Penetration Testing:
2nd Sight Lab specializes in penetration tests for SAAS applications and applications hosted in cloud environments, with a special emphasis on AWS as Teri Radichel is an AWS Security Hero. We have performed in-depth penetration tests for customers in financial, health care, retail, telecom, government, technology, energy, and real estate sectors.
We dive deeper:
Our penetration tests go beyond scanning to find the vulnerabilities that scanners do not find. Our approach combines use of popular penetration testing tools, proprietary tools, manual testing, and reverse engineering to find as many vulnerabilities as we can in the time allotted.
Customer Objectives:
We focus on customer objectives while also providing a broad range of testing for common vulnerabilities and misconfigurations.
Services Performed:
Cost:
We work on a project fee basis which is defined by the number of hours for the project at $200 per hour, minimum 60 hours. Half is billed up front and half when the report is delivered.
Credentials and Qualifications:
Hire us:
To hire 2nd Sight Lab for a penetration test please note these restrictions which we take to keep our customer data secure:
Step 1: contact Teri Radichel on LinkedIn. That is an important part of our process.
Step 2: Once we've established that your penetration test is something we can handle via a conversation on LinkedIn, we will provide a link to schedule a call. We do not use Zoom, Teams, or any other online video or VOIP platform for communication. Initial contact is via a telephone call only.
Step 3: After discussing your project we will send you a worksheet to help us understand the scope of your project which is quite simple. How many domain names, systems, cloud accounts, applications, and authentication methods do you want us to test? What is your primary objective and what systems are out of scope?
Step 4: Once we understand the scope, we send you a contract which you can review and we can adjust as needed to meet your needs, within our defined project boundaries.
Testing Process:
Upon receipt of a signed contract we send you an invoice. Upon receipt of a paid invoice (for new customers) we proceed with the following steps.
If required, we can schedule one kickoff call or video and one call or video at the end of the project. Many customers do not require those meetings but some do.
We send instructions to securely exchange information and credentials. While exchanging credentials 2nd Sight Lab sets up a test environment specifically for your test. Once we have exchanged all the necessary information we are ready to begin!
Testing usually begins on the date specified in the contract presuming all requirements have been met and no unforeseen complications arise.
The length of the test will be 3-4 weeks for a single account and one application with one login. If there are multiple accounts and multiple authentication methods the time may vary. We've done projects anywhere from 3 weeks to a few months depending on the scope.
We communicate with customers and provide updates throughout the test, minimally once per week but more often when questions or issues arise.
We generally start with OSINT and scanning, followed by a deeper dive based on the information we uncover, and finally we generate the report and integrate our analysis into all findings. We are in the process of working towards generating the report as we test but for now the report generation generally comes at the end. But we provide information about any critical vulnerabilities along the way.
We try to validate each finding as much as possible and, if warranted, provide specific screenshots, advice, or the steps we took to find and exploit the vulnerability. When it makes sense, we provide holistic, architectural solutions to problems rather than the steps to fix a single vulnerability that is repeating itself throughout an environment.
In the end we deliver the report for the client to review. Upon acknowledgement of receipt and no immediate issues, we send the final invoice.
Testing vulnerabilities once they have been fixed is available for hourly rates upon request after the test is complete.
We are always happy to answer questions, clarify, or fix any mistakes or misunderstandings in our report. We tend to err on the side of caution but if a customer feels they have an adequate mitigation in place or doesn't feel that a finding is an issue, we can either remove the item from the report or note the mitigation or move it to the appendix depending on what is appropriate.
Security Research: https://medium.com/cloud-security
Contact: https://linkedin.com/in/teriradichel
2nd Sight Lab specializes in penetration tests for SAAS applications and applications hosted in cloud environments, with a special emphasis on AWS as Teri Radichel is an AWS Security Hero. We have performed in-depth penetration tests for customers in financial, health care, retail, telecom, government, technology, energy, and real estate sectors.
We dive deeper:
Our penetration tests go beyond scanning to find the vulnerabilities that scanners do not find. Our approach combines use of popular penetration testing tools, proprietary tools, manual testing, and reverse engineering to find as many vulnerabilities as we can in the time allotted.
Customer Objectives:
We focus on customer objectives while also providing a broad range of testing for common vulnerabilities and misconfigurations.
