Gary Lobermier of Northwestern Mutual on building purple team automation that validates hundreds of MITRE ATT&CK techniques daily.
Resources
Blog
Sprocket Security
Blogs by Sprocket Security
Andy Grant explores what happens when you remove time-boxes, checklists, and rigid scope from offensive security and trust skilled engineers to follow their intuition.
PTaaS improved how testing is delivered. Continuous PTaaS improves security outcomes. Learn what your program needs to actually reduce risk over time.
Legacy healthcare systems can’t be patched but they can’t be ignored. Learn how to pentest around clinical assets without disrupting patient care.
Know what a HIPAA auditor will ask for before they show up. A tier-by-tier breakdown of the security evidence that separates audit-ready organizations from the rest.
Your EHR vendor’s security gap is your HIPAA liability. Learn how third-party health IT risk exposes covered entities and what a mature vendor risk program requires.
