Advertise

Author

Profile of Carric Dooley

WW VP of Foundstone Services, Intel Security

News & Commentary Posts: 8

Carric Dooley has extensive experience leading comprehensive security assessments as well as network and application penetration tests in a wide range of industries across North America, Europe, and Asia. As the Worldwide VP of Foundstone Services at McAfee, part of Intel Security, he works with companies around the world in various industries, including financial services, insurance, healthcare, software, manufacturing, retail, pharmaceuticals, government, food services, and entertainment.

Carric has performed information security assessments, security architecture reviews, wireless assessments, web application penetration tests, host configuration reviews, product reviews, risk assessments, and policy development projects. He has also led several enterprise risk assessments following Foundstone's methodology based on NIST 800-30, helping clients in the financial services, government, and software industries to develop effective risk management strategies. In 2005, Dooley also helped establish Foundstone's methodology for assessment and penetration testing.

Prior to McAfee, he worked at Microsoft on the ACE team, and at Internet Security Systems (ISS) as a senior consulting delivering assessment services.

Carric holds a bachelor's degree in business administration from Georgia Southern University, with a focus on international economics and a minor in French.

Articles by Carric Dooley

View Content By Month

Some of the Best Things in Security Are Free

4/8/2015
Software tools are available from our consultants free of charge.
Post a Comment

Five Easiest Ways to Get Hacked – Part 2

2/25/2015
Continuing a conversation with principal security consultant Amit Bagree
Post a Comment

Five Easiest Ways to Get Hacked – Part 1

2/18/2015
A conversation with principal security consultant Amit Bagree.
Post a Comment

Security Skills Shortage? Don’t Panic!

1/26/2015
Focus your energies on building a comprehensive security strategy and turning to experts for guidance.
Post a Comment

Recruit, Reward & Retain Cybersecurity Experts

1/20/2015
How to create a better working environment for security professionals.
Post a Comment

When Every Minute Counts (Part 2)

11/21/2014
Acting on key Indicators of Attack for incident response is crucial.
Post a Comment

What We Mean by Maturity Models for Security

11/12/2014
The aim is to assess the current state of security against a backdrop of maturity and capability to translate actions into goals that even non-security people can grasp.
Post a Comment

Drag Your Adolescent Incident-Response Program Into Adulthood

11/3/2014
It’s not about how many tools you have, but what you can do with them.
Post a Comment

Hot Topics

Editors' Choice

WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication

John Fontana, Standards & Identity Analyst, Yubico, 9/19/2018

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018

NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/19/2018

Live Events

Webinars

More UBM Tech
Live Events

Build Your Communications & Collaboration Future

Enterprise Connect Orlando 2019 Registration is Open!

White Papers

Build the Best IT Budget for 2019

2018 Security Report

SMBs Adopt Modern Endpoint Security

Cloud Security: Combat Threats to Your SaaS-Powered Business

Cybersecurity Beyond the Network Reach

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "This is our most effective security awareness training tool yet!"

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-11763
PUBLISHED: 2018-09-25

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

CVE-2018-14634
PUBLISHED: 2018-09-25

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...

CVE-2018-1664
PUBLISHED: 2018-09-25

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...

CVE-2018-1669
PUBLISHED: 2018-09-25

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...

CVE-2018-1539
PUBLISHED: 2018-09-25

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.

Terms of Service
Privacy Statement
Legal Entities

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]