Posts by Nicholas Percoco

1 min

Your Evolving Digital Life: Security Basics for Business Leaders

In helping to evaluate and recommend [https://information.rapid7.com/security-advisory-services-contact-us.html?CS=bouncex] areas for security improvement, I frequently consult with boards on the state of their organization's security program. Having had many of these conversations, I've seen board members repeatedly ask some of the same questions; they clearly are concerned about the overall security posture of the business, but lack the deep-rooted technical background of a longtime security

2 min Hacking

Making Your Voice Heard for the Future of Automotive Safety

TL;DR: Show Your Support to Secure the Future of Automotive [https://www.change.org/p/automotive-industry-we-request-that-you-unite-with-us-in-a-joint-commitment-to-safety-between-the-automotive-and-cyber-security-industries] Safety [https://www.change.org/p/automotive-industry-we-request-that-you-unite-with-us-in-a-joint-commitment-to-safety-between-the-automotive-and-cyber-security-industries] About a year and a half ago, Josh Corman [http://twitter.com/joshcorman] and I began having a discus

3 min Events

Rapid7 is hiring during #HackerSummerCamp!

It is that time of year again, when 1000s of security professionals and hackers flock to one of the hottest places on the planet. Like many of you, I've been making this trek for over a decade. There is no better place to keep in touch with your friends and colleagues in the security industry, hear about the latest research and enjoy a beer on a vendor's bar tab. But above all else, Hacker Summer Camp is one of the best opportunities for those looking to break into the security industry or find

0 min Events

Talks I am attending at DEF CON 22

I recently recorded a video for Rapid7's Whiteboard Wednesday on the talks I am looking to attend at DEF CON 22. See you in a few weeks! Nick DEF CON 22: Interesting Topics at This Year's Conference [VIDEO] | Rapid7 [http://www.rapid7.com/resources/videos/defcon-22.jsp]

5 min

CCS Injection Vulnerability: Severe vulnerability shows we're not done with OpenSSL just yet

The dust has barely settled on Heartbleed, yet here we are hit with another major vulnerability. The not-yet-catchily-named OpenSSL flaw allows spying on encrypted SSL/TLS communications, if the attacker can pull off a man-in-the-middle position. Read on to learn how it works, what it means for you, and how it stacks up against Heartbleed. What happened? The OpenSSL project published a security advisory containing several vulnerabilities. The most discussed vulnerability is CVE-2014-0224, throu

2 min

Strategic Embarkation: Why I am boarding the Rapid7 train.

Today I am announcing that I have joined the Rapid7 team as Vice President of Strategic Services. This is a brand new position leading a brand new team within the company. I'll be located in Chicago building a global practice to provide Rapid7's clients with a new and unique set of services to enable their security executives and teams to make strategic decisions to dramatically improve the ways they solve the problems they face today and will face in the future. I made the decision to join R