Alex Haynes is an independent researcher with a background in offensive security. He is credited for discovering vulnerabilities in products by Microsoft, Adobe, Pinterest, Amazon Web Services and IBM. He is a former Top 10 ranked researcher on Bugcrowd and a member of the Synack Red Team. He is also a frequent contributor to InfoSec publications and speaks regularly at conferences on the topics of offensive security, vulnerability management and crowdsourced security. He is currently the CISO at IBS Software.
Every year at the bevy of conferences that dot the Information Security landscape you can always detect an inherent theme. This may be influenced by acute threats (i.e., Ransomware), a new regulatory environment (i.e., GDPR) or even just a sudden change in how we work, as we all experienced during the pandemic. The issue Zero … Read more
During the build-up to the illegal invasion of Ukraine in February of 2022, there was consternation among information security professionals about what would happen on the cyber front. The prevailing groupthink at the time was that if countries in the West imposed sanctions, then they would suddenly be subjected to blistering Russian cyber-attacks that would … Read more
Third-party onboarding today isn’t easy and with the rise in supply chain attacks, the importance of auditing and ensuring your third parties won’t impact your infrastructure from a security perspective remains a burning issue. Many companies still maintain a tick box approach when onboarding or managing third parties and mainly consist of sending out questionnaires … Read more
The Russian invasion of the Ukraine was bound to have a part of the conflict rooted in cyberspace. The rise of crowdsourced security in the current war has taken an interesting turn.
At 2:25pm, on the 9th of December 2021, an infamous (now deleted) tweet linking a 0-day proof of concept exploit for the vulnerability that came to be known as ‘Log4Shell’ on github (also now deleted), set the internet on fire and kicked off a holiday season of companies scrambling to mitigate, patch and then patch … Read more
As we enter National Cybersecurity Awareness Month, it’s easy to forget that your personal security posture in your home environment is just as important as your enterprise environment. There’s so much focus today on enterprise security that it’s easy to overlook something that can have as much impact on your day to day as in … Read more
Over the past year, online gaming has been extremely popular, boosted by the many people in various parts of the world who were stuck at home during lockdown, but still keen to engage in social contact. These social interactions based in virtual worlds resemble our own and the research presented below is based on the … Read more
Endpoint security has evolved drastically over the past 10 years. While previously it only referred to ‘anti-virus’ and typically only on workstations, endpoint security has been replaced by a bewildering array of options that can do dozens of things. With the increase in options, we naturally get an increase in complexity, and combine this with … Read more
Long ago, before GDPR, there was a class of technology called DLP that claimed to solve all your data leakage and data protection issues. An acronym that stands for “data loss prevention” (it can also be referred to as “data leakage protection” or “data loss protection,” depending on who you are talking to) was supposed … Read more
There has been a lot of publicity surrounding ‘bug bounty’ programs that pay out seemingly large rewards for finding vulnerabilities in web applications. This trend has increased over the years as crowdsourced security programs have matured since their inception almost 10 years ago and their adoption has become mainstream. Should we pay out large sums … Read more
