Blog

CRTO vs. CRTE

Posted on 2023-05-05 by Nathan Jarvie in Certifications

Late last year I was looking into “What happens next?” after OSCP and PNPT certifications, and it is common to hear from those in the industry that the next step for network penetration testing is to complete Certified Red Team Operator (CRTO) or Certified Red Team Expert (CRTE).

But what I discovered is that while there are many blogs about each one, there are surprisingly few that compare the two directly. So I set out to remedy this issue.

I will try to keep it brief…

Continue reading

Initial impressions of the NIST Cybersecurity Framework version 2.0 draft

Posted on 2023-04-27 by Matt Strahan in Compliance

The latest draft of NIST Cybersecurity Framework (NIST CSF) has just been released! This is the first preview of the new 2.0 version of the framework that updates the hugely successful framework. The draft follows from a Concept Paper released at the beginning of the year. The final version is due to be released in 2024.

This post will go over the main changes that I can see and gives my initial impressions on the good and the bad.

Continue reading

Penetration test, red team, vulnerability assessment... what???

Posted on 2023-04-20 by Alexei Doudkine in Industry

You’re probably here because, like many others, you’ve gone out looking for offensive cyber-security services only to be give a bunch of buzz words that don’t really describe what they are or what they mean for you. Fear not; in this post I hope to demystify the most common ones, in simple terms and explain the benefits and shortcomings of each. I’ll also give a few examples of when each one would be useful.

Continue reading

Hacker Origin Stories: Yianna Paris

Posted on 2023-04-14 by Volkis in Feature

Welcome back to Hacker Origin Stories! We’re excited to continue sharing personal experiences from professionals in the hacking and cybersecurity industry. Our goal is to highlight the diverse paths individuals take to get where they are today and motivate the next generation of hackers to join in.

In this instalment, we’ll be diving into the story of Yianna Paris. From retail to co-founder of a web development business to packaging designer to teaching assistant to security engineer. She’s here to share her story and inspire you with her journey.

So, without further ado, let’s jump right in!

Continue reading

Our first growing pains

Posted on 2023-03-21 by Matt Strahan in Volkis News

Earlier this year Alexei and I were staring at the screen, looking at a report that was less than flattering for the company. The reading of the report was simple: we were doing less billable work than we expected.

Unpacking the what and why of this problem drove us to change our processes and hire our first dedicated project coordinator.

Continue reading

Questions for a certification addict

Posted on 2023-03-01 by Nathan Jarvie in Industry

Recently I have encountered a few people in various channels ask about how to approach certifications. Common questions like:

• How/Why do you study?
• Should I do this exam?
• How long will it take me to study for X exam?
• How many attempts did it take you to pass?
• I hear this exam is difficult. How difficult is it?

And other questions that are near impossible to answer in a universally accurate way. I want to address these questions as they are often less helpful than people think.

Continue reading

Report Ranger roadmap

Posted on 2023-02-23 by Matt Strahan in Volkis News

When we started Volkis, Alexei and I had a big ranty discussion on how reports should be done. The next day I hacked together a PoC. We looked at it and went “damn, we already like this better than what’s already out there!”

Fast forward three years and Volkis is now more than just Alexei and I. That PoC ended up as Report Ranger and we’re still using it internally. Each time I ask “is Report Ranger still working for us” the answer seems to be “yes”. I follow that up with “are you sure?”, worried that they might just be trying to be nice and not hurt the feelings of the Managing Director and they still say “actually yes, I really like it!”

Part of the advantage of using our own internal tool for reporting has been the flexibility. Much of the functionality that Report Ranger has now was put in for a specific use case. We need a report that has charts, so let’s just put charts into Report Ranger. Wouldn’t it be good to have it read a spreadsheet and automatically generate our compliance report? Report Ranger can now do just that. Recently we had a report that needed two sections with separate groups of vulnerabilities and so now that change has been put together. All these breaking changes were fine - we just posted a message on our company Slack channel to give everyone a heads up and that was that.

There’s a big issue that has now cropped up though. Report Ranger is an open source project is now being used outside of Volkis. Ah well, there goes our fun. We have to start doing stuff properly!

Continue reading

Hacker Origin Stories: Alexei Doudkine

Posted on 2023-02-23 by Alexei Doudkine in Feature

Welcome to the first episode of Hacker Origin Stories. We have started this series to create a space where professionals can share their own personal experiences about their journey into hacking and cybersecurity. The aim is to showcase the many different paths into the industry and inspire the next generation of hackers to carry the torch.

This origin story has been written by Volkis co-founder, Alexei Doudkine.

Let’s get into it.

Continue reading

The three questions boards should ask to manage cyber risk

Posted on 2022-11-25 by Matt Strahan in Business Security

If you were a company director and you could ask three questions to judge the cyber security of the organisation, what would they be?

Continue reading

From SysAdmin to Pentester - Part 5 - OSCP vs PNPT

Posted on 2022-10-31 by Nathan Jarvie in Certifications

Part 5 of the Sysadmin-to-Pentester series is a comparison between two entry level penetration testing certifications. Offensive Security’s Certified Professional (OSCP) and TCM Security’s Practical Network Penetration Tester (PNPT). While both have their merits, they focus on different elements and provide different experiences. Deciding which to go for can be a challenge.

Continue reading