Eye on Cyber: A Day in the Life of an Ethical Hacker

Listen to Podcasts:
Apple_Podcasts_Listen google_podcasts_badge@2x
“Innovation, organization, and sophistication—these are the tools of cyber attackers as they work harder and more efficiently to uncover new vulnerabilities,” reports Symantec in their 2018 Internet Security Threat Report. Ethical hacking services are a great way for organizations to unearth security weaknesses before they can be exploited by online criminals. In this instructive session, AAFCPAs’ IT Security professionals James Jumes and Vassilis Kontoglis go behind the disguise with our in-house Certified Ethical Hacker (CEH) Mr. Anderson, who reveals a day in the life of an Ethical Hacker. We review some of the covert tricks and techniques he uses! Additionally, we review the key cyber risk categories that are part of comprehensive Cyber Risk Assessments, as well as best practice recommendations to immediately enhance your cybersecurity posture.
These audio sessions were recorded live at AAFCPAs’ April 25th, 2019 Annual Nonprofit Educational Seminar. Slides may be downloaded by clicking here. >>

Watch the Full Video of this 35:32 Session

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis is a senior member of AAFCPAs' Business Process & IT Advisory practice with proven expertise in cyber security and IT risk assessments, data analytics and data visualization, and robotic process automation. He also has extensive expertise assessing IT general controls, and conducting System and Organization Control (SOC) attestations. He helps clients increase business process efficiency, effectiveness, and risk management.
Mr Anderson - Ethical Security Hacker
Mr. Anderson is a “white hat” ethical security hacker and business continuity advisor with extensive experience in the development & implementation of security-focused audit and control programs.   He is highly sought-after for his expertise in: security architecture reviews; penetration/vulnerability testing; business resiliency, disaster recovery and other remediation strategies; hardware system selection and configuration; cloud application security reviews; and wireless security assessments. Mr. Anderson has a deep understanding of industry standards and extensive experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, GLBA audits, and ISO, SOX 404 compliance requirements, including all phases of planning, evaluation, documentation, testing and remediation.