Recommended links about security and compliance

Recommended books, articles, sites, talks and podcasts about security and compliance. Includes sections on suppliers.

Password managers' promise that they can't see your vaults isn't always true
New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups.
What is an engineering audit like?
Anna J McDougall shares her experience in an ISO 13485 Medical Device Engineering QMS Case Study
A sneaky phish just grabbed my Mailchimp mailing list
Troy Hunt's welcome reminder no one is immune to being caught out by phishing as he shares his own experience
On the matter of the British Library cyber incident
Ciaran Martin on what can be learned from this ransomeware incident
10 fundamental (but really hard) security metrics
Phil Venables highlights a number of areas to think about when it comes to measuring your security.

Suppliers

Suppliers of security and compliance services

Cure53
Recommended for penetration testing
Detectify
External attack surface management service
Halo I.S.
Recommended for penetration testing
Intruder
Automated vulnerability scanning that comes highly recommended
KnowBe4
Security Awareness Training that includes simulated phishing attacks to drive awareness and change user behaviour
Samurai Security
Recommended for penetration testing
VaaData
Recommended for penetration testing