An Interview with James Morris, Central InfoSec Founder and Principal Consultant: ‘We Help Organizations Understand the Core Foundation of Security and Help Strengthen Security Postures through Offensive Security Testing and Security Training’

“Great online security training course! Gave me all the essentials to perform ethical hacking and penetration testing!”

Studies show that most breaches occur at the web application layer. However, many companies fail to grasp that their web applications and websites are targeted daily, and that a single breach could permanently put their company out of business. Testing the security posture of web applications and websites is crucial businesses. Therefore, every organization should receive web application penetration testing. Central InfoSec helps organizations by finding vulnerabilities in their web applications, websites, and networks before the hackers do!

Central InfoSec performs offensive security testing to help organizations make improvements and to ensure their networks, web applications, and websites are safe from cyber criminals. By referencing real-life scenarios, Central InfoSec educates their clients on the business impact of breaches at the web application layer. Central InfoSec further explains how routine penetration testing could avoid potential breaches.

James Morris, Central InfoSec LLC Founder and Principal Consultant, spoke exclusively to The Silicon Review. Below is an excerpt.

Q. Tell us about the Central InfoSec team.

The Central InfoSec team is staffed with skilled security professionals bringing years of penetration testing, red teaming, exploitation, and web application experience from top organizations, including Fortune 100 companies, the Department of Defense, and U.S intelligence agencies. Central InfoSec focuses on delivering quality security services at affordable prices.

Q. Describe Central InfoSec’s cybersecurity services in brief.

Central InfoSec helps businesses enhance their overall security posture and to minimize cyberattack risks through offensive security testing, web application assessments, managed phishing services, managed vulnerability scanning, resource staffing, GAP assessments, and security training. Central InfoSec utilizes a unique approach to reporting by offering multiple reports that target a wide variety of audiences ranging from executive leadership to application developers, while providing useful information to help developers fix underlying issues.

Q. How does Central InfoSec help protect businesses from cyber-attacks?

Central InfoSec strengthens businesses’ security posture by reducing cyber risk through offensive security testing, penetration testing, web application assessments, managed phishing services, managed vulnerability scanning, resource staffing, GAP assessments, and security training. We even offer a free Capture-The-Flag (CTF) training exercise with 250+ challenges for security professionals to test their skills and learn new security testing techniques.

Q. Are there any specific types of security testing that Central InfoSec likes to focus on?

Web application penetration testing is one of our most demanded service offerings. It is the core of what Central InfoSec was founded upon – helping organizations improve their overall security posture by focusing on testing their web applications.

Q. What is web application security?

Web application security is making web applications and websites more secure by finding, fixing, and enhancing the security of the applications and websites. Application security is getting a lot of attention. We are seeing attackers focus their efforts on web applications and are increasingly targeting web applications with high success rates.

Q. Why do you think hackers focus on attacking web applications and websites?

Many companies do not perform penetration testing targeted explicitly at their web applications. Many of these companies are unaware of cyber threats and do not understand their applications’ cyber risk. Following a unique approach to security testing, Central InfoSec performs offensive security testing to help the organizations make improvements and to ensure their networks and web applications are safe from cyber criminals. Additionally, by referring real-life scenarios, Central InfoSec educates clients on the business impact of breaches at the web application layer. Central InfoSec further explains how routine penetration testing could avoid potential breaches.

Q. Could web application penetration testing prevent cyberattacks?

Web Application Penetration Testing can help prevent successful cyberattacks. The well-known Equifax breach could have easily been prevented. The web application that was attacked had a vulnerability that should have been identified and fixed. Although there was a known patch for the web application vulnerability, the web application was not updated, resulting in a devastating breach.

Q. Is ‘secure coding’ a replacement for penetration testing?

Unfortunately, programmers are not perfect and unintentional mistakes can be made when applications are being developed and updated. Organizations benefit from independent security testing. Routine penetration tests can identify vulnerabilities, help determine the exploitability of vulnerabilities, help gauge the potential impact of vulnerabilities, help access organization risk, help prioritize remediation efforts, help meet regulatory and compliance standards, help explain security concerns to technical engineers and application developers, and help justify security-related initiatives to executive leadership.

Q. How often do organizations need web application penetration testing?

There is no magic number that fits every organization. Routine application testing should be performed to identify potential security vulnerabilities. Annual penetration tests are not enough. Monthly web application penetration tests and weekly vulnerability scanning are much more effective at improving the overall security posture. Web application penetration testing should also be performed for all new applications and after any major application changes.

Q. There are other major players in this segment. How does Central InfoSec distinguish its services and stand out from the rest?

Central InfoSec focuses on providing quality and affordable professional security services while increasing security awareness at organizations. The Central InfoSec team educates clients through security assessments and tailored security training. We want to help organizations understand the core foundation of security and help strengthen security postures through offensive security testing.

Q. Does Central InfoSec have any success stories that you would like to share?

Central InfoSec has uncovered critical vulnerabilities that have been missed by others for years. These seem to happen frequently, and we just recently uncovered vulnerabilities of a web application that had not been found by any previous testing. Hearing many success stories like these from our clients, Central InfoSec is proud to offer superior services. The Central InfoSec team is constantly contributing to the community by sharing its knowledge through blogs, open-source projects, tool development, conferences, presentations, representation at local security meet-ups, and through free Capture The Flag (CTF) training exercises.

Q. An automated check only checks what it has been programmed to check. Is manual testing performed?

Manual testing is a must. No automated scanning tool can replace high-quality security professionals. Utilizing custom-built tools and manual analysis, Central InfoSec’s security experts routinely find vulnerabilities within web applications, including multiple 0-day vulnerabilities allowing direct access to web servers and supporting infrastructure.

Q. Modern cyber-attacks are equally automated. How does Central InfoSec help organizations to fight fire with fire?

In addition to manual penetration testing services, Central InfoSec offers managed vulnerability assessment services, enabling a reduction of risk and safeguarding client’s systems and data.

Q. What is the best way for potential clients to reach out to Central InfoSec?

Potential clients are welcome to check out our website and use our custom contact form to reach us. www.centralinfosec.com

Q. Does Central InfoSec have any new services launching soon?

We have various new online training courses ranging from Web Application Hacking, Penetration Testing, Password Cracking, etc. We are also releasing the Central InfoSec CTF, which contains over 250+ hacking challenges and over 130+ flags to capture. We built a vulnerable virtual machine with 100+ flags and even built a free live scoreboard so challengers can track their progress and compete with others. Challengers can work independently or create teams. Anyone interested to challenge our free training CTF can visit

www.centralinfosec.com/ctf

The Leader at the Helm of Central InfoSec

James Morris is the Founder & Principal Consultant of Central InfoSec LLC. He is a seasoned and experienced leader in Information Security, Risk Management, and Compliance, with a proven history of protecting IT resources and information assets. James used his unique professional security expertise to build a proven process and methodology that helps better secure businesses of all sizes. His creative security solutions and critical thinking saved a single Fortune 100 company over $200,000.00.

As a strategic and well-connected security leader, along with a keen understanding of ROI, James helps businesses address cyber risk through various security support services. He has particular expertise in creating and leading security teams from Fortune 100 companies to top security consultancies, allowing for the reduction of cyber risk at a global scale.

James enjoys providing cost-effective, business-focused, security solutions to organizations of all sizes while reducing overall security risk. He also likes to empower CEOs, CISOs, VPs, Board Members, and other security leaders through penetration testing, vulnerability management services, and security training.

“Central InfoSec offers quality and affordable professional security services while providing security training to increase security awareness at organizations.”