Wednesday, December 11, 2013

The end of a great year - 2013

Wow - can you believe another year is almost over? And what a great year it has been! We at Telspace Systems saw a great many turning points this year - both for our business and for the security industry at large.

In April, we had the successful opening of our EU offices, which took place alongside InfoSec Europe. In May, we were back on local shores in time for ITWeb’s Security Summit. In June, we moved to stylishly decorated new SA offices, personalised to our business vision and personality by Luca Designs. 

In July, our own Charlton Smith presented a very interesting talk on steganography, which was so well-received it even appeared in Cover magazine.

In September, we launched our first-ever Healthchecks service, catered towards smaller companies, or those with budgetary constraints. Finally, just last month, Telspace Systems introduced its Wireless Hacking 101 training course material revamp and began offering a brand new course, Ethical Hacking 101.

Furthermore, this year saw the addition of four new employees to the Telspace team, namely Adam Hollins as Project Manager, Rhys Mossom as Security Analyst, Dimitri Fousekis as Team Leader – Security Analysts as well as a new Senior Security Analyst & Business Development Manager. 

A huge thanks goes to the entire Telspace Systems Team for making this a year to remember. Without each of you working so hard as a family, we would not be where we are today. 
 
Looking back, 2013 was definitely a very successful and exciting year for the company and we thank all of our loyal customers and friends who shared it with us. From the whole team at Telspace Systems, happy holidays and all the best for the New Year!
 
To roundup the year, we have put together a list of the top 5 most prolific threats for 2013. Enjoy and stay safe.

1.  Botnets and DDOS
We saw many companies and government departments falling victim to DDOS attacks over the duration of 2013.

2.   BYOD Nightmares
Because of the explosion of “always-on” laptops, tablets and smartphones, sensitive and classified information on these devices are targets for exploitation.

3.   Web application security issues continue
Throughout 2013 we saw extensive issues in Web application security and attacks such as SQL injection are still very common. More complex, sophisticated attacks via Web applications are utilised to obtain confidential information such as company databases.

4.   Zero day browser attacks, Java zero-day attacks and other client side attacks
These types of attacks were a huge problem during 2013. Zero-day attacks have always been a massive risk to organisations, this year being a significantly bad year for many large organisations.

5.   Ransomware
Although ransomware is not a new attack vector, we saw a significant spike in the amount of ransomware this year. Today’s ransomware is usually conducted via poisoned Webpages, social engineering and various other methods.

Monday, November 11, 2013

Hacktivists protest corruption

Last week, hacktivist groups were seen holding worldwide protests to mark what has now become a tradition on Guy Fawkes Day.

On November 5th, members and fans of Anonymous, WikiLeaks, The Pirate Party, Occupy Wall Street and other hacktivist movements marched on political landmarks and institutions around the world. For example, in US capitol Washington, DC, demonstrators partook in what they called the “Million Mask March” outside the White House. In the UK, actor Russell Brand became the face of the Anonymous protest, acting as leader for the revolt.

Guy Fawkes Day commemorates the failed attempt to blow up British Parliament in 1605 - although Fawkes was not the mastermind behind the attack, he was the one holding the explosives. Anonymous begun using the Guy Fawkes mask as a symbol, which was made famous in Alan Moore's ‘V for Vendetta’ comic published in the early 1980s and subsequently made into a 2005 film adaptation.

Anonymous has a history of conducting operations and protests on 5 November, including a threat to “kill Facebook” in 2011, and has come to use the day as a rallying call.

On the day, Anonymous tweeted the popular Guy Fawkes commemoration rhyme, “Remember, remember the 5th of November”.

Understandably, many political and other organisations spent the day on edge, expecting to become targets of hacktivist attacks. This was especially true for the Singapore government who had been threatened with a Nov 5 attack by Anonymous in the event that they failed to roll back regulations imposed on media publications earlier this year.

Luckily for all, Nov 5 came and went with very little happening on the hacker front. It seems for all involved the day was more focused on peaceful protest rallies than actual damage.

This year, it is said a total of 400 cities around the world, including Johannesburg, took part in the demonstration.


Thursday, October 3, 2013

Learn about hacking!

Telspace Systems is offering two introductory training courses later this month, namely Ethical Hacking 101 and Wireless Hacking 101 (which includes Bluetooth) for all hacking enthusiasts.

Each comprehensive course will run over two days at the FNB Conference Centre in Sandton, Johannesburg, South Africa.

