Category: Just For Fun

  • Stay Afloat

    “Don’t worry, I won’t go too fast.” — Mark Puckett, CEO

    TL;DR — Mark went too fast.

    A clear lake. A fast boat. A hot summer day.

    You know — your typical business meeting . . . if your CEO is obsessed with speed like Mark Puckett is.

    Here’s how it (we) went down:

    Brian Tant is Raxis’ chief technology officer. Most days, he’s a genius. Not today. Brad Herring is the VP of business development. Most days, he uses really good judgment. Not this day. Bonnie Smyre is chief operating officer. Most days, she’s super professional. But, today? Today, she played sidekick to Mark’s super-prankster.

    Long story short, the video above tells the tale of how two guys (who really should know better) trusted two professional hackers and social engineers, jumped on a floating tube of death, and experienced the joy of flight, followed swiftly by the agony of landing.

    Okay, maybe it was a little too fast.
    – Mark Puckett, CEO

    A much smarter Brian Tant (wet on the left) and Brad Herring (wet on the right). Mark Puckett (dry on the boat).
  • 12 New Cyber Terms the World Needs Now

    There ought to be words for these things . . . and now there are. How many examples do you see in your work each day?

    Over the course of hundreds of penetration tests, red team assessments, and incident responses, we’ve encountered situations that left us without words. So, rather than just stand around speechless, we decided to create some new verbiage to fill in the blanks. See if you find any of these appropriate around your office or within your company.

    • Againstigation. uh-gain-stuh-GAY-shun. n. Studying the root causes of a large-scale breach even though the same basic tactics have been used repeatedly and the underlying problems remain.
    • Backoops. BACK-oopz. n. The act of deploying a secure backup solution after sensitive company data has been encrypted by ransomware.
    • Breacher’s pet. BREE-churz-pet. n. Anyone who leaves helpful notes with usernames and passwords on sticky notes attached to their monitor.
    • Chivalregret. SHIV-ul-ree-gret. n. The realization that a person for whom you’ve politely opened a door was actually a hacker who has now owned your network.
    • Clickmate. KLIK-mate. n. The moment when a hacker realizes a phishing campaign has captured the credentials of a network administrator.
    • Cyberchosis. si-bur-KO-sus. n. Delusional state that causes business owners to imagine they live in a world where hackers only attack other companies.
    • Duhpgrades. DUP-gradez. n. A series of long-overlooked and time-consuming upgrades that must be completed before a critical software patch can be installed.
    • Homepwnrship. HOME-PONE-er-ship. n. Taking over a corporate network by first hacking a remote worker who fails to follow proper security protocols.
    • Pastword. PAST-werd. n. 1) A password in use on multiple sites. 2) Any password that remains in use after a site where it is used has been hacked.
    • Pen-guesting. PIN-guess-ting. v. Using visitor login information to access sensitive data improperly secured on a company network.
    • Premiscuity. pri-miss-KEW-e-tee. n. Allowing an unknown person or persons into secure areas of a facility.
    • Ransomdare. RAN-sum-dair. v. To passively invite a cyberattack by refusing to provide cybersecurity training, allowing poor password hygiene, and failing to employ secure backup.

    Do you have any terms you’d like to add to our list? If so, visit us on Facebook, LinkedIn, Twitter, or Instagram and leave us a message. Better yet, share this post and bring your friends in on the fun.

    If you’d like to learn about cybersecurity terms we didn’t just make up, visit our glossary.

  • How Bonnie Banished Her Boring Background

    Raxis has always been a remote-work team, even before COVID, so we’re accustomed to spending a lot of time on Zoom. Thus my plain green wall has been an ongoing source of amusement for my colleagues, but I never gave it a lot of thought until I started doing more videos for public consumption. 

    Before: My personal “green monster.”

    That’s when it hit me – the green wall looks like a green screen awaiting a novelty background. It’s boring and bland and very much not my style. So, I decided to change it up for something that is. 

    Of course, it helps that I have an amazing and talented friend, Kasi Reilly, who could take my wall from blah to beautiful. Even more importantly, Kasi understands my individual sense of style, and I trusted her to bring my vision to life. 

    She did not disappoint. 

    I knew I wanted colors and flowers. Kasi agreed and recommended that we make it bright and cheerful while remaining calming and serene. I thought that would be a difficult balance to achieve, yet when “Garden Party” blossomed on my wall, I realized my friend had captured it perfectly.

    After: The “Garden Party” in full bloom.

    So now when you’re watching my Raxis videos on YouTube or social media, you’ll be treated to this beautiful piece of art. And my fallow green wall is now in permanent bloom.

