NetSPI Blog

Eric H

Eric has over 15 years of information security experience including network engineering, UNIX administration, and consulting. Eric specializes in network architecture and device security, secure storage, and virtualization technologies. Eric’s recent projects include administering a heterogeneous virtual environment based on VMware and Hyper-V server which directly supported a large MSSP and numerous Fortune 1000 customers. He also provided network and security administration and support for large multi-tenant networks in ISP and MSSP environments.

Eric H
October 13th, 2014

IT Asset Management – Where to Start

Not enough emphasis is given to IT asset management. This is one of the first things an organization needs to get under control before they can really implement any security program. Yet few people do it well, if at all. How can you possibly protect an environment if you don’t know what assets make up […]
Eric H
February 4th, 2014

Vulnerability Disclosure Submission Standard?

I present you with RFC2142, please take a minute to skim through it for a little context. This RFC aggregates all of the recommended mailbox names that network and computer operators should setup depending on what public services they offer (You did setup and continue to monitor important mailboxes like postmaster, abuse, and so on, […]
Eric H
September 16th, 2013

Firewall Configuration Review

Firewalls are a spot of contention for many within the information security community. Many people put too much faith in a network firewall and assume that because there is one on the network somewhere, that they're “hacker proof.” Others do not put enough faith in a network firewall because many are deployed improperly or they're […]
Eric H
July 2nd, 2012

Virtualization Security Resources

Getting started with virtualization security can be a little daunting. I’m not going to go into a great level of detail, but I do want to point out some sources of information to get you started down the path to securing your virtual datacenters (you did plan the security of the infrastructure before you virtualized, […]

Need a Quote?

Common Questions

What is Penetration Testing as a Service (PTaaS)?

PTaaS is NetSPI’s delivery model for penetration testing. It enables customers to simplify the scoping of new engagements, view their testing results in real time, orchestrate faster remediation, perform always-on continuous testing, and more - all through the Resolve™ vulnerability management and orchestration platform. Learn More

Why should I use NetSPI?

Your attack surface is constantly evolving. We help organizations defend against real-world attacks by being the best at simulating real-world, sophisticated adversaries with the products, services, and training we provide. Our historical testing data shows that there is simply no replacement for human-led manual deep dive testing. This level of testing finds the most severe vulnerabilities that tools will never uncover. Our proven methodology ensures that the client experience and our findings aren’t only as good as the latest tester assigned to your project. That consistency gives our customers assurance that if vulnerabilities exist, we will find them. In addition, our Resolve platform delivers automation to ensure our people spend time looking for the vulnerabilities that tools miss. We provide automated and manual testing of all aspects of an organization’s entire attack surface, including external and internal network, application, cloud, and physical security. We know how attackers think and operate, allowing us to help our customers better defend against the threats they face daily.