WIRELESS HACKING 101

Telspace’s popular Wireless Hacking 101 course will take place on the 12th and 13th of November 2013. This two-day course aims to demystify wireless network security and teach attendees how to improve wireless LAN and Bluetooth security.

The course is divided up into theoretical and practical sections. Attendees will first obtain detailed theoretical analysis of different wireless security schemas, and then receive hands-on experience on how the attacks are performed.

The topics to be covered in these sessions include: wireless and its use in technology, wireless protocols and architecture, network mapping and methodology for securing wireless networks, discovery of wireless networks, introduction to Bluetooth, and introduction to Bluetooth security.

ETHICAL HACKING 101

Telspace’s introductory Ethical Hacking course will take place between the 14th and 15th of November 2013. This comprehensive course will be taught from both a defense and attack perspective, and will address both the ethical and Black Hat viewpoints.

The topics to be covered include: what ethical hacking is, penetration testing methodologies, information gathering, mapping vulnerabilities, social engineering, exploiting mapped vulnerabilities, privilege escalation, and maintaining access and pivoting.

PRICING AND CONTACT DETAILS

Each two-day course is offered at R14 000.00 excl VAT per student. Currently, we have a special offer running which includes an iPad with retina display for each student.

For further info and bookings please visit our website (www.telspace.co.za) or contact us:

Email: sales@telspace.co.za
Tel: +27 11 517 1419
Facebook: www.facebook.com/telspacesystems
Twitter: @telspacesystems

Thursday, September 12, 2013

Ethical Hacking 101 & Wireless Hacking 101 - November 2013

After a successful training material revamp throughout 2013 we are happy to announce 2 new training sessions during November 2013.

Telspace Systems will be presenting Ethical Hacking 101 & Wireless Hacking 101. Both courses are intensive 2 day training courses and offer a highly practical approach to learning about the techniques and tactics used by hackers to attack your networks.

More information can be found at http://telspace.co.za/Nov-Training.pdf


 We look forward to seeing you there!


Tuesday, September 10, 2013

Telspace now offers cost-effective vulnerability Health Checks

Telspace Systems’ newly launched Health Check service combines various security tools and hands-on analysis to identify web application or network vulnerabilities - at more affordable rates.

According to the company’s CEO Dino Covotsos, this service is aimed at companies that may not have an extensive budget for a full-scale assessment.

“Our health checks are perfect for organisations that would like to improve the security of their websites or networks against potential threats, but are affected by budgetary constraints,” he says.

Telspace Systems offers two different types of assessments as part of its health check service, namely web application health checks and network infrastructure health checks.

The web application health checks cater for companies with smaller budgets, and are ideal for companies in need of security assessments, but without a full blackbox or whitebox application evaluation. The pricing structure is set and is the same irrespective of the size of the application.

This service reports vulnerabilities such as Sql injection, cross-site scripting, command injection, blind command injection, local file inclusions and arbitrary file reading, remote file inclusions, remote code injection / evaluation, CRLF / HTTP header injection / response splitting, open redirection, frame Injection, and many more.

Network infrastructure

The network infrastructure health check is an automated vulnerability assessment tool that is priced on a per-IP basis.

“This service is for companies that require managed vulnerability scanning to identify common vulnerabilities on their infrastructure on a month-to-month basis. It can, however, be done on a once off basis as well,” explains Covotsos.

The company’s automated software is a combination of toolsets to provide the best possible overview of a network from a vulnerability perspective.

Assessment deliverables include executive reports, technical reports, remediation reports, and network overview reports. PCI compliance reports can also be completed upon request.

“Although these health checks can assist companies with some peace of mind, it is important to note that they do not act as a replacement for a full-scale web application or network infrastructure assessment,” concludes Covotsos.

More information can be found at http://www.telspace.co.za/healthchecks.php .

Thursday, August 22, 2013

We are hiring!

Telspace Systems is looking to hire security analysts in South Africa, preferably Gauteng as the office is based in JHB. The analyst should be competent in a combination of the following skills:

Web application security, attack and penetration testing, network security, source code reviews, mobile security. Along with these tests and assessments, you'll be conducting regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.

If you are interested in the below, apply via http://www.careerjunction.co.za/jobs/1545049 , email us your cv or get in touch via www.telspace.co.za !


