Hello and welcome to the RM Information Security blog
Our blog is a collection of thoughts, templates and ideas that can be adopted by organisations to improve information security.
We decided to produce this blog based on more than 10 years of experience carrying out penetration tests and security consultancy for a wide variety of different clients of all sectors and sizes. Whilst we can’t comment on the individual projects we have drawn conclusions from our findings and decided to create several blog series to address some of the common flaws we see.
Whilst the principles we discuss form the basis of any robust security programme, each series is purposely focused on simple concepts and practical guidance for implementing changes. Our aim is to demystify a complex subject and hopefully inspire and empower businesses to improve security.
Who should read this blog?
We have intentionally focused our attention on the practical solutions that impact corporate IT Security and will step you through a number of key principles, based on our findings, that will help you to either start your information security journey or improve on the controls currently in place.
People who will find this blog a useful resource:
- Business owners and executives
- IT Managers / Project managers / Developers
- Technology Students
- Technology Journalists
A little bit about me
Having worked in various IT Security roles for large organisations (including Head of IT Security within a FTSE 100 business) I am well placed to provide proven advice on what works. My approach to security has always been about technical action over documentation and as such these posts contain realistic recommendations that can be implemented into practically any type of business. The controls and advice contained in each series have been implemented, tested, and improved over years and years.
I am fortunate to have co-founded RM Information Security where our passion is delivering business-focused, high-quality security assessments. Our experience spans all aspects of Information Security including traditional penetration testing and more complex application security testing, security consultancy, architecture reviews, security programme development, firewall rule audits, security configuration reviews, policy reviews, and delivering educational workshops.
Mark Wityszyn