    If you love Kasi’s artwork as much as I do, check out her instagram, @kasirliving and her Facebook page: Kasi Reilly Living.

  • It Might be a Phishing Attempt . . .

    Hackers and cybercrooks use lots of tools to get into your network and steal your information, but the cheapest, easiest, and most common is still by email phishing. Effective spam and virus filters can shield you from a lot of these attempts, but certainly not all. The most effective way to protect yourself is to educate your team. Toward that end, here is yet another reminder about some tell-tale signs in an email that it might be a phishing attempt. Of course, there are some other signs that tell you it’s definitely a phishing attempt.

    • If your CEO suddenly asks you to buy a ton of gift cards, it might be a phishing attempt. If she’s the type who also frets over the cost of paper clips, it’s definitely a phishing attempt.
    • If it’s a random news story from an outlet you don’t follow, it might be a phishing attempt. If the link points to http://mailorderbrides.someassemblyrequired.com, it’s definitely a phishing attempt.
    • If you see .ru in the email anywhere, it might be a phishing attempt. If it’s written in Cyrillic script, it’s definitely a phishing attempt.
    • If you vaguely remember your network admin warning you about the sender, it might be a phishing attempt. If she’s running toward you, waving her arms wildly, and shouting “nooooo!” it’s definitely a phishing attempt.
    • If it’s an unsolicited email, even from a reputable company, it might be a phishing attempt. If it’s from Facedook, Amazom, Microsfot, or Gooogle, it’s definitely a phishing attempt.
    • If your friend says she’s stranded in Japan, it might be a phishing attempt. If she hasn’t traveled outside the city since ‘N Sync broke up, it’s definitely a phishing attempt.
    • If it’s about your benefits or salary and you had no prior notice from HR, it might be a phishing attempt. If they misspelled HR, it’s definitely a phishing attempt.
    • If it’s from your significant other reminding you to bring home coffee, it might be a phishing attempt. It’s probably not a phishing attempt, but now you have a (lame) excuse if you forget.

     

  • Raxis Cares: When COVID-19 Comes, Creatives Pivot

    Penetration testing experts are perfectly poised to work within our new social distancing guidelines, but performing artists have been uniquely impacted by COVID-19: without an audience, the show simply cannot go on.  

    As a presenting sponsor of the Georgia Metropolitan Dance Theatre, Raxis was heartbroken when their recent performance of Coppélia and the Magical Toy Shop was canceled, but we are at least able to share one special element from the program – and introduce you to the work of Amy Rust, an aspiring graphic designer who is passionate in the performing arts as well. Amy collaborated with Raxis to produce our program ad for Coppélia, seen in this stunning layout: 

    Coppélia Ad by Amy Rust

    Coppélia Ad by Amy Rust

    Amy will attend the University of Georgia in the fall, where she plans to combine her creative energy and expertise with a major in graphic design and a minor in dance. Here’s how she created her original design: 

    Being a ballerina, I was already familiar with Coppélia and the storyline, so I was very excited to get started right away! I first started off by writing down all my ideas, and, after much deliberation, I was able to narrow it down to a single one. Then I moved onto the visual part of the ad by looking online and watching the ballet as inspiration, and then sketching out different designs for the ad until I created a sketch with which I saw great possibility. Using my graphic design skills, I took to Adobe illustrator to create my masterpiece in vector form. I made the base image using my sketch and then, after careful consideration, chose the colors based off the cover to ensure the ad was visually complementary. Last, I made finishing touches to the layout of the ad and added small details that really brought the ballerina to life.” 

    Amy Rust

    We wish Amy and her fellow class of incoming UGA Bulldogs the best of luck in 2020 and can’t wait to see all our GMDT dancers soon on stage! 

  • Raxis Cares: Passing Along the Passion

    Our work at Raxis is highly specialized, often mysterious, and sometimes even suspicious to those outside our field. That makes it exceptionally rewarding when we have an opportunity to share what we do with the next generation.

    Alexis is a senior in high school this year, and the COVID-19 emergency has caused her to miss out on some of the memories that make that such a special time in life. We’re very proud that she got to be a part of the Raxis family for a little while during her last semester and even prouder that it was the rewarding experience she describes in her note below.

    “For my senior project I chose a topic that was so complex and one that I had no prior experience with — penetration testing. I had an awesome mentor, Bonnie Smyre, who is chief operating officer at Raxis, and she made it so interesting to learn all about the world of cyber security – specifically, what pen testing is and the whole process behind it. The folks at Raxis were so sweet and kind and they just made it a fantastic time to both learn and have fun. As I move on to college, I want to have a work environment just like they have at Raxis, where everyone is so welcoming to others, where communication is completely transparent, and a place that is just overall fun to be around! I want to thank both Bonnie and all the others at Raxis for giving me this opportunity to be able to see and learn the behind the scenes of it all. It was so much fun having Bonnie as my mentor and I had a complete blast learning everything!”

