When I started GRIMM, I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities. Five years later, we have grown into a dynamic and passionate team who strives to make a better, more secure world through the independent research and the services we provide to clients. GRIMM takes deep pride in its dedication to education, innovation and technical problem solving.
Last night, GRIMM attended the 3rd Annual DC Timmy Awards. The Timmy Awards recognize and celebrate the technology work culture that actively promote creativity, innovation, and learning in the DC area. GRIMM was named a finalist leading into the event and we’re thrilled to have been ultimately recognized as the First Runner-Up for Best Tech Work Culture! The evening was filled with energy and camaraderie as companies across the region came together to celebrate the innovative leadership embodied by the greater DC tech community.
One of the reasons I chose to come to GRIMM after leaving federal service earlier this year was because of one of the core principles held by the rest of the GRIMM Leadership team. That is the importance of educating the general public on the inherent cybersecurity risks in nearly everything touched on a daily basis, and of enabling future generations of cybersecurity experts, software developers, and computer engineers to solve these security challenges, as well as those of the future.
Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month thathackers gained access to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans. Some two-dozen class-action lawsuits (and counting?) followed, along with stinging criticism from consumer groups and congressional leaders.
GRIMM is excited to be named a finalist in the Best Tech Work Culture category for the DC Timmy Awards. These awards, now in their third year, recognize technology work cultures that actively promote technical creativity, innovation, and learning in the DC area and celebrate the organizations that make innovation possible. Vote for GRIMM here! Sponsored by Tech in Motion, the DC-area business community can vote online through September 8th to help choose who represents the best of DC tech.
Heading into the summer hacker conferences can be overwhelming. Demonstrations, panels and talks across multiple events events as in sames week - DEFCON 25, Black Hat 2017, BSidesLV - combined with all the parties (and meetings) made for an action packed week! With our social calendar full and our demonstrations in tow, the GRIMM team found itself in the spotlight while showcasing some of the most innovative cybersecurity research and intelligence on connected vehicles, IoT, smart homes, smart grids and ICS security up and down the Vegas Strip.
In our spare time, we like to hunt for bugs in various pieces of software. To help teach people this skill, we decided to write up our analysis on some of the crashes we find. The goal is to help people learn how to debug, analyze the problem, determine why it’s happening, and what the impact is. For example, is this just something which will cause the software to crash and merely cause a brief denial of service, or is this a vulnerability which can be exploited to take complete control over the computer?
“Howdy Neighbor” is GRIMM’s Internet of Things (IoT) Capture the Flag (CTF)-like challenge. As smart devices become ubiquitous within the common household, so are threats to these devices. For example, last year, it was reported that researchers could use a smart lightbulb network vulnerability to attack an entire city. Howdy Neighbor is a model smart house that simulates how multiple interactive “smart” home products, including webcams, smoke detectors, power meters, HVAC systems, smart ovens and refrigerators, video game consoles, smart TVs, toasters, coffee makers, locks, and light bulbs (etc.
“3PO” is GRIMM’s mobile car hacking lab. Since nearly every modern car is Internet-connected, you no longer need physical access to break out of, or break into a vehicle. Hackers prove vehicles are not only insecure from a cybersecurity perspective, but because of that, also unsafe. From controlling the steering, accelerating, braking, and communications, this presents an extremely large attack surface. As automotive original equipment manufactures (OEM) and their Tier 1 direct suppliers have become more aware of the threat, their need for end-to-end hardware and software vulnerability assessments has grown.
GRIMM is excited to announce that Lisa Wiswell, Principal for Security Consulting, was selected as a Young AFCEA 40 Under 40 winner for 2017. The Young AFCEA 40 Under 40 Award is given to 40 individuals, 40 or under, recognizing their significant contributions in technical STEM fields by providing innovation, thought leadership and support to military and government technology communities. Lisa joined GRIMM’s leadership team earlier this year as a Principal in support of GRIMM’s commercial and government clients.