Services Performed:
Cost:
We work on a project fee basis which is defined by the number of hours for the project at $200 per hour, minimum 60 hours. Half is billed up front and half when the report is delivered.
Credentials and Qualifications:
- 25+ years of experience in software and security
- 13 cybersecurity certifications including advanced penetration testing and a GSE
- Master of software engineering and master of information security engineering
- SANS Difference Makers Award for security innovation
- AWS Security Hero
- IANS Faculty
- Original SANS Cloud Curriculum Board of Advisors
- Provided cybersecurity training to students around the world through SANS Institute and 2nd Sight Lab
- Security Presentations at RSA, OWASP Appsec Day, AWS re:Invent, AWS re:Inforce, ISACA Congress, SANS, IANS, B-Sides, Serverless Days, Microsoft Build, London, Melbourne, Hamburg (remote), India (remote), and numerous US and Canadian locations.
- Ran an e-commerce consulting business when e-commerce was just starting
- Architected and developed a website for an e-commerce startup that grew from $5,000 per month to over $2M in revenue
- Built back office systems for systems processing billions of dollars of assets under management at an investment bank
- Helped one of the most prominent retail companies in the US architect a solution to convert a COBOL System to SQL correcting a $300K per month overpayment in sales tax
- Architected a SAAS cloud version a firewall product for a security vendor and helped with initial cloud migration
- On the original cloud engineering and then security team of the first major US bank to move to AWS
- Pioneered cloud security solutions for organizations, in presentations, white papers, blogs, and a book on cloud security for executives
Hire us:
To hire 2nd Sight Lab for a penetration test please note these restrictions which we take to keep our customer data secure:
- We primarily work only with companies in the US unless we have a known contact at a foreign company.
- We require a C-Level executive to sign a contract in most cases.
- We do not work through third-parties for the security of our clients.
Step 1: contact Teri Radichel on LinkedIn. That is an important part of our process.
Step 2: Once we've established that your penetration test is something we can handle via a conversation on LinkedIn, we will provide a link to schedule a call. We do not use Zoom, Teams, or any other online video or VOIP platform for communication. Initial contact is via a telephone call only.
Step 3: After discussing your project we will send you a worksheet to help us understand the scope of your project which is quite simple. How many domain names, systems, cloud accounts, applications, and authentication methods do you want us to test? What is your primary objective and what systems are out of scope?
Step 4: Once we understand the scope, we send you a contract which you can review and we can adjust as needed to meet your needs, within our defined project boundaries.
Testing Process:
Upon receipt of a signed contract we send you an invoice. Upon receipt of a paid invoice (for new customers) we proceed with the following steps.
If required, we can schedule one kickoff call or video and one call or video at the end of the project. Many customers do not require those meetings but some do.
We send instructions to securely exchange information and credentials. While exchanging credentials 2nd Sight Lab sets up a test environment specifically for your test. Once we have exchanged all the necessary information we are ready to begin!
Testing usually begins on the date specified in the contract presuming all requirements have been met and no unforeseen complications arise.
The length of the test will be 3-4 weeks for a single account and one application with one login. If there are multiple accounts and multiple authentication methods the time may vary. We've done projects anywhere from 3 weeks to a few months depending on the scope.
We communicate with customers and provide updates throughout the test, minimally once per week but more often when questions or issues arise.
We generally start with OSINT and scanning, followed by a deeper dive based on the information we uncover, and finally we generate the report and integrate our analysis into all findings. We are in the process of working towards generating the report as we test but for now the report generation generally comes at the end. But we provide information about any critical vulnerabilities along the way.
We try to validate each finding as much as possible and, if warranted, provide specific screenshots, advice, or the steps we took to find and exploit the vulnerability. When it makes sense, we provide holistic, architectural solutions to problems rather than the steps to fix a single vulnerability that is repeating itself throughout an environment.
In the end we deliver the report for the client to review. Upon acknowledgement of receipt and no immediate issues, we send the final invoice.
Testing vulnerabilities once they have been fixed is available for hourly rates upon request after the test is complete.
We are always happy to answer questions, clarify, or fix any mistakes or misunderstandings in our report. We tend to err on the side of caution but if a customer feels they have an adequate mitigation in place or doesn't feel that a finding is an issue, we can either remove the item from the report or note the mitigation or move it to the appendix depending on what is appropriate.
Security Research: https://medium.com/cloud-security
Contact: https://linkedin.com/in/teriradichel