    Alexis Chiem
    Hillgrove High senior Alexis Chiem and Raxis COO Bonnie Smyre
  • An Earth Day Message from Raxis

    With our planet in the grips of the COVID-19 pandemic, Earth Day 2020 definitely has a different vibe this year. In some ways, the virus serves as a reminder of how closely connected we are to one another and how little control we actually have over nature. Our activities can severely impact it, and our technology can sometimes predict it, but all it takes is a tiny strand of RNA to remind us that we are inhabitants of Earth and not its masters.

    If there can be any upside to this worldwide tragedy, it may be that many more businesses are coming to understand the benefits of allowing team members to work from home. At Raxis, we’ve enjoyed those advantages since we launched the company in 2011. For us, it makes sense on many levels.

    Atlanta is a large city and, no matter where we put an office, some of us would face commute times of an hour or more. As penetration testers, we have little need to share infrastructure or applications – we have our own tools and leverage VPNs. We have also become experts at online chat and audio/video conferencing, and we hold frequent team-building events to nurture camaraderie and friendship.

    For Raxis, the remote-work model continues to pay dividends in terms of productivity and quality of life – but that’s just at the company level. What’s really exciting is to think about the prospect that thousands of other businesses might now join our ranks. That’s because, in the few short weeks that COVID-19 has forced us to stay home, we’ve seen air quality improve around the world and greenhouse gas emissions dropping dramatically. Fewer cars on the roads also means fewer accidents and lower insurance costs. And for many, less time in their vehicles has meant more time with family, hobbies, and exercise.

    We won’t miss social distancing but imagine the improvements we could see over the long term if remote work becomes the norm.

    As a cybersecurity company, we can’t ignore the potential threats from hackers and scammers. In fact, my Raxis colleagues and I spend a lot of time warning businesses and their employees about the risks of working from home. With diligence and appropriate safeguards in place, however, a home office isn’t necessarily less secure than a traditional office.

    Of course there are also many who cannot work from home – police, first responders, emergency room personnel, to name just a few. Even so, their working conditions could well improve if more of the rest of us do stay home. In addition to making the highways safer, for example, less congestion means emergency personnel can get to the people who need them faster. Stores, restaurants, gyms, and salons could see customer traffic spread more evenly throughout the day. All of this would likely mean less of a burden on our federal, state, and local employees as well.

    Still, it would be naïve to think that the COVID-19 emergency on its own will cause an immediate and fundamental change in the way the world does business. It’s likely that these blue skies will fade a bit when people go back to work and the pace of life picks back up. But it’s also possible that this terrible pandemic has come with a silver lining – a brief glimpse at the benefits of living and working more sustainably.

    Our hope for this Earth Day is that the time we’ve spent away from the office has given us time to consider whether so many of us need one at all.

     

  • Bonnie featured in VoyageATL interview!

    We’re so very proud to have Bonnie on our team at Raxis.   Check out her VoyageATL Interview!

    Transcript from the Interview, courtesy of VoyageATL:

    “Today we’d like to introduce you to Bonnie Smyre.

    Bonnie, please share your story with us. How did you get to where you are today?

    When I graduated from the University of North Carolina, I wanted to work in international sales. Fast forward a few years and a job at BellSouth International in Midtown and the Southern Center for International Studies in Buckhead led me down an unexpected route. I became interested in technology, specifically databases and computer programming.

    When I found an opportunity to work in both these fields at my alma mater, I returned to UNC and worked at IT departments on campus, at UNC’s School of Government and finally at the state PBS station, UNC-TV. As over fifteen years went by, I kept in touch with friends in the Marietta area where I had grown up.

    Mark Puckett, Raxis’ owner and visionary, and his wife Alison came to see me perform in an improv show up in Carrboro, NC. We started chatting about Raxis, his boutique information security company and needs he had within the company. In less than a year, I had moved back to Marietta and had filled the role of COO as well as becoming one of the penetration testers at Raxis.

    Overall, has it been relatively smooth? If not, what were some of the struggles along the way?

    I believe everyone can look back on times that were a struggle, but I also feel that people who find their way and love what they do appreciate what those times teach them. For me, I’ve had some jobs that were energizing and exciting that later became stagnant and sometimes toxic. I can remember wondering if I could update my resume enough to escape and find something fun.

