Penetration Testing

Penetration Testing

John Reed Stark Consulting LLC partners with KoreLogic to conduct uniquely specialized penetration testing for public and private companies, including and especially SEC regulated entities.  The collaboration of John Reed Stark Consulting and KoreLogic dates all the way back to the 1990s when John Reed Stark served as Chief of the SEC's Office of Internet Enforcement and Joseph Segreti (co-founder of KoreLogic) headed the SEC's information technology security group, and the two SEC professionals collaborated on IT investigations and cybersecurity.

KoreLogic’s staff has provided penetration testing services to over forty Fortune 500 clients and has delivered hundreds of penetration tests. KoreLogic has expertise in testing web applications, mobile applications and devices, software products, third party service providers, cloud solutions, and IT infrastructure.  In addition, KoreLogic provides security thought leadership through its DARPA research projects and operating the annual Crack Me IF You Can password cracking contest at DefCon.

We recommend expert-based testing when there is a business requirement for one or more of the following:

  • Regulatory compliance (SEC, HIPAA, FERC CIP, PCI, etc.);
  • Meet Board and customer expectations that business-critical systems are resistant to attack; and
  • Demonstrate “smoking gun” evidence of high risk conditions to effect organization change.

Our testing is performed by staff averaging 15 years of experience who:

  • Mimic the methods used by sophisticated attackers to identify vulnerabilities before they can be exploited. First and foremost, this demands specialized, manual testing; not simply running automated tools;
  • Identify vulnerabilities and their root cause (to reduce the likelihood that the vulnerability will re-emerge); and
  • Constructively convey the results of their testing to technical and management audiences.

Learn More

For more information about John Reed Stark’s capabilities and expertise, review his recent articles and webcasts on cybersecurity and incident response in his Publications and in his blog, entitled Stark on IR. You can also see a few sample articles and webcasts at:

Article | What Makes a Good Pen Tester (Compliance Week Column) 

Webcast | What Every CFO, GC and CCO Needs to Know About Penetration Testing and Risk and Security Assessments

Webcast | Law Firms Under Cyber-Siege — How Law Firms Can Manage Data Breach Risks and Thrive Amid Cybersecurity Solutions

About John Reed Stark

John Reed Stark's Profile Image John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; for 11 years as Founder and Chief of the SEC Office of Internet Enforcement; for 15 years as an Adjunct Professor at Georgetown University Law School teaching a law and technology course; for 10 years as a Guest Instructor teaching law enforcement and technology training sessions at the FBI Academy. Worked for over five years as Managing Director (three as head of the Washington, D.C. office) of a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations and regulated entities. Author of The Cybersecurity Due Diligence Handbook.