Black Hat USA 2022

Black Hat USA 2022

Blog | Event

Black Hat USA 2022

PacketWatch is a sponsor of Black Hat USA 2022 this year. Christopher Krueger, Vice President of Sales, and Michael McAndrews, Chief Technology and Security Officer, as well as several of our analysts, will be live at the event in Las Vegas.

We are also participating in the Black Hat Virtual Event with a Virtual Tradeshow Booth on August 10th and 11th. If you are not traveling to Las Vegas, be sure to stop by the Virtual Booth and say “Hi!”

There are a few ways to catch up with us at Black Hat:

Black Hat USA 2022
Black Hat USA 2022 | Sponsor

Virtual Platform

“The Black Hat USA Main Conference including Briefings, Arsenal, the Business Hall, and more, will take place on the Swapcard Virtual Event Platform.”

Chris and Michael will both be in Las Vegas at the live Black Hat USA 2022 event. Let us know if you would like to grab some time to chat. They’ll be meeting with clients and partners throughout the event.

Chris Krueger | PacketWatch

Chris Krueger
Vice President, Sales

Michael McAndrews | Director, Network Security Services

Michael McAndrews
Chief Technology and Security Officer


Let’s Create a New Standard for Cyber Due Diligence

Let’s Create a New Standard for Cyber Due Diligence


Let’s Create a New Standard for Cyber Due Diligence

“The result of a flexible and extensible cyber due diligence process is less regret across the board.”

M&A Cybersecurity Concerns

Recently, I was in a meeting with a friend who’s a top Corporate Attorney here in town. He was lamenting a recent sizable Mergers and Acquisitions (M&A) deal that left a bad taste with the buyer. Following the transaction’s closing, the buyer uncovered a host of significant IT security concerns, one of which turned out to be remnants of a prior intrusion. So, the buyer’s legal counsel went back to the Purchase Agreement to see what warranties were made by the seller and whether any remedies were available. It turns out the seller had no “actual knowledge” of a problem because they never looked. The buyer never looked either because the seller wouldn’t cooperate. That meant a dispute and likely litigation. There’s got to be a better way.

Way back when…

In a prior life, I was a commercial real estate lender. I know, I’m mostly recovered now, thank you. Back in the day, the environmental clean-up movement was in high gear. The impacts of liability arising from CERCLA (think “Superfund”) were reverberating down the halls of all real estate developers and lenders. If you entered the title chain of a contaminated property, you were potentially liable for a massively expensive clean-up of something you didn’t even do. What came to bear was a new method for conducting due diligence—an Environmental Site Assessment or ESA. A Phase I ESA conducted by an environmental professional (engineer) consisted of a site study and review of current and historical records, adjacent land uses, public agency records, aerial photographs, and interviews with knowledgeable people. If something of concern like suspected soil contamination was noted, a Phase II study would be required. A Phase II study consisted of more intensive study, testing, and analysis to get to the details of the suspected hazard. A Phase III ESA, if needed, would get to the remediation plans, alternate methods for containment, logistics, how the cleanup was done, and outlined the process for follow-up monitoring. That progression of environmental due diligence has been successfully used since the 1980s. Today every transaction has at least a Phase I ESA as part of the process.

A new way forward…

We can use this example as an analogue for a new and improved cyber due diligence process. Let’s even borrow their “ESA” acronym for our Enterprise Security Assessment.

So, in this context, a Phase I ESA might encompass a comparison with a recognized regulatory or industry-accepted security framework (such as NIST or CIS-CSC). The purpose is to find gaps, prove levels of maturity, and supply an industry benchmark comparison of the target organization. An independent security professional or security engineer would perform the Phase I ESA. Phase I might also look at the Dark Web for compromised credentials or stolen data, examine select logs, look for signs of existing vulnerabilities, analyze the external attack surface, and scan threat intelligence sources.

If something of concern appears, a major gap is exposed, or a significant variance from similarly situated organizations is identified, you can move on to a Phase II study with independent data collection, analysis and testing, controls validation, and an expert threat hunt to look for malicious activity as well. If the suspected problem is verified, you can move into a Phase III ESA to remediate the threat and/or close the gap. Follow with monitoring to ensure the situation is adequately resolved and confirm that no advanced persistent threats remain.

Less Regret

The cooperation between the parties is enhanced by a predictable independent process conducted under the supervision of Counsel.  It’s not a fishing expedition but a defined, repeatable process. This flexible, extensible due diligence process for cyber makes much more sense than the current ad hoc model and will result in less regret across the board.  

Less regret equals happier clients. 

Give us a call at 1-800-864-4667 or Contact Us to find out how your practice can partner with PacketWatch to begin implementing a Phased-ESA Cyber Due Diligence program today.

Editor’s Note: We have refined and expanded this phased approach for M&A clients. The public launch of PacketWatch M&A, our suite of M&A Cyber Due Diligence Services, was on November 7, 2022.


The Truth About Cyber Insurance

The Truth About Cyber Insurance

Blog | Event

The Truth About Cyber Insurance

Join Chuck Matthews as he moderates the Arizona Technology Council July Virtual Tech Speaker Series event “The Truth About Cyber Security“. Chuck will be joined by industry experts to discuss the issues businesses should consider when approaching the proper use of cyber insurance. They will discuss the regulatory reforms that would make cyber insurance a better tool for risk transfer. Participants will gain better situational awareness regarding cyber insurance practices during this open discussion.

Panel Members:

  • Anthony Dagostino, CEO & Founder, Converge Insurance
  • Chris Branch, Chairman, ATS Underwriting
  • Wes Gates, CIO, Arizona School Risk Retention Trust
  • Tracy Foss, Senior Program Director, Risk Program Administrators

Who Should Attend:

  • Business Owners
  • Executive Management
  • Risk Managers
  • Legal Counsel
  • CIO
  • CISO

Live Broadcast:
Tuesday July 12, 2022
3:30PM – 5:00PM PT


“Cyber insurance take-up rates are increasing but Insurers’ losses are reaching unsustainable levels. Loss mitigations being implemented by Insurers to stem those losses, combined with non-standard policy terms, are leaving many to question the proper role of cyber insurance policies. ”

Arizona Technology Council Logo
The Truth about Cyber Insurance | AZ Tech Council
Key Takeaways:
  • Why are cyber insurance premiums rising so rapidly and coverage decreasing at the same time?
  • What happens if I file a claim? What are the “gotcha’s”?
  • How can I more effectively use my cyber insurance?
  • What regulatory and industry changes are being discussed and how will they impact me?
About The Arizona Technology Council The Arizona Technology Council is Arizona’s premier trade association for science and technology companies. Recognized as having a diverse professional business community, Council members work towards furthering the advancement of technology in Arizona through leadership, education, legislation and social action. The Council offers numerous events, educational forums and business conferences that bring together leaders, visionaries and community members to make an impact on the technology industry. These interactions contribute to the Council’s culture of growing member businesses and transforming technology in Arizona. To become a member or to learn more about the Arizona Technology Council, please visit