Author Archives: Scott Lyons

The Post-Audit Slump and What You Can Do About It

Coming from several large corporations that needed to attest to PCI DSS compliance annually, as well as being a QSA in a few former lives, I’ve seen my fair share of the post-audit slump. You know what I’m talking about; it’s the, “Wow! We completed our audit! Let’s take the next 11 months off to focus on other business needs and we’ll ramp back up during month 11.” Sure, you may not word it exactly like that; but more often than not, that’s exactly what happens.

Dead Mail

There are a couple major problems with “taking a break” after an audit. Firstly, in the case of PCI DSS, there are daily requirements to meet: log review being the frontrunner. On more than one occasion I’ve assessed a company several years in a row and usually between the first and second year the company’s had trouble proving they do daily log review – especially if they’re not really setting up alerts around it. The more humorous ones are the SIEM/SOC folks who have a daily digest sent to a folder in their mailbox. I’ll show up on year two and find 300-something unread emails.

read more

QSA’s are friendly… As long as you pick the right one… (Part 2)

QSA Partner. Continuation from Part 1…

Selecting a QSA partner

Back to the joys of selecting a QSA partner!  I know when I contact them they are all going to want to know a lot of details about my business, including technical configurations.  This is because of a PCI audit like many other audit frameworks needs to verify the policy and configuration details of just about, every component of your business and networks to properly scope the amount of work for your environment.  This includes standard server images hardening process to firewalls, antivirus, change management, software development, physical access, visitors, vendors, policies, etc.

read more

NIST 800-171 requirements for contractors

Meeting NIST Requirements while using SaaS Software.

December 312017, Organizations who process, store, and transmit Controlled Unclassified Information (CUI) need to comply with NIST Special Publication 800-171.  The question organizations need to consider is what does it mean for their SaaS Applications? How do you do it in the “bring your own cloud,” (BYOC) world we live in? I am going to walk you through critical things you need to think of for SaaS applications about as you go through this.

read more

QSA’s are friendly… As long as you pick the right one… (Part 1)

It’s that time again. Yes, time to find this year’s auditor.  You’d think that after 10 years of contacting, meeting with, planning and doing in-depth level 1 audits for multiple customers per year, for ZZ Servers a managed private cloud provider for PCI & HIPAA businesses, finding a Qualified Security Assessor (QSA) to work with would be easy.  Maybe it would be especially easy because, before ZZ, I was a PCI QSA doing the level 1 audits/code reviews/penetration tests myself!

read more

Wannacrypt and what you might wanna do for HIGHTRUST and PCI environments

“WannaCrypt (a.k.a. WannaCry) is the name of a malware used in the May 2017 global ransomware attack targeting Microsoft Windows operating systems via known vulnerabilities leaked by The Shadow Brokers.

Through extensive research, it was found that the malware sends an HTTP request to a seemingly random domain name in the early stages of its execution. If the HTTP call fails, the malware encrypts the user’s files, requests ransom, and will spread to other vulnerable machines. If the HTTP call is successful, the malware exits, halting encrypting files and spreading itself.”


read more

OWASP Top 10 Vulnerabilities List is Changing

OWASP!!! RUN!!!!

OWASP is changing their TOP 10! Ok, so this really isn’t as serious as I thought, but, wait, what is that? IT IS!  Whether IPv4 or IPv6, common vulnerabilities can be found all over the place. OWASP, is finally updating their Top 10. So let’s look at some of the finer points.

read more

First Impressions of ITPro’s Studio – Get a Discount

Getting There

Recently, the Red Lion team paid a visit to studios in Gainesville, FL using a “party bus” set up by the company’s leaders Tim Broom and Don Pezet. Once there, the entire staff greeted us.


ITPro’s journey didn’t start out as flashy as they are today.  To get to their current setup, they transitioned from a closet, then a warehouse, finally to their current 10,000 sqft facility.  The first thing they did after moving in was to tear up the ground and re-lay the subfloor. They also laid pipes from the control center to each of the 5 “pods”/studios. This allows for the running of extra needed cabling to and from the control center. Then, they equipped each pod with soundproofing foam squares, overhead scaffolding, lighting, and cameras.  The best part is that the control center can control all pods at the same time.   And, all sets are built for maximum flexibility to fit the needs of their presenters.


Why this is important?

This configuration is “typical” for most production studios. However, keeping the offices on the production floor allows for massive flexibility and a “Wow this is cool!” factor that is off the charts.

What does do?

ITPro services the needs of the information security community in many forms. From being the Sherpas of solid technical content to enabling the career changing transformation of all people that want to better themselves, ITPro is the place to start. Their price as of the time of writing is $570 for the year or $57 per month with no annual commitment! This pales in comparison to the SANS Training at ~$5000/course. That being said, this is not a replacement for the boot camp style of training that most look forward to (and other dread). This can be an economical option for tight budget constraints, or someone with an individual desire to learn.

Get Involved

ITPro’s offerings can be found in their course catalog. They have a free trial that will allow you to sign up and start viewing content. Sign up today and start changing your career.

Discount Code

For being a Red Lion regular you get 30% off on your subscription to when you use the Discount Code: RedLion.

read more

Red Lion Hires Joshua Marpet as Chief Operating Officer

Learn More About Josh

Red Lion would like to announce the new hiring of Joshua Marpet to the position of Co-Founder / COO. A bit about Josh:

“Joshua Marpet is an accomplished speaker, long time information, and physical security practitioner, as well as a startup CEO and serial entrepreneur. He has presented on topics ranging from Facial Recognition to National Security, to audiences from government agencies and multinational private companies. His research encompasses Digital Forensics, business security maturity, and how not to start an information security business. His conference, Security BSides Delaware, is one of the oldest and largest BSides conferences (shameless plug!!), and he’s exceedingly proud of it. In the venture capital and entrepreneurship world, Josh is also a super-connector. Josh strives to push himself to new heights with every venture and helps all that he can along the way.”

If you want to know more or reach out to Josh, you can email him at

read more

NEMA – Electro Industry


Read the full magazine below. Our article starts on page 11:

[pdf-embedder url=””]

read more

AIDE – Appalachian Institute Of Digital Evidence

Posted from: AIDE Website

The legal, IT, business, military, and intelligence communities struggle to keep pace with this flood of technology and to adequately understand the nuances of digital evidence. To serve the public good, practitioners in a variety of disciplines must cooperate and keep current when it comes to technology and the law.

The Appalachian Institute of Digital Evidence is a regional not-for-profit organization dedicated to serving the legal, technical, public sector, and business professionals for whom digital evidence is part and parcel of their work. The AIDE exists to help network administrators, digital forensics practitioners, law enforcement, and legal professionals survive – and even thrive – in the ever-changing landscape where technology and the law meet. Fostering collaboration among practitioners, students, and academics, AIDE aims to improve access to information, develop solutions to practical problems, and narrow the gap between the accessing and use of digital evidence and traditional physical evidence in the law.

Lawyers, judges, digital forensic examiners, network security professionals, and law enforcement personnel are all stakeholders when it comes to digital evidence. AIDE, comprised of three sub-groups (Digital Forensics, Information Security, and Electronic Discovery) is here to serve them.

If digital evidence is a critical part of your profession or field of study, we invite you to join us. AIDE is in its infancy. Help us build a progressive, active, professional organization.

More information about AIDE working groups:

Digital Forensics | Information Security | Electronic Discovery

Josh Brunty, from Marshall University, talks about network forensics at AIDE 

read more
1 2