Security site to bookmark: www.lares.com

An elegant way to sell security

Every now and then we need to get a chance to slow down our professional tactical everyday pace and think strategically. For those moments, I propose to visit lares.com. Lares is a boutique-alike security company founded by Chris Nickerson and staffed also by Eric M. Smith. Both are reputable security professionals that have greatly contributed to the security community.

Chris Nickerson conducted the famous and irreverent "Exotic Liability" security podcast. Unfortunately, the last available episode dates already from 2013. Chris is also a regular presenter at many international security conferences. He is also one of the authors of the Penetration Testing Execution standard. The amount of followers he has in his twitter account confirms his relevance in the community.

Eric M. Smith has also presented at events such as DefCon 22 in 2014: Along with Josh Perrymon, they studied the topic of RFID chip security.

Let's go now through some of the sections of the lares.com site:

- Lares in action can inspire us to come up with alternative ideas to the traditional way of creating and selling security services. It contains more than a dozen videos, and their presentations, of appearances at conferences like BSides, Troopers or Source Barcelona. The historical and practical approaches they propose on how to implement security are worth thinking about.

As an example, we find almost 80 pages on how to increase the value of traditional security testing (both for vulnerability management and penetration testing). That slidedeck is not only fun but also innovative. They use useful concepts such as insider threat assessment, adversary modeling and the
continuous implementation of security tests along any technological process.


- It is great to see in their services section that, together with traditional vulnerability assessments and security testing, they also offer business impact analysis as a value added security deliverable.

- There is a social engineering section, labeled "Layer 8 labs". This is an appropriate name considering the human element as another layer on top of the 7 layers of the OSI communication model. "Layer 8 labs" provide controlled  "phishing" campaigns to increase security awareness among employees in companies and organisations.


As a final comment, I would highlight the modern design of this website: It helps underlining the valuable security content they provide.

Happy ninja reading!


Adversary modeling