From a security perspective, workstations (desktops, laptops, smartphones) can never be completely controlled, equating to a plethora of possible breaches CISOs must foresee and navigate. Simply advising employees to be wary of predatory behavior from unknown attackers is not sufficient. Knowing a) what to protect, b) which possible dangers exist and c) who the hypothetical attackers are, is necessary for every CISO.

A new internal portal in a bank was running smoothly. Then a trusted site host suspended their services because of unpaid invoices. Project lead Jessica just thought they had mixed up their bookkeeping. What no one could have imagined was that a banking Trojan had found its way between the transactions. This customer story may have happened somehow, somewhere. Welcome to the world of cyber noir.

Bug bounty programs have proven to be a great addition to an organization’s cybersecurity palette. Yet, the concept is still rather unknown and faces a lot of prejudice. Is ‘bug bounty hunter’ just a nice new name for a hacker with good intentions? Are bug hunters stealing security consultants’ jobs? Our very own Cybersecurity Consultant Joosua Santasalo is ready to break some common misconceptions about bug bounty hunting.