Kickstart Your Career as an IAM Integration Consultant

Despite your education, qualifications, and solid past experiences, landing a position can feel nearly impossible, especially when also managing a…
News Article

Focal Point Data Risk Names New CFO

Focal Point adds recognized financial leader Louise Lopez to executive team, appointing her as the Chief Financial Officer. Louise joins Focal Point for MGT of America Consulting and PricewaterhouseCoopers.

Tips for Improving Data Privacy Conversations in the Boardroom

When you add up business disruptions, productivity and revenue losses, settlements, fines, and penalties, the average cost to a company not compliant with data protection, state, federal, international, or industry regulations is around $15 million. With a skyrocketing number of new data protection laws (e.g., the CCPA, the GDPR, Japan’s APPI, and China’s National Data Protection Standard), your board of directors can no longer afford to ignore data privacy. While board members have a duty to protect their organization, their longstanding view of compliance as an expense to be minimized (with the average compliance program costing $5 million) has led many boards to de-prioritize investments in data protection. This short-sighted strategy can create a number of serious risks for your organization. As a Chief Privacy Officer (CPO) or security, legal, or compliance leader, you are now responsible for educating your board on your organization’s approach to data privacy, the impact of privacy risk on the business, and the potential negative outcomes of not investing in privacy. To help facilitate better board-level conversations around data privacy, we’ll address the common misconceptions board members have about data privacy, tips you can leverage when addressing the board, and ways to improve conversations around data privacy in the boardroom.

Jeremy Archer

Jeremy is the Director of Focal Point’s Penetration Testing practice, with over 20 years of information technology and security experience.

How to Build Obfuscated Macros for your Next Social Engineering Campaign

Attention, pen testers: Are you looking to run a phishing campaign that puts your antivirus software to the test? Then this post is for you. In this post, I will guide you through how to build a malicious obfuscated macro in a Word document. I know you may be thinking that there are plenty of tools that generate Visual Basic for Applications (VBA) for macros, but many of these are either without any obfuscation or already have built-in automatic obfuscators and are often detected or removed by antivirus software. This post will demonstrate how to leverage different tools and techniques to create an obfuscated macro that evades antivirus software. This method will give you ideas on how to execute a social engineering campaign that really puts your people, not just your antivirus software, to the test.

Corey Gant

Corey is a Director with Focal Point’s national Data Privacy practice and has more than 12 years of experience in both leading and supporting governance, risk and compliance initiatives.

Ashlee Holt

Ashlee Holt is a Director in Focal Point’s Internal Audit Practice, bringing over 12 years of experience in managing and supporting the project planning and execution of dynamic audit initiatives.

Louise Lopez

Louise is the Chief Financial Officer for Focal Point, bringing over 25 years of experience in public accounting, budgeting and planning, and business operations.

How to Build a Cheap Active Directory Pen Test Lab in AWS Without Any Effort

The Problem Whether you're brand new to penetration testing or have some experience under your belt, you want to have a safe environment where you can learn and practice the use, exploitation, and remediation of vulnerable software and unsafe configurations without exposing yourself or your clients' systems and networks to unnecessary risks. You need a cheap environment that's easy to set up, access, and maintain, as well as to blow away and rebuild. One without licensing headaches that your entire team can access from anywhere, but still mimics a real enterprise Active Directory domain.
New Search