I write for infosec auditors, pentesters, and risk assessors - about each other and a lot more.

Sign in Subscribe

How to get job as entry level candidate in cybersecurity

How to get job as entry level candidate in cybersecurity

Recruiters are noticing that while there are vacancies in information security, very few are entry level. Almost every job asks for prior experience. This article lists some tips for people who want a job in cybersecurity as a fresher, listing some dangers, risks, and mechanisms to overcome those.

Bored of working in an Indian Bank as auditor or risk assessor? Remember the promise...

Bored of working in an Indian Bank as auditor or risk assessor? Remember the promise...

Banking is a boring job for many. Lot of processes, forms to

Spoke at CPE session, ISACA Muscat Chapter

where-is-the-risk

Spoke at CPE session, ISACA Muscat Chapter

What is a web application firewall, how does it work, how to audit it, how to assess risks around a web application firewall.

There is value in becoming a fully-integrated tester…

There is value in becoming a fully-integrated tester…

...pentester should strive to move from 'vulnerability' to 'risk'.

There will be customers who wouldn’t want you to become domain admin…

There will be customers who wouldn’t want you to become domain admin…

…While becoming domain admin is an admirable milestone, not every customer would want you to become domain admin. Here’s why.

Business will expect you to support them in non-pentesting activities...

Business will expect you to support them in non-pentesting activities...

...supporting business will help you learn the big picture and will make you better. Don't skip it, when asked. Third in the 'things no pentest course will teach you' series, this post talks about activities that a pentester can support a business into, and how a pentester will benefit out of them.

To business, pen-testers are like jumbo-jets...

To business, pen-testers are like jumbo-jets...

...profitable only when on-air, expensive when in hanger. Second in the 'things no pentest course will teach you' series, this post talks about how business looks at pentesters, and what a pentester needs to keep in mind during their career.

Not every customer wants you to become domain admin...

Not every customer wants you to become domain admin...

...and other truths that no pen-testing course will teach you. Penetration testing (and security assessments in general) has evolved a lot in the last decade or so. This series of posts is about the other side of the fence.

You are one cog in the wheel...

You are one cog in the wheel...

Pen-tester is a very important role in a pen-testing business. However, there are other people and skills required before the business takes off and money starts rolling in. Read on to know more...

Ask for this first, when you join as a CISO

Ask for this first, when you join as a CISO

As a CISO, ensure that you ask for this thing, as soon as you join an organisation. This will increase your chances of securing the organisation.

6 elements that every penetration test report must have

6 elements that every penetration test report must have

Customer pays for the report, not for pentest. Here are the 6 important items that must be present in every penetration test report. Have a read.