CTO – Shearwater Solutions

About Mark Hofman

Mark Hofman is the Chief Technology Officer at Shearwater Solutions and has over 25 years’ experience in ICT Security. He has worked for both private industry and government and has provided a wide range of information security consulting services to numerous organisations, including the financial sector, private sector, and government organisations.

Mark is currently a certified instructor for the SANS Institute. He has had a number of publications, has trained and lectured internationally, and is a handler for the Internet Storm Center. Mark holds professional certifications, including CISSP, GIAC GCFW, CompTIA Security+ and BSI lead auditor accreditations.

Entries by Mark Hofman

Business Email Compromise – Advisory

2019-10-25 in IT Security Insights, Security Awareness Articles /by Mark Hofman

Business Email Compromise (BEC) attacks are increasingly prevalent. While there are several varieties of BEC attacks, the majority manifest themselves as follows: A phishing email is sent to an intended target. The target is prompted to enter their credentials on a website, after which the attacker gains access to their mailbox. Typically, a forwarding rule […]

PCI DSS Update: Version 3.2.1

2018-12-06 in PCI DSS Compliance Insights /by Mark Hofman

SAQ-A 6.2 – This one inclusion has changed the way we need to look at web servers. PCI DSS version 3.2.1 was introduced earlier this year. Until the end of the year you can still assess against the previous version, but time is soon running out. One of the changes introduced isn’t in the standard […]

How to set up the right Vulnerability Management processes

2017-12-07 in IT Security Insights /by Mark Hofman

Managing your network vulnerabilities and identifying the right vulnerability management processes can be complex. Whilst finding and prioritising vulnerabilities are the responsibility of the security leader, the speed at which these vulnerabilities are remediated is dependent on other people in your organisation. System architects and administrators, IT managers and system owners all play a part […]

PCI DSS v3.2 Changes

2016-04-29 in PCI DSS Compliance Insights /by Mark Hofman

As you may be aware the security issues relating to SSL and early TLS prompted the Payment Card Industry Security Standards Council (PCI SSC) to issue a new version of the Payment Card Industry Data Security Standard (PCI DSS) and supporting documents. This release v3.1 (April 2015) included a deadline for moving away from SSL […]

PCI-DSS & PA-DSS Changes to REQ 4.1

2015-02-13 in PCI DSS Compliance Insights /by Mark Hofman

1- Background The Payment Card Industry Security Standards Council (PCI SSC) has issued a bulletin flagging a change in the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA DSS). This change will affect all those that are required to implement either standard. As you may be aware […]

What is Payment Card Industry Data Security Standard?

2012-10-15 in PCI DSS Compliance Insights /by Mark Hofman

Today I’ll provide an overview of what is often the elephant in the room: What is Payment Card Industry Data Security Standard? Unlike ISO 27001 where shades of grey are acceptable, in PCI DSS things are very much black and white, with some wiggle room although limited and realistically only if you can convince the […]

About Mark Hofman

Entries by Mark Hofman

Business Email Compromise – Advisory

PCI DSS Update: Version 3.2.1

How to set up the right Vulnerability Management processes

PCI DSS v3.2 Changes

PCI-DSS & PA-DSS Changes to REQ 4.1

What is Payment Card Industry Data Security Standard?

Consulting & Compliance

Penetration Testing

Managed Services

Training & Education

Subscribe to Our Security Updates