Blog

Insights from Helios Security

Security guidance, industry updates, and best practices from our team of experts.

Filter by category: All Assessments CLEARTEXT Conferences Tradecraft

CLEARTEXT - Top Dos and Don'ts when building a cybersecurity program

A Cybersecurity program is table stakes for any business where uptime or sensitive data impact revenue. Starting a cybersecurity program in 2026 isn't about chasing AI hype - it's about discerning prioritization to close the attack paths that still dominate: phishing (fueling 35-45% of ransomware), stolen credentials, and unpatched vulnerabilities. As an MSSP that's watched budgets vanish on tool sprawl while basics fail, here's the no-fluff guide to what works.

Feb 04, 2026 Matt Shafner

Read more arrow_forward

Assessments 17 min read

A Primer on Threat Modeling

Threat modeling can be an overwhelming process to get started. There is a wealth of information out there on how to do it the “right way” and it can lead to decision paralysis. Here, we talk about a simple way to get started on your threat modeling journey to give you the necessary knowledge to choose your own “right way.”

Mar 11, 2025 Kevin Coddington

Read more arrow_forward

Assessments 13 min read

CISA FY23 Risk and Vulnerability Assessments

Every year, the federal Cybersecurity and Infrastructure Agency (CISA) conducts Risk and Vulnerability Assessments (RVAs) for the executive branch, high priority critical infrastructure operators and select state/local stakeholders.In September, CISA released a publication of the aggregate findings from their FY23 engagements. Within the findings, CISA mapped the most successful tactic in 11 of the 14 MITRE categories to help inform public and private companies of how to prioritize security controls in their environment.In this blog, we will walk through findings from each tactic and provide real-world recommendations for how to mitigate risk in your organization.

Jan 10, 2025 Matt Shafner

Read more arrow_forward

Conferences 14 min read

CrowdStrike Fal.con 2024

We were lucky enough to attend the CrowdStrike conference, Fal.con, this past week in Las Vegas. With CrowdStrike’s growing number of modules and products, there are too many updates to cover. However, in this blog we will try to distill some of the more notable takeaways and give our take on their impact to CrowdStrike customers. Disclaimer: This blog includes our opinions and impressions from the CrowdStrike conference. Please refer to CrowdStrike’s public announcements for authoritative detail on any product features.

Sep 22, 2024 Matt Shafner

Read more arrow_forward

Tradecraft 13 min read

Data Exfiltration Risks in Modern Enterprise

In today’s hyper-connected world, data has become the lifeblood of organizations, driving decision-making, innovation, and operational efficiency. However, with the increasing value of data, the risks associated with its loss or theft have also surged. Among the most significant threats to data security is data exfiltration, a scenario where sensitive or confidential data is illicitly transferred out of an organization. This blog will explore the nature of data exfiltration and the methods attackers use to bypass traditional security controls to steal your sensitive data.

Sep 14, 2024 Matt Shafner

Read more arrow_forward

Tradecraft 9 min read

Basic MFA is NOT protecting you from phishing

In the ongoing battle against cyber threats, many organizations have turned to multi-factor authentication (MFA) as a silver bullet for securing their systems. However, basic MFA and phishing training are no longer sufficient, as modern phishing attacks have become increasingly sophisticated.

Aug 01, 2024 Kevin Coddington

Read more arrow_forward

Ready to strengthen your security posture?

Our team is ready to help you identify vulnerabilities, build mature security programs, and protect what matters most.

Get Started arrow_forward