Screen Shot 2014-12-14 at 2.50.50 PM

The Truth Behind Anomaly Detection

I am often asked “How did you find that?” The answer is usually not as simple as “I clicked here, then there, then boom.” Rather, it’s an in-depth discovery process: “I found IP x.x.x.x is their internal scan box, x.x.x.x is the CMS (Configuration Management System), x.x.x.x is the Nagios server, x.x.x.x runs their ‘Y’ […]

Businessman and business sketch

CISOs Need a Board Coach

This article originally appeared on RSA Conference blog on January 23, 2015. Join the conversation! Boards are concerned about cybersecurity, specifically about how it impacts their reputation and securities (stock). The CISO is capable of assisting the organization in selecting, deploying, and managing the capabilities to address risks identified by the board. What sounds like […]

Filing Tray Piled High with Documents

Tips on Data Retention for Electronic Hoarders

Businesses typically hold onto data much longer than they should. Information is an asset that has strategic worth to business, but it can also carry a lot of liability. As valuable as data is to an organization, it can have just as much value (if not more) for an adversary. Sony Entertainment found this out […]


Act Now: Prevent WordPress Brute Force Attacks

Our Security Operations Center at Rook Security has observed a large number of WordPress brute force attacks. These attacks have been leveraging the target site’s name and real names identified throughout the site. In this blog, I have included a snippet of the username and password combinations that are typical of this attack as well as […]


A Look Back at Rook Security in 2014

In 2014, our team at Rook Security grew by 165%. It’s safe to say it’s probably been our craziest year yet! We created this infographic to have a little fun and review some of the year’s biggest highlights. Team Growth From January 1, 2014 to December 31, 2014, our staff more than doubled in size, going from […]


The Importance Of Fundamentals

I recently read two articles that make me wonder when, and if, organizations will ever commit to the fundamentals of information security. A CSO article was brought to my attention by fellow infosec guy and cigar aficionado, Eric Cowperthwaite, in his blog Security, Cigars & FUD. The article, “Why the Board of Directors Will Go Off On Security […]

2015, silhouette of a woman standing in the sunrise

New Year’s Resolutions from Rook Security Pros

Want a New Year’s resolution that doesn’t involve going to the gym or losing 15 pounds? Rook Security’s consultants have put together the following security-related resolutions for you and your company to consider. I resolve to… [Get Serious] “…work with information security professionals to ensure they truly understand our business.” -Chris Blow “…hire based on […]


ICYMI: InfoSec Santa’s Complete Holiday Gift Guide

Did you forget to get your favorite InfoSec friends a gift this holiday season? We’ve got you covered! Here’s the full list of holiday gift ideas from InfoSec Santa. WarGames (DVD) Countdown to Zero Day by Kim Zetter (book) Raspberry Pi Model B+ Dissecting the Ethical Hacker by Michael Willburn (book) Tron: Legacy (DVD) Spam […]

rook uncut stacked logo (2)

Rook Uncut: 3 Steps in Preventing Spear Phishing Scams

Welcome to “Rook Uncut,” a blog series that features common questions frequently posed to our security experts. With new data breaches or information security concerns making headlines each day, Rook is often approached by peers, friends, family, and the media to provide insight. Rook Uncut gives you quick and raw answers to your security questions. […]


Risk Sign-Offs: A CISO’s Political Suit Of Armor

In the brutal world of corporate blame games, there’s no better scapegoat for a big time data breach than a CIO or CISO. When heads roll following breach fallout, more often than not it is a tech executive’s proverbial cranium spinning for the benefit of ticked off customers and shareholders. Look no further than Target’s former […]