabilities.
Creating a Project Sonar FDNS API with AWS
Learn to harness Rapid7’s Project Sonar for cybersecurity with our guide on creating an HTTP API to query internet-wide scan data, using AWS services.
Automating Payload Servers with AWS CodePipeline
Explore how AWS CI/CD tools can streamline offensive security operations with a payload server build pipeline, from code to delivery.
Finding and Decoding Big-IP and Netscaler Cookies with Burp Suite
Uncover the risks of ADC cookie leaks and secure your load balancing with SRA’s Load Balancer Cookie Scanner extension.
BSides PGH 2018 – Heavy Machinery and Burly Lumberjacks and Logging! Oh My!
Discover SRA’s Red Team SIEM strategies and tools presented at BSides PGH for efficient cyber engagement management.
BSides Philly 2017 – MFA: It’s 2017 and You’re Still Doing It Wrong
SRA unveils MFA best practices at BSides Philly. Learn to secure remote access and avoid common pitfalls. Watch on YouTube, slides on Slideshare.
New Vulnerability, Same Old Tomcat: CVE-2017-12617
Exploit Tomcat’s CVE-2017-12617 with our Metasploit module for remote code execution. Elevate pentests with System access. Get it on GitHub.
Peripheral Pwnage: Mousejacking 2.4 Ghz Input Devices
Explore advanced penetration testing methods beyond Responder, including mousejacking wireless peripherals for initial domain access.
The Macro Evolution: Bypassing Gmail’s Virus Filter and Reliably Establishing C2 Channels with Office Macros
Learn how a malicious Office macro can automate tasks and be abused in phishing attacks, despite multiple defensive layers. Protect against this threat.
A Smaller, Better JSP Web Shell
Discover our JSP Web Shell for RCE on Apache Struts, enabling command execution and file uploads within 1kb, even on limited servers.
VECTR for DORA TLPT Documentation
DORA-TLPT (Threat-Led Penetration Testing) requirements go live in January 2025! With TLPT frameworks like TIBER-EU and UK-CBEST, these assessments involve structured, high-stakes Red Team exercises. VECTR™ enhances compliance efforts by supporting Intel and Red Team phases, documenting TTPs, and visualizing threat data in a structured way. Explore how VECTR™ can streamline TLPT engagements and strengthen your organization’s resilience.
Market Maker Public Release
As part of our purple teams program here at SRA, we develop many different threat simulation plans (“bundles”), such as our Threat Simulation Indexes. To support the creation of these bundles, we developed the “Market Maker” (“MM”) suite of tools. Market Maker is a Python library, collection of command-line scripts, and several extensions.
PRESS RELEASE: Security Risk Advisors Unveils 2024 Test Plans for Cyber Threat Resilience Benchmarks
Elevate cyber resilience with SRA’s 2024 Threat Indexes for sector-specific benchmarking and threat assessment.
The Road to Benchmarked MITRE ATT&CK Alignment: Threat Resilience Metrics
TL;DR You can describe the progress of your cybersecurity program in a single, threat-driven metric: the Threat Resilience Metric. This metric is born from prioritized MITRE ATT&CK alignment and can be benchmarked with your peers. Prelude: NIST CSF and...
Malware Analysis: A General Approach
TL; DR Malware analysis has many benefits to organizations and their defenders; however, most organizations do not have processes defined for performing these actions. This post will walk through the questions that malware analysis can answer along with defining an...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
The Perniciousness of Emotet and Banking Trojans
Guard against Emotet, the banking trojan that steals data and credentials. Learn how to protect your organization from such cyberattacks.
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
Purple Teams and Threat Resilience Metrics
This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and...
A Closer Look at MITRE ATT&CK Evaluation Data
MITRE ATT&CK’s first endpoint security evaluations of APT-3 reveal key insights into vendor performance and detection capabilities.
Interpreting New Hospital Cybersecurity Requirements for New York State
Effective October 2nd, 2024, New York State released new Hospital Cybersecurity Requirements, in section 405.46. Learn how to configure your Azure and Sentinel ecosystem to support the log storage requirements outlined in section 405.46.
Using Purview and M365 to Mitigate Data Security Risks in Microsoft Teams Meeting Recordings
Recording Teams meetings is a convenient way to memorialize an important discussion. But without proper controls in place, recordings can capture sensitive information, consume valuable cloud storage space, and become a data loss vector. Make sure your organization has configured the right settings to mitigate these risks and learn how to use Purview to understand if the organization is already oversharing.