Tasks include:

· Performing application penetration testing and application source code review against software applications
· Conduct vulnerability assessments and penetration testing on Internet-facing and internal client systems
· Exploit known and unknown vulnerabilities and discover logic flaws.
· Document technical issues identified during security assessments.
· Assist with building recommendations for hardening, and maintaining systems used for penetration testing
· Research cutting edge security topics and new attack vectors

Desired Skills & Experience:

· At least 3 years experience as a security analyst or relevant experience as a penetration tester.
· Good technical, analytical, interpersonal, communication and writing skills.
· Good understanding of attack and defence techniques
· Excellent self management skills
· Ability to work both independently and as team lead on individual assessments.

Tuesday, August 20, 2013

Security vs freedom: the great debate

Earlier this month, American President Barack Obama gave a press conference regarding issues surrounding the PRISM spying controversy.
Back in May, he defended a revelation by Edward Snowden that the National Security Agency (NSA) has been intercepting and collecting phone and electronic communications since the reign of former president George W. Bush.

Since then, news sources have reported that the NSA had obtained a court order to collect phone records from Verizon Wireless customers, and discussed the existence of PRISM, a program launched in 2007,which tracks information from well-known US-based Internet companies including Microsoft, Yahoo, Google, Facebook, AOL, YouTube, Apple, PalTalk and Skype.

In response to this, Obama stated that the programs are essential to combating terrorist threats claiming, "They may identify potential leads with respect to folks who might engage in terrorism.”

He also argued that the impact of the programs has been overstated. "Some of the hype we've been hearing over the past day or so - nobody has listened to the content of people's phone calls," he explained.

At his most recent press conference, Obama once again addressed the issue of privacy in this regard explaining, “As I said at the National Defense University back in May, in meeting those threats we have to strike the right balance between protecting our security and preserving our freedoms. And as part of this rebalancing, I called for a review of our surveillance programs.”

The decision to initiate a review came after various security breach incidents. As Obama stated, “Unfortunately, rather than an orderly and lawful process to debate these issues and come up with appropriate reforms, repeated leaks of classified information have initiated the debate in a very passionate, but not always fully informed way.”

To conclude his speech, Obama listed a series of four steps that will be taken shortly to ensure the security issues are dealt with. In brief, these are:

1. Pursuing appropriate reforms to the program that collects telephone records.

2. Working to improve the public’s confidence in the oversight conducted by the Foreign Intelligence Surveillance Court, known as the FISC.

3. Be more transparent.

4. Forming a high-level group of outside experts to review America’s entire intelligence and communications technologies.

After reading news articles, forum posts, twitter feeds and blogs debating Obama’s above ‘solution’, it becomes clear that nobody in the security industry really thinks the US president dealt with this situation properly.

We at Telspace Systems firmly believe in the importance of being proactive, rather than reactive, when it comes to security in general. The US presidency should’ve been much more transparent with America’s citizens even before the monitoring started. Because they chose to conceal their spying tactics, they now sit with a country full of very angry, suspicious and sceptical people.

It is important to remember that US citizens are not being affected by this alone. Even us, in as far away as South Africa, have had our phone records collected and electronic communications monitored as the above affects all international traffic flowing through any US pipes... and this includes Gmail and Facebook.

Even on a local front, we are not safe from government spying operations. Currently, we are seriously lacking from a legislative standpoint and we are far behind other countries when it comes to our state security.

We are hoping in the next few years, the implementation of the Protection of Personal Information (POPI) Act raises enough awareness within companies and government departments regarding certain issues such as information monitoring and establishes practical ethical rules for them to follow and live by.

However, in the meantime, the best rule of thumb is just to assume everything is being monitored - and work backwards from there.

Tuesday, July 23, 2013

Telspace talks steganography

Last week, our very own Technical Director, Charlton Smith, gave a presentation on Steganography among a panel of experts at Webber Wentzel in Illovo.

The event was sponsored by Camargue Underwriting Managers and Webber Wentzel in alliance with Linklaters and took place on the 18th of July between 10:30 and 12:00. Telspace Systems was invited to attend the panel of experts as Camargue’s preferred penetration testing partners.

The panel was asked to discuss the realities of cybercrime in South Africa in the context of the upcoming POPI Act. Specifically, the discussion included cyber risk management and risk transfer strategies.

The informative and very funny presentation was delivered to around 20 attendees, both technical and non-technical, who all seemed impressed with both Charlie’s knowledge on the topic and his ability to add humour to the subject.

