Print Friendly, PDF & Email

Eye on Cyber: A Day in the Life of an Ethical Hacker

Listen to Podcasts:

Apple_Podcasts_Listen google_podcasts_badge@2x

“Innovation, organization, and sophistication—these are the tools of cyber attackers as they work harder and more efficiently to uncover new vulnerabilities,” reports Symantec in their 2018 Internet Security Threat Report. Ethical hacking services are a great way for organizations to unearth security weaknesses before they can be exploited by online criminals. In this instructive session, AAFCPAs’ IT Security professionals James Jumes and Vassilis Kontoglis go behind the disguise with our in-house Certified Ethical Hacker (CEH) Mr. Anderson, who reveals a day in the life of an Ethical Hacker. We review some of the covert tricks and techniques he uses! Additionally, we review the key cyber risk categories that are part of comprehensive Cyber Risk Assessments, as well as best practice recommendations to immediately enhance your cybersecurity posture.

These audio sessions were recorded live at AAFCPAs’ April 25th, 2019 Annual Nonprofit Educational Seminar. Slides may be downloaded by clicking here. >>

Watch the Full Video of this 35:32 Session

 

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Advisory Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis Kontoglis
Vassilis is a highly-skilled IT professional with proven expertise in: business process improvement and change management, information systems gap analyses, cyber security and IT risk assessments, systems selection & implementation, IT auditing, and special attestation reporting (SSAE 18 and SOC 2). Vassilis performs comprehensive and thorough reviews of technology systems and environments, and advises clients on how to use technology to best achieve business goals and objectives.  He elicits input from stakeholders at all levels of the organizational hierarchy in order to thoroughly evaluate business performance across functional boundaries.  He analyzes current and potential business and IT processes to identify clear opportunities for improvement, which may include streamlining and automation, productivity increases, strategic alignment and cost reductions.
Mr Anderson - Ethical Security Hacker
Mr. Anderson is a “white hat” ethical security hacker and business continuity advisor with extensive experience in the development & implementation of security-focused audit and control programs.   He is highly sought-after for his expertise in: security architecture reviews; penetration/vulnerability testing; business resiliency, disaster recovery and other remediation strategies; hardware system selection and configuration; cloud application security reviews; and wireless security assessments. Mr. Anderson has a deep understanding of industry standards and extensive experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, GLBA audits, and ISO, SOX 404 compliance requirements, including all phases of planning, evaluation, documentation, testing and remediation.