Introducing Epic Monitoring for SCALR XDR: Elevating Healthcare Security
Electronic Medical Records (EMR) solutions contain a healthcare organization’s most critical and sensitive patient data. However, these EMR systems are rarely monitored, and there is often no regular review of the system for security events. This puts the most important data source in your organization at risk and can potentially lead to data breaches, unauthorized access, and other security incidents that could compromise patient privacy and the integrity of the medical records. Healthcare companies using SCALR XDR as their CyberSOC can now including monitoring of their Epic EMR as part of their 24×7 monitoring service.
Unlocking Microsoft’s Audit Logs: A Comprehensive Guide to Enhanced Security and Risk Mitigation
Microsoft now offers premium audit logs to E3 license users, enhancing visibility and reducing risk exposure by providing critical security logs at no extra cost. Learn to navigate, retrieve, and apply these logs in real world applications.
An Overview of Deputies in AWS
In an AWS customer account, resources like virtual machines and databases are typically created by user principals tied to that customer, such as a developer role or IAM user. In some circumstances however, AWS itself will create/interact with resources in a...
Microsoft Purview: You Get Out What You Put In
Microsoft’s recently rebranded Purview suite of data governance, security, and compliance solutions offers more capabilities than ever before within a single product. But without a fundamental understanding of your data, getting value out of these tools remains a challenge. Defining your organization’s critical data and objectives for protecting it is a critical first step in maximizing the value of any Purview deployment.
Understanding and Applying Vector Databases to Supercharge your SOC with AI & Copilot for Security
Discover how Azure AI Search integration enhances threat intelligence with vector databases in Copilot for Security.
Building a Copilot for Security Custom NetFlow Plugin
We’ve built a custom Copilot for Security plugin that would take advantage of network flow data and use the power of Copilot for Security to extract the exact time and IP address of a host involved in a security incident, then go retrieve, summarize, and analyze the netflow data within 30 minutes on either side of the first noted malicious event to determine if there was potential for lateral movement or other key indicators of attack. This can give insight to understand if an attacker may have attempted to move laterally on your network, and if so where, and using which protocols.
Build: Azure Sentinel – Automated Evidence Storage Folders
Azure Sentinel have evolved into an excellent SIEM platform that we operate, tune, and optimize for many of our clients. One of the top features that differentiates Sentinel is that it is truly cloud native, fully exposing its data and functionality for use with all the other capabilities in Azure. I see the sky-as-the-limit when it comes to being able to creatively augment Sentinel with valuable features and functionality.
Getting Started in Cyber Physical System Security Defense
TL;DR – The best way to get started with Cyber Physical System Defense is to create a defense plan, collect asset inventory, and begin implementing monitoring infrastructure. These steps are all much easier said than done. Let's say you just found out that your...
CISO Guidance for AI Security
AI introduces both risks and opportunities for businesses, and organizations should be prepared to protect their AI technology at the same level they protect traditional “crown jewel” or other sensitive data. Senior leadership will look to CISOs for guidance both on how to protect AI and how to use it to enhance the security of their organizations. What follows is some guidance on how a CISO might proceed as AI technology evolves and is deployed.
Trends in Third-Party and Vendor Risk Management
Enhance TP/VRM with SRA’s methodology for risk profiling, efficient assessments, and continuous monitoring to secure vendor relationships.
Business Implications of the CLOUD Act
New U.S. CLOUD Act governs access to overseas data, impacting businesses with cross-border data storage. Learn the implications for your company.
Insurance Sales Agent Module Design wins AAA NCNU and Security Risk Advisors GRC team Archer Platinum Innovation award
Discover insights from the Archer User Summit, where global Archer professionals unite to innovate and share success stories.
Highlights of Archer Version 5.5 Service Pack 3
Explore the top Archer 5.5 enhancements, including session timeout alerts and bug fixes for a smoother user experience.
Save time by using Archer-to-Archer data feeds to populate Finding application records
A useful feature of Archer is the ability to automatically generate findings from compliance or risk assessment questionnaires when questions are answered incorrectly (which may indicate that an expected control is not in place). The screenshot below depicts such a...
Getting Started with Business Continuity Management in the RSA Archer GRC tool
Streamline business continuity with Archer BCM Transition, ensuring automated, repeatable processes for robust GRC integration.
