_Column Sponsor


Devo Advanced Directory.jpg

Devo delivers real-time operational and business insights from analytics on streaming and historical data to operations, IT, security and business teams at the world’s largest organizations.

The Devo Data Operations platform offers the speed to deliver blazing-fast insights, the simplicity to ensure non-technical users can discover their own insights, and the scale to meet the data volume and query demands of the world’s largest organizations.

Customers in telco, financial services, manufacturing, IoT and other sectors use Devo to gain real-time operational intelligence from their streaming and historical data.

Recorded Webinar: Threat Hunting Reimagined

Threat hunting is a challenging, complex and time consuming exploratory activity. Threat hunters must explore, prioritize & investigate threats, gather data with context, connect disparate pieces of data, and conduct rapid and relevant analysis. Unfortunately today's tools get in the way and prevent the analyst from doing what they do best - hunt threats.


An InfoSec Life Column is Made Possible by the Generosity of Devo.

We are ever so grateful for your support!


  Contributions to ITSPmagazine

  Latest News

  Where Can You Find Devo?




STEALTHbits is a leading data security software company that helps ensure the right people have the right access to the right information. We protect organizations from malicious access to their information. By defending against credential theft and abuse, and giving customers insight into the access and ownership of their unstructured data, we reduce security risk, fulfill compliance requirements and decrease operations expense.


An InfoSec Life Column is Made Possible by the Generosity of STEALTHbits.

We are ever so grateful for your support!


The 2018 Study on the State of Data Access Governance

  Webinars and Videos


  Podcasts on ITSPradio

  Recent Contributions to ITSPmagazine

  Their Story Articles and Podcasts

  Latest News and Updates

  Where Can You Find STEALTHbits?



Bugcrowd Advanced Directorty logo.jpg

Bugcrowd has redefined crowdsourced security. We combine actionable, contextual intelligence with the skill and experience of the world’s most advanced hackers to help leading organizations solve security challenges, protect customers, and make the digitally connected world a safer place.

Bugcrowd. Outhack Them All.™


The Academy Column is Made Possible by the Generosity of Bugcrowd.

We are ever so grateful for your support!



Inside the Mind of a Hacker, 2019 Edition

According to a recent report, 71% of cybercriminals say they can breach the perimeter of a target within 10 hours. The only way to combat this threat is with the help of the white-hat community.

The crowdsourced security model harnesses this global white-hat community, with different experiences, perspectives and backgrounds, enabling organizations to leverage this untapped talent – something that would be nearly impossible otherwise.

The 2019 Inside the Mind of a Hacker Report highlights the makeup of the white-hat community to gain insight and understanding into who they are, what they like to do, their experiences, skill sets, as well as what motivates them.

To learn more about the bug bounty marketplace, download Bugcrowd’s 2019 #ITMOAH report here.

  Webinars With Bugcrowd

  Contributions to ITSPmagazine

  Latest News

  Where Can You Find Bugcrowd?




Nintex is the world’s leader in intelligent process automation (IPA) with more than 7,500 enterprise clients and an extensive global partner network across 90 countries who have automated, orchestrated and optimized hundreds of manual processes. With its unmatched breadth of capability and platform support delivered by unique architectural capabilities, Nintex helps line of business owners and IT departments accelerate progress on digital transformation journeys. Nintex Workflow Cloud®, the company’s process automation platform, connects with all content repositories, systems of record, and people to consistently drive successful business outcomes.


Intelligent Process Automation (IPA) is the key to automating, orchestrating, and optimizing the modern workplace. Learn more at http://nintex.me/uJUXy_UQ

Nintex World Tour Houston

Join us at the Nintex World Tour in Houston to learn how to transform your business quickly and intelligently with process management, automation and optimization.

Hear how other companies are digitally transforming their business and driving innovation. Get the latest Nintex product updates and network with process and workflow experts. Choose from eight different business and technical breakout sessions. You’ll get the tools and training you need to become a workflow and process management hero.

Nintex World Tour Highlights:

· Hear from organizations about their approach to digital transformation, including specific process and workflow automation use cases

· Get Nintex product updates and info on new offerings, like Nintex Promapp and Nintex Sign powered by Adobe Sign

· Learn best practice approaches to managing change and engaging your business teams in transformation efforts

· From process mapping and workflow, process and document automation to RPA and e-signatures – you’ll learn about it all in technical breakout sessions

· Check out the solution showcase demo stations to see process management, automation and optimization solutions in action.

Registration Is Free

Total Economic Impact Study Finds Big Business Benefits with Nintex Workflow for Office 365

New study shows global enterprise organizations deliver workflows faster, save money and improve employee productivity by leveraging the Nintex Platform.

Bellevue, WASH.—December 5, 2018—Nintex, the global standard in process management and automation, today released a new Forrester Total Economic Impact™ (TEI) study to help business and IT decision makers experience the significant business benefits and cost savings provided by the Nintex Platform.

Nintex commissioned Forrester Consulting to conduct an independent study of the total economic impact of Nintex Workflow for Office 365. The research included an in-depth look at quantifiable and more subjective benefits organizations report with Nintex for Office 365 including the speed and ease to build and deploy workflows as well as organizational agility and compliance improvements.

Nintex Chief Evangelist Ryan Duguid said, “We’re focused on empowering ops, IT and business leaders to improve the way people work through process management and automation. Our technology empowers individuals and teams to solve process pain points and accelerate business outcomes quickly and easily.”

Nintex’s new State of Intelligent Process Automation Study identifies how company decision makers and line of business employees view their enterprise digital transformation progress, successes, and adoption challenges.

