Faraday Blog

October is Cybersecurity Awareness Month, a time when we focus on ways to enhance security in our daily lives, both personally and, most importantly, as a company. While some measures may seem basic, it’s important to remember that many vulnerabilities stem from unpatched programs, and a large number of attacks originate from an employee clicking the wrong link.

Since organizations differ in size, structure, and maturity, there are various vulnerability management models tailored to each. These strategies, adapted to different levels of complexity, are not a one-size-fits-all solution, but rather a set of recommended steps to either build a Vulnerability Management Program (VMP) from the ground up or assess the maturity of an existing VMP. The ultimate goal is to reach a point where vulnerability management no longer feels like a burden, but instead leads to significant improvements in overall security.

Security teams of all sizes, from large Fortune 500 companies to small NGOs, face the same problem: a lack of time and an ever-expanding attack surface. Time to detect vulnerabilities, time to decide what to do, time to act, and time to allocate resources. It is a continuous and constant game in which it is essential to focus on finding a more agile framework to detect, act, and resolve vulnerabilities.

Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.

Good security practices go hand in hand with automation, integration, and collaboration. As dynamic as the threat landscape is, so must our strategy be. With over 26 thousand vulnerabilities reported last year, it’s now more important than ever to shift security from left to right, and then everywhere.

Faraday was born from the fusion of entrepreneurial spirit and a desire to break staffs. These elements naturally emerged in Federico Kirschbaum and Francisco Amato, two friends, crazy for IT, curious by nature, and the founders of this comprehensive cybersecurity project. What later became a company started as a series of on-demand jobs for individual clients. Gradually, Fede and Fran began to leave their full-time jobs, taking on more penetration testing projects, hiring people, and seeking new clients.