Custom employee review process takes advantage of RSA Archer’s In-Line Editing capability
Streamline performance reviews with Archer In-Line Editing, enhancing efficiency across branches in real-time analysis.
RSA Archer: Think “objectives” instead of core modules
Optimize Archer for specific use case objectives to streamline compliance, risk management, and recovery processes.
Securing the Point of Sale Device
Protect against a POS security breach with P2PE-HW principles. Encrypt CHD at swipe and secure key management.
Streamline PCI compliance with a GRC Tool
Ease PCI DSS compliance with a GRC tool. Streamline assessments and enhance security. Contact info@sra.io for solutions.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE: Security Risk Advisors Has Been Authorized by the CVE Program as a CVE Numbering Authority (CNA)
June 13, 2023 – International cybersecurity consulting firm, Security Risk Advisors (SRA), has been authorized as a CVE Numbering Authority (CNA) by The CVE Program. As a CNA, Security Risk Advisors will be responsible for the regular assignment of CVE IDs to...
PRESS RELEASE: Security Risk Advisors Hires New Director of Client Relationships
Security Risk Advisors announced the hiring of new Director of Client Relations, Howard Garfield, who joins the leadership team after decades of industry experience.
PRESS RELEASE: SRA Announces Partnership with the International Rescue Committee, Offers SCALR XDR Pro Bono
Philadelphia, PA: Cybersecurity firm, Security Risk Advisors (SRA), has partnered with the International Rescue Committee (IRC) to provide 24x7x365 cybersecurity monitoring services through its SCALR™ XDR solution at no cost. The International Rescue Committee (IRC)...
PRESS RELEASE: Security Risk Advisors Adds Ignacio Calles as CFO
Philadelphia, PA ---Security Risk Advisors (SRA), a cybersecurity consulting and software firm, is proud to announce the recent hire of new Chief Financial Officer, Ignacio Calles. SRA specializes in providing clients with ethical hacking, cyber defense engineering...
PRESS RELEASE: SRA Adds Mamani Older as Director
Philadelphia, PA - Security Risk Advisors is proud to announce the recent hire of a new director, Mamani Older of Westchester, NY. Older will serve on SRA’s executive leadership team overseeing the direction and operations of the consulting firm that specializes in...
PRESS RELEASE – SRA Designated as a Distinguished Vendor by TAG Cyber Security
Philadelphia, PA – April 16, 2021 – Security Risk Advisors, an industry leader in cyber security consulting and CyberSOC, is proud to announce its designation as a Distinguished Vendor in this year’s Second Quarter 2021 TAG Cyber Security Quarterly. The TAG Cyber...
PRESS RELEASE – Security Risk Advisors creates scholarships for RIT’s Cybersecurity Bootcamp program
Security Risk Advisors is proud to announce the creation of the SRA Next Gen Cybersecurity Scholarships. Through the scholarships, SRA is offering $25,000 for underrepresented professionals looking to enter the cyber workforce through RIT’s Cybersecurity Bootcamp program.
PRESS RELEASE – Security Risk Advisors Announces Expansion in Philadelphia and a New Office in Rochester, NY
For Immediate Release: Wednesday, June 19, 2019 Contact: Amanda Larsen | amanda.larsen@sra.io | (401) 743-6926 SECURITY RISK ADVISORS ANNOUNCES EXPANSION IN PHILADELPHIA AND A NEW OFFICE IN ROCHESTER, NY Cybersecurity and Risk Management...
PRESS RELEASE – Empire State Development Announces Investment in Security Risk Advisors Move to Rochester
For Immediate Release: Tuesday, June 18, 2019 Contact: Shari Voorhees-Vincent | Shari.Voorhees-Vincent@esd.ny.gov | (585) 399-7055 Press Office | pressoffice@esd.ny.gov | (800) 260-7313 EMPIRE STATE DEVELOPMENT ANNOUNCES INVESTMENT IN SECURITY RISK ADVISORS...
PRESS RELEASE – Security Risk Advisors Teammates Chose Non-profits to Receive $120,000 of Donations in 2018
Philadelphia ---Security Risk Advisors (SRA), a Philadelphia-based cybersecurity consulting firm, is proud to report that our teammates chose the 78 non-profit organizations to receive $120,000 of SRA’s charitable giving in 2018. One of SRA values is 'It's Personal'....
Follow us on social media
Browse our Webinars
Access these virtual events on-demand and get valuable insight from our thought leaders and subject matter experts.
Get Curated Security News and Critical Vulnerability Reports
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats.