Brad Pierce

Brad is the director of network security for HORNE Cyber where he focuses on leading the advanced penetration testing teams. Brad has more than 10 years of experience in network deployment, management, support and security.
Find me on:

Recent Posts

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Topics: Executive Insights

Oct 3, 2018 8:55:29 AM

What Cyber Insurance Is Not

The topic of cybersecurity insurance seems to be on the radar of most organizations I speak with. There are a lot of questions around how much coverage is needed and what exclusions one should be on the lookout for when purchasing a policy. I usually try to use this as an opportunity to talk about what a cyber insurance policy is not, and I’ll get to that later.

Topics: Cyber Insurance

Mar 6, 2018 10:30:00 AM

Choosing the Right Security Option for Your Organization

Cybersecurity in layers has been the go-to security model for some time now. There’s no one solution that will properly secure your organization’s network and sensitive information. In today’s environment, it takes an orchestra of teams, tools, and active threat detection and prevention operations to properly secure your organization from an attacker. It has become very clear that traditional layers, such as anti-virus, firewalls and monitoring tools, are just not enough. Attack emulation is a critical security layer that not only focuses on known vulnerabilities but also shows what a real attacker could do to your organization. If you are serious about finding your organization’s security weaknesses and resolving them, you’re likely going to need help from a third-party.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, Security Budget, Executive Insights, Good Enough Cybersecurity

Jun 13, 2017 10:03:00 AM

Why an Engaged C-Suite Matters in Improving Cyber Security

In a recent article, I talked about how the C-Suite can get past not being technical and take an offensive mindset to cyber security. I think the big message there was to get involved. Part of an organizations IT leadership and consultant’s responsibility is to provide logical explanations of the threats and vulnerabilities that exist and how they can impact confidentiality, integrity, and availability of an organization’s operations, and the C-Suite should want to hear about it. It’s also important to understand the level of effort it takes from your team to mitigate and remediate threats and vulnerabilities so that you can begin to evaluate if you need to make a decision such as realignment of staff or finding a 3rd party partnership.

Topics: Executive Insights

Mar 9, 2017 9:42:19 AM

Why "I'm Just Not Technical" is No Longer an Excuse in the C-Suite

I cannot tell you how many board presentations and meetings I have been in and heard "I am just not technical". Not being “tech savvy” is no longer a valid excuse to not understanding the threats your organization faces and what needs to be done to provide protection. If you are in the budgeting, decision making or approval process of technology in your organization, you have no choice.

Topics: cyber risk

Feb 9, 2017 9:50:52 AM

You've Been Breached. Think It Won't Happen Again?

There’s a popular saying in the cybersecurity space, “There’s two types of organizations, those that have been breached and those that don’t know they’ve been breached.” In working with organizations that know they’ve been breached, I’ve noticed a very alarming fact. It’s not their first breach! This left me wondering why and how? How can an organization suffer from one breach and have a second or third similar breach? What did they not learn from the initial breach that would leave them vulnerable to similar subsequent breaches? One of the common themes we see is that they “handled” the first breach themselves or they hired a security consultant with little to no experience in incident response that focused on recovery and not fully understanding how the attack was carried out. This is a very scary reality that we are seeing more and more daily. 

Topics: incident response

Dec 8, 2016 10:00:00 AM

What Should You Learn From Your Penetration Test?

Having a true advanced penetration test performed on your organization’s infrastructure is one of the fastest ways to gain valuable insight on the state of your security posture. It provides quick situational awareness around where your weaknesses are and *should* provide you with a roadmap on how to approach remediation. In working with clients, one thing we are realzing is that many of our clients believe they have been getting an "advanced penetration test" for years, when in fact they have not. Below are a few hints on how to know if you are truly getting a penetration test worth value to your organization. 

Topics: Penetration Testing, cybersecurity, advanced penetration testing