John Reed Stark Consulting LLC partners with KoreLogic to conduct uniquely specialized penetration testing for public and private companies, including and especially SEC regulated entities. The collaboration of John Reed Stark Consulting and KoreLogic dates all the way back to the 1990s when John Reed Stark served as Chief of the SEC's Office of Internet Enforcement and Joseph Segreti (co-founder of KoreLogic) headed the SEC's information technology security group, and the two SEC professionals collaborated on IT investigations and cybersecurity.

KoreLogic’s staff has provided penetration testing services to over forty Fortune 500 clients and has delivered hundreds of penetration tests. KoreLogic has expertise in testing web applications, mobile applications and devices, software products, third party service providers, cloud solutions, and IT infrastructure. In addition, KoreLogic provides security thought leadership through its DARPA research projects and operating the annual Crack Me IF You Can password cracking contest at DefCon.

We recommend expert-based testing when there is a business requirement for one or more of the following:

  • Regulatory compliance (SEC, HIPAA, FERC CIP, PCI, etc.);
  • Meet Board and customer expectations that business-critical systems are resistant to attack; and
  • Demonstrate “smoking gun” evidence of high risk conditions to effect organization change.

Our testing is performed by staff averaging 15 years of experience who:

  • Mimic the methods used by sophisticated attackers to identify vulnerabilities before they can be exploited. First and foremost, this demands specialized, manual testing; not simply running automated tools;
  • Identify vulnerabilities and their root cause (to reduce the likelihood that the vulnerability will re-emerge); and
  • Constructively convey the results of their testing to technical and management audiences.

Learn More

For more information about John Reed Stark’s capabilities and expertise, review his recent articles and webcasts on cybersecurity and incident response in his Publications and in his blog, entitled Stark on IR. You can also see a few sample articles and webcasts at:

Article | What Makes a Good Pen Tester (Compliance Week Column)

Webcast | What Every CFO, GC and CCO Needs to Know About Penetration Testing and Risk and Security Assessments

Webcast | Law Firms Under Cyber-Siege — How Law Firms Can Manage Data Breach Risks and Thrive Amid Cybersecurity Solutions