According to Charlie, he chose to talk about steganography because it is relatively low-level and he wanted to include the non-technical audience as well as the techies. He also believes, in the context of the POPI Act, steganography is very relevant as it allows for new techniques of transferring information, without setting off any alarms.

In brief, here are some of the highlights of Charlie’s presentation, entitled Steganography 101:

- The word steganography is of Greek origin and means "concealed writing".

- Steganography is not the same as cryptography, although they supplement each other.

- Early uses of this technique include hidden messages within wax tablets and there was even a story told by Herodotus of a message tattooed on the shaved head of a slave.

- Modern technology allows for a number of new techniques to be used in steganography, including injection techniques, bit substitution, spam, PGP, and even the game of Sudoku.

- Common carrier objects include images (.PNG .JPG .JPEG etc.), audio (Any sound clips .mp3 etc.), emails, and PDFs.

- Injection involves embedding the secret message directly into the carrier object and almost all programs today (web browsers, Microsoft Office programs, etc) have methods of placing data in a file that will be ignored or not displayed to the user.


New Junior Marketing Manager needed!

As an aside, Telspace Systems is currently looking for a Junior Marketing Manager to join our exciting team. If you think you have what it takes, please email adam[@]telspace.co.za for more information. Good luck!

Wednesday, June 12, 2013

Telspace moves to stylish new offices (and welcome Adam!).

Telspace Systems is very excited to announce we will soon be moving to our new offices in Hyde Park. The new offices are custom decorated by Luca Designs (www.lucadesigns.co.za) and come complete with stylish décor in a hacker-type setting.
The decision to move comes largely after an unfortunate break-in we had last year at our previous workplace, but with the new arrangement offering our growing local and international staff a better working environment, we like to see it as a blessing in disguise :)
We would also like to welcome our newest employee, Adam Hollins. Adam came to us with a lot of customer-facing experience and an understanding of client relationship building. At Telspace, Adam will mostly be acting as liaison between our security analysts and our clients during penetration testing projects and web application assessments to ensure everyone remains on the same page. He will also be involved in and head many of our current and upcoming training sessions.
So by welcoming Adam to our growing team and with moving to funky new offices, June 2013 marks a very exciting month for Telspace Systems!
Once we’re well settled into our new space in a few weeks time, we’ll take some cool pics to post on our blog. So watch this space...

Tuesday, May 28, 2013

MML Injections


In a recent penetration test we came across a Huawei device that used a Tomcat frontend to send certain parameters to a separate interface or to the command line. At the time we were not sure where the parameters were being sent, but it did seem to give strange returns when playing around with it. Upon further inspection we noticed an error code commented within the page when an error was generated.


After a bit of googlin’ we discovered it was Man-Machine language (MML). According to the wikipedia page:

A man-machine language or MML is a specification language. MML typically are defined to standardize the interfaces for managing a telecommunications or network device from a console.”

And;

“Man-Machine Language (MML) is the industry standard command line language used to manage telecommunications network elements.”

We won’t be getting into the technical stuff on MML and TL1, there is already a lot of information out there on it. We will just be focusing on web portals that use parameters to feed into a query. Essentially our attack was an injection attack. We had a predefined command with our supplied value inserted into one of the properties and the command was run. This may be common on quite a few telecom devices with a web frontend.

A simple query may look like: 

Function{ PARAM1=”Value”, PARAM2=”$user_supplied_value”, PARAM3=”predefinedValue” }

Let’s say we are able to specify the value for ‘value2’ and the other values are already set and we want to redefine the value for ‘PARAM3’ our input may look like:

Anything”, PARAM3=”our new value”};

This will overwrite the PARAM3 value with ours, the semicolon acts as a comment to comment out the remaining part of the query containing the initial value for PARAM3. 

Unfortunately it is not currently possible to redefine a value if it is declared before our input. This will generate an error stating duplicate values exist. 

Another trick that can be used is to escape prefixes to our supplied value is to use a colon(:) this can be used to specify multiple values for an input.

Let’s say the following query has a prefix on our value:

Function{ PARAM1=”Value”, PARAM2=”PREFIX_$user_supplied_value”, PARAM3=”predefinedValue” }

We could supply the following to escape the prefix:

Anything” : “noPrefix

This will supply the extra value without a prefix.

So that’s it for now, hopefully this helps someone out there, please feel free to add extra info or other attack methods in the discussion.

