Behind the Firewall ft. Mark Dube

by Morgan Prost / July 1st, 2026

As far as they were aware, they weren’t storing card data at all. 

It started like any other assessment. Routine, methodical, and expected. 

Then we brought in our Penetration Tester Mark Dube, and what he uncovered wasn’t just a few technical missteps — it was a wake-up call.

While performing file share enumeration, Mark stumbled upon something alarming: 50,000 credit card numbers and 175,000 instances of first names, last names, Social Security numbers, and dates of birth sitting in a file share accessible to anyone in the company. 

Unguarded, unmonitored, and completely exposed.

By diving into the application’s workflow, he discovered something even more unsettling: there was no evidence of encryption for cardholder data. As far as they were aware, they weren’t storing card data at all. 

If you haven’t looked deeply into your file shares, your workflows, or your assumptions about data storage, now is the time. Don’t wait for an audit to reveal the truth. Let’s uncover it together.