    But looking back, I’m appreciative of those times because I learned that I won’t settle in my career or in my life and that I don’t want to be a part of an environment that makes others settle either. When Mark asked if I would be interested in running operations at Raxis, my first thoughts were that I would be leaving North Carolina where I had lived for fifteen years as well as leaving software development, a career that I had enjoyed for even longer.

    My second thought was absolute excitement that I had an opportunity to become an integral part of Raxis, and, from that moment I haven’t looked back. I joined Raxis in 2013 part-time and then, in 2014, I moved back to Marietta and joined Raxis full time, taking over scheduling and employee support as well as reporting. Things can get hectic, especially in the fall and towards the holidays when many customers realize that they’d better complete their pen test by the end of the year.

    Juggling penetration testing along with my operations tasks can make my head spin sometimes! Scheduling is very interesting to me. At Raxis, we aim to customize each engagement to meet the customer’s needs as best as possible. I’m working with a limited number of pen testers, and sometimes I have to shut out outside noise and focus on the puzzle pieces until I can make them fall into place.

    In the end, though, I’ve loved every minute since I’ve been at Raxis, even if sometimes it’s in retrospect!

    Please tell us about Raxis.

    I’m very proud to be a part of Raxis. When Mark started the company himself in 2012, he made the sales, ran the business and did the penetration tests himself. Over the next few years, he brought in Raxis’ first employees, including our CTO, Brian Tant, who is amazingly creative both technically and in social engineering engagements. Since I joined in 2014, we’ve brought in several more talented folks, but we still pride ourselves in being small enough to be able to accommodate the needs of all types of customers.

    We focus on information security tests, including network penetration tests as well as web and mobile application tests and code reviews. We also have a lot of fun with social engineering tests, whether onsite or using phishing emails and calls. The goal of all of these tests is to help our customers learn how their companies could be affected by hackers of all types. We always say that it’s better to learn about that in a Raxis report than to learn about it after a hacker has been in your systems.

    Last year we introduced the Raxis Transporter device which allows us to perform onsite work remotely. For many of our customers, the cost savings of not paying for a consultant onsite makes all the difference. Many customers also leave the device in place so that Raxis employees can perform incidence response (IR) work quickly if there is a security event.

    I especially take pride in our process and our reports. As more rules and regulations are created in answer to high profile hacks, increasing numbers of companies are interested in penetration tests. But, even though it’s a positive goal, it’s still going to feel unsettling to invite technical experts in to attempt to break into the systems that are your bread and butter. We pride ourselves in making that process calm and easy on the customer.

    I run project management at Raxis, and I strive to keep all customers informed throughout the process. They know how to reach us, and they also know we’ll let them know if they have critical issues that they should jump on immediately. In the end, though, the customer is left with a report and the knowledge that Raxis is only a phone call away for their next annual test, remediation consulting or incidence response work in the event of an outside hack.

    When we walk away, I want that report to be a tool for our customers to use throughout the year. My wish is that they call us back the next year and that we are unable to exploit any of the previous vulnerabilities because the report was so useful that their teams were able to remediate all of the issues. There are a lot of good information security firms out there, but I’m very proud of the work that we do and feel that we can truthfully say that we are one of the best.

    Is our city a good place to do what you do?

    Atlanta has been great to us. Over the years several tech companies have flourished here.

    We’ve found many customers in Atlanta and the neighboring regions because it’s such a great environment for companies of all sizes. And when we travel to locations all over the US & Canada, we’re lucky enough to have the world’s busiest airport ready to take us there!

    Among Raxis’ customers are a number of Atlanta based Fortune 500 companies. In fact, our CEO, Mark Puckett, and CTO, Brian Tant, met while working at The Home Depot, one of Atlanta’s very own multi-million dollar businesses. Atlanta is such an important hub for the South that we also find several customers within the large group of companies that choose to open regional offices here. We’ve enjoyed working with local companies of all sizes and also pride ourselves in treating smaller companies with the same respect and consideration as larger companies.

    Many of our customers have told us stories of failed past penetration tests where the vendor they hired did not listen to them or take the time to understand their needs. I love that Atlanta prides itself on supporting companies of all sizes flourishing. Some of our most loyal customers are small local companies… but I wouldn’t be surprised if you hear their names in the coming years!

    Raxis employees all work virtually, so we’ve had employees working from offices all over the US. Atlanta is a city filled with talented people, though, and many of Raxis’ employees live right here in Marietta. We’ve never had trouble finding great employees right here at home.

    Though I truly enjoyed my time in North Carolina as well as the locations I see in my job with Raxis, I’m always happy to be back at home in Atlanta. I enjoy living and working here. Atlanta truly is home.”