Cheers, Charlton

Thursday, May 23, 2013

Hack the Planet targets MIT again


Following its defacement to the Massachusetts Institute of Technology (MIT) website (mit.edu) in January earlier this year, hacker group Hack the Planet (HTP) have once again done damage to the organisation.

Earlier this year, the group not only performed an anti-Anonymous troll defacement on the MIT homepage, but they managed to intercept and gain full control of the Institute’s incoming and outgoing e-mail by compromising its domain. Although this claim was initially denied by MIT spokespeople, a later statement proved it to be accurate.    
Since then, the hacktivists have managed to maintain access to MIT’s EDUCAUSE domain and have, according to one of their previous newsletters (HTP Zine 5), “entrusted the login credentials of nearly every EDU domain to hackers worldwide”. Links to downloadable ZIP files of the login credentials were also made available in the newsletter.
As it stands, HTP claims to still have active access to MIT’s information, although they have not disclosed any details as to the techniques they used to do so.
The above incident is one of many examples attributable to a steady rise in hacktivism. Up until a few years ago, hacking existed very much as means to procure illicit funds as part of a growing “underground economy”. Almost all cybercriminal incidences were centred around monetary gain.
However, nowadays with the likes of LulzSec, Anonymous and as illustrated above HTP, hacktivist groups are cropping up in growing numbers, their sole purpose being to cause damage via targetted attacks. Much of the time, these attacks are in accordance with some political agenda, but in many cases, these groups are gaining access to high profile organisations for their own enjoyment or, as many of them claim, to teach the target “a lesson in security”.
On the one hand, the rise in popularity of these types of attacks have had a positive influence in the industry, as they have forced many organisations to increase their corporate information security tenfold, something that security companies have been urging them to do for years.
On the other hand, damages to some organisations’ reputations have been irreversible and members of the public are increasingly showing distrust towards the companies that handle their online transactions and information.
To safeguard yourself and your company from damage caused by hacktivist groups such as HTP, we believe it is extremely important to take proactive steps in protecting all facets of your network on a continual basis. This will ensure peace of mind that your organisation is protected from even obscure attacks such as this one.

Tuesday, May 14, 2013

Opportunities and success in the UK


Last month, Telspace Systems made a very important trip to the UK. On the one hand, we went to showcase the company among the other 350+ exhibitors at Infosecurity Europe, but just as importantly, we officially launched our EU-based office in central London.

Infosecurity Europe, considered to be Europe’s number one Information Security event, took place between 23-25 April, at Earl’s Court, London this year.

Although this event has been successfully running for 18 consecutive years, this was Telspace’s first time exhibiting there, and it proved to be the perfect opportunity to coincide with our local office opening.



With over 17 000 registered attendees, we were kept very busy interacting with all the delegates at our stand. We gained a lot of international exposure and met a lot of key industry players, including many competitors. Overall it increased our market presence and also provided us with the opportunity to service new clients.

We managed to collect many great leads, of which we had a large amount of callbacks. Some of the top most contacted clients from the exhibition include UK, Italy, USA, Germany, and Spain. The event also proved to be a great platform for us to present our highly-talented EU-based security engineers to potential international clients.

We were very impressed with how professionally the event was organised and executed. During the whole time we were there, we never ran into any problems. We were amazed by the massive networking opportunities the event offered and we enjoyed the chance to compete in the EU market. The interest and knowledge presented about our industry was huge and it was very exciting to see where we are heading.


Overall, it was a great experience and everyone was very welcoming. We were proud to represent South Africa at an international level and hope to attract even more customers in 2014. We've already booked a stand for next year in the main exhibitor zone!

Check out these links for more information about our EU office launch:

Thursday, May 2, 2013

Join us at ITWeb’s Security Summit

ITWeb’s Security Summit is taking place at the Sandton Convention Centre this year between 7 and 9 May, and we hope you’ll be joining us there.

Telspace Systems has been involved with this event almost since its inception in 2005. Initially, we presented talks on topics such as Bluetooth Hacking to the local and international delegates, and more recently, we've been involved as sponsors and exhibitors.

A few years ago, as some of you might remember, we were involved in a very successful charity drive for renowned computer security expert Johnny Long’s (j0hnnyhax) Hackers For Charity initiative.

Whatever our involvement, though, one thing has stayed the same - Telspace Systems always has a lot of fun at ITWeb’s Security Summits. Not only that, but we find the event to be a great place for us to keep up-to-date with the local IT security community and to get in touch with our customers face-to-face. It also always gives us the opportunity to discuss industry issues and solutions in-depth, which helps us better figure out what our clients want from us on a service level.