The study finds that majority of U.S. companies (64 percent) have followed a formal digital transformation plan for three years or less, while one-third of companies have followed a plan for one year or less. Though most companies are in the early digital transformation adoption stages, 94 percent of decision makers say their transformation efforts are successfully delivering valuable returns on their investments.

Though positive progress on digital transformation goals shows promise, the research reveals a distinct barrier to overall digital transformation success: poor top-down communication.

Learn more by reading the report.

Nintex ranks as a Leader in the inaugural Aragon Research Globe for Digital Business Platforms based on an evaluation of 27 major providers in the market. Nintex leads because of the speed, ease and power the platform provides to end users in the development and optimization of digital workflows.

  Podcasts on ITSP Radio

  Recent Contributions to ITSPmagazine

  Their Story Articles and Podcasts

  Latest News

  Where Can You Find Nintex?



BNS UEP is a Technology Research and Development organization that provides industry analyses for enhancing and optimizing the digital landscape. Discover how Building Noble Solutions with Unified Enablement Partners™ delivers actionable intelligence for shifting mindsets, changing narratives, and enhancing brands.


Diverse IT Column is Made Possible by the Generosity of BNS UEP.

We are ever so grateful for your support!


  Contributions to ITSPmagazine

  Latest News

  Where Can You Find BNS UEP?



Esdgescan on ITSPmagazine.jpg

Fullstack Vulnerability Management to detect weaknesses across web applications and supporting hosts. Continuous Vulnerability Assessment coupled with expert human intelligence - Virtually False Positive Free.

Full Stack Security: Websites, apps (mobile/web/cloud), software, servers and networks with over 57,000 assets under vulnerability management, edgescan is a listed "notable vendor" in the Gartner’s Magic Quadrant for Managed Security Services and a “sample vendor” in the Gartner Application Security Hype cycle.


At The Edge Column is Made Possible by the Generosity of Edgescan.

We are ever so grateful for your support!


App layer is where the risk lives:

In 2018 we discovered that on average, 19% of all vulnerabilities were associated with (Layer 7) web applications, API’s, etc., and 81% were network vulnerabilities.

The Risk Density is still high and has not changed significantly from last years report.

Even though we find more vulnerabilities in the Infrastructure layer the risk is certainly living in the application layer. This is due to the “snowflake effect”; every application is unique, developed in a stand alone fashion and serves a unique purpose as opposed to infrastructure which is commoditised and much more uniform.

Change and uniqueness certainly introduces additional risk. Internal, non public application layer security is worse; 24.9% of all discovered vulnerabilities are High or Critical Risk. 

"Zeroday" Vulnerabilities are a myth for most part:

Most of the vulnerabilities discovered are from between 2011 and 2015. Believe it or not, the majority of vulnerabilities discovered out there are between four and seven years old. According the the Verizon DBiR (2018) the majority of breaches are also as a result of exploitation of old, known vulnerabilities!!




Vulnerabilities or bugs in software may enable cyber criminals to exploit both Internet facing and internal systems. Fraud, financial, data & identity theft, and denial-of-service attacks are often the result, leaving companies with serious losses or damage to their reputation.

However, some of these issues can be easily avoided or at least mitigated. This document discusses all of the vulnerabilities discovered by edgescanTM over the past year – during 2017.

The vulnerabilities discovered are a result of providing “Fullstack” continuous vulnerability management to a wide range of client verticals; from Small Businesses to Global Enterprises, From Telecoms & Media companies to Software Development, Gaming, Energy and Medical organisations.

The statistics are based on the continuous security assessment & management of thousands of systems distributed globally.


Eoin Keary, CEO of edgescan, tells ITSPmagazine Their Story

"Security is everybody’s problem now," says Eoin. "It is getting attention at the board level; you need to get yourself into these meetings, and you need to be prepared to present metrics."

Prefer to listen? Here’s the podcast version.

edgescan ulster.jpg

Payment Services Directive (PSD2)
Opening the doors to a secure business

Designed to improve choice for customers, create more competition and stimulate innovation, PSD2 will drive fundamental change in the way we bank. The move to the digital marketplace is no longer an aspiration, but is a necessity for financial institutions to stay relevant or competitive. As part of this evolution, new risks need to be considered in relation to regulatory compliance, privacy, liability and a new attack surface for cyber criminals. These risks are not necessarily greater but different, and need to be treated as such. Success in this new era will be dictated by banks and FinTech’s which maximise API integration with third parties in a secure manner. This paper explores some of the fundamental changes that underpin PSD2 and the security model that is changing with it.

More Videos and Webcasts With Edgescan

Robert Feeney from Edgescan shares tips w/ Sean Martin to help researchers stand out

In this new episode of An InfoSec Life, Robert Feeney, a senior security consultant at Edgescan, speaks to fellow security researchers and security consultants about what they can do to differentiate themselves from the pack; how can they excel in the industry. In addition to speaking to his peers, Robert shares a lot of solid information that should help the managers of these individuals working in the industry as well.

Of the topics presented, events and organizations were a key part of the conversation, especially given that this chat took place during OWASP AppSec USA 2017 following his presentation on successful automated application scanning techniques. Robert highlights that it is important to join groups like ISACA, ISC2, and OWASP and to also attend their events: national, regional and local events. Robert also suggests that it’s important to move beyond basic event and conference attendance and to consider speaking at these events as well.

  Recent Contributions to ITSPmagazine

  Their Story Articles and Podcasts

  Where Can You Find Edgescan?