What is the Offensive Security Certified Professional (OSCP) Certification? The Offensive Security Certified Professional certification, or OSCP, is an ethical hacking certification that demonstrates proficiency in penetration testing using Kali Linux tools. This test can be undeniably grueling if you are ill-prepared, with nearly 24 hours of hands-on keyboard hacking followed by another 24 hours of documentation/report writing.

If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third party or have ceased providing services, recent incidents prove you’re still at risk, making effective third-party risk management (TPRM) a must to avoid what could be disastrous consequences.

You may feel confident that your organization has a mature cybersecurity program if you’re able to thwart the vast majority of threats through established practices and procedures. However, despite those efforts, even amongst the most secure of organizations there is still the ever-looming threat of the legendary Advanced Persistent Threat (APT). Furthermore and unfortunately, it’s difficult to ascertain if you’ve been compromised by one. Thankfully though, it is possible to simulate an external APT attempting to breach your organization’s perimeter through a red team exercise.

It's no secret: many organizations view and treat phishing as a periodic checkbox assessment. It’s often a basic email template sent to an entire organization. If someone clicks the link, they are recorded and possibly enrolled in training. While this approach can certainly check the “quarterly phishing exercise” box, you should consider demanding even more from your phishing assessment. After all, when you engage with a third-party provider, they should provide both depth and value within their specialization.

Being HIPAA-compliant means that a healthcare provider has adequate measures in place to protect patient data. In recent years, there has been an alarming growth in the number of data breaches targeting the healthcare industry, and more breaches have meant more (and more serious) consequences for the affected provider.

Web applications grow and evolve each year. There’s always a new feature, a new API, and a new way of doing things. These constant changes may introduce some form of vulnerability, which is not ideal when web applications often sit on your external network. This makes web applications an ideal vector for an attacker to migrate into your internal network or compromise customers. Therefore, any web application test deserves an adequate level of thoroughness and attention. Below, we’ve provided a list of questions you should consider asking prospective pen test providers to ensure the most effective web application pen test experience.

TAMPA, Fla. – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce the appointment of Preeya Voss as its new Chief Revenue Officer. Voss brings nearly two decades of experience in SaaS and services revenue leadership, with a proven track record of driving transformative growth across diverse industries and customer segments.

*Disclaimer: This article was written using a translated copy of the South Korea AI Basic Act* After the European Union paved the way for creating a legal framework for artificial intelligence (AI) in early 2024, many wondered what government or jurisdiction would follow. The year continued with discussions on how to best implement AI governance and debates on where the line stands between sufficient governance and proper opportunity for creativity in the technology industry. Fast forward a couple of months, as the world prepared to welcome in the new year those questions were finally answered. In late December 2024, South Korea stepped forward proposing their own legislation regarding AI. By January 21, 2025, they became the second entity to propose AI regulation with the passing of the AI Basic Act. To address the obvious next question of when these regulations will be enforced, the enforcement date stands as January 22, 2026, giving organizations roughly a year to prepare. It’s also worth noting that this act contains six sections with 43 articles, and we've outlined the key points below.