According to the website, at ITWeb’s eighth annual Security Summit, “We take a stand, and assert that while some battles have been lost, we need not lose the war. With informed strategy, and effective tactics, as well as a better understanding of the enemy, we may yet turn the tide of the growing cyber security threat.”

This year’s international keynote speaker will be Misha Glenny, investigative journalist and leading expert on cybercrime and on global mafia networks, and he will be contextualising the current information security challenges faced by organisations across the globe.

Other speakers include: Richard Bejtlich, chief security officer at MANDIANT; Adam Ely, founder and chief operations officer of Bluebox; Runa Sandvik, developer, security researcher, and translation co-ordinator, at The Tor Project; Ben Gatti, independent software hacker; and Robert Weiss, founder of Password Crackers.

The event will not only showcase expert insights, but will also feature interactive workshops, valuable networking opportunities, sought-after SANS training, and practical solutions.

With less than a week to go, we hope you’ve registered and are gearing up to attend this top-level local event. But most importantly, we hope you are as excited as we are!  

Come visit us at Stand 2, it would be great to catch up with you all!

Tuesday, April 2, 2013

Telspace Systems opens EU office - InfoSec Europe

Information security services and training company, Telspace Systems, will be establishing an EU-based office during the Infosecurity Europe event at the end of April this year.

Telspace Systems has been successfully operating in Johannesburg, South Africa, since 2002. The company offers information security services including attack and penetration testing, web application assessments, vulnerability assessments, and security consulting. Telspace Systems also has a training division which offers practical courses such as the highly-anticipated Ethical Hacking 101, and the popular Wireless & Bluetooth Hacking. These courses are often presented at high-level government and internationally-recognised security conferences. 

The new office, which will be situated in central London in the UK, will provide much the same services as the Johannesburg-based office, although the company is always developing new training courses and services into its existing portfolio.  

Says Shaun Levy, Sales and Recruitment Director at Telspace Systems, "For the past few years we have been extensively servicing companies globally. We feel it is the right time to have a physical presence in Europe for our customers, especially since we have already seen a number of parties interested in investing in our European operations."

Telspace Systems currently services clients across Europe, Africa, Malaysia, UAE and America. "We already have an extensive base of EU clients," explains Levy.

"The information security industry is growing at a rapid rate and as a result, many organisations are demanding our top quality services," according to Telspace Systems CEO Dino Covotsos. "Our decision to establish an EU footprint gives us the opportunity to expand on a global scale, which has always been a part of our corporate mission."

Levy adds, "Having an office in the EU enables us to hire more technically-aligned staff, which benefits our South African clients by providing them with a carefully-selected team of top international analysts."

The company is currently in the final stages of interviewing for the management position at its soon-to-be-launched EU office. "We thought a good time to officially open our EU office would be during Infosecurity Europe at which we will be exhibiting," explains Levy.

Infosecurity Europe is taking place at Earl Court in UK this year, between 23-25 April 2013, and is considered to be the top information security event in Europe. 

"Based on the success of our EU-based office, Telspace Systems plans to establish new offices in other countries, to even further expand our global reach," Covotsos concludes.


Thursday, March 14, 2013

We are hiring - National Sales Manager position open!


Job Description: National Sales Manager

Manage all sales related activities including:

• Generating sales leads, qualifiying new prospects, and developing new customers.
• Manage pricing and sales proposal processes to ensure optimum profitability and growth.
• Work closely with services and analysts to cultivate and close new opportunities.
• Maintain account information and pipeline reports.
• Consistently hitting and exceeding designated target.
• Setting targets for sales associates and managing a smaller team of sales associates in the future.

Desired Skills and Experience:

• 3+ years selling security consulting services, specifically Penetration Testing, Vulnerability Assessments and Information Security Training to new clients and closing additional/followup work with existing clients.
• Sufficient technical knowledge of Penetration Testing, Web application security and training services to be able to address customer issues and queries.
• Significant contacts and relationships with CISOs and other decision makers
• Superior negotiating skills
• Consistent record of being above quota.
• Ability to create presentations, proposals and SOW documents.
• Bachelors degree preferred
• Self motivated, dedicated and hard working sales person.

You can apply at http://www.linkedin.com/jobs?viewJob=&jobId=5118390&trk=job_nov or send us your CV's if you are interested. We currently have 2 positions open as per the above!