M S Sripati
I am in information security professional, trying to strike a balance between compliance & assessment. This is my personal blog / website / resume.
You can find few of my selected posts below. A list of all posts is available. RSS feeds are available as well.
My other social media outlets can be seen on the left hand side of this site.
Featured Writings
Do not kill your pentester for little or no value-add
Disclaimer: This would be a long post (culmination of many old posts) with lot of different opinions, thoughts. If weaving is not right, please provide feedback on how it could be corrected. I had the good fortune of reading couple of threads by gentlemen whom I respect for their grounded advices. Their posts triggered some … Continue reading Do not kill your pentester for little or no value-add
How should a CISO deal with XSS?
I got many comments (thank you everyone, as i learnt a lot) for my article that i published some time back. I realized that i need to explain my thoughts in a different way (as many people were of view that i am championing a person-with-no-technical-knowledge as CISO. In order to explain my thinking, let’s … Continue reading How should a CISO deal with XSS?
Please don’t kill your CISO for not knowing how a virus works
I came across this rant (with the usual don’t-kill-me-am-just-making-a-random-statement-and-fully-intend-to-get-away-with-it disclaimer) on LinkedIn about how CISO’s are clueless about how a virus works, even with CISA/CISM and a decade’s experience under their belt. It got me seething about how this statement is wrong on so many levels, but then I decided to marshal it in a … Continue reading Please don’t kill your CISO for not knowing how a virus works
Bait for Your Identity
I overheard this interesting talk last sunday while harassing some poor developer to close an NC, have a dekko. But before that, a very short intro of the characters. Character #1 — Baba Gyandev, aka if-google-had-a-body-this-would-be-it, BG in short Character #2 — Baby Busy, aka this-will-never-happen-to-me, BB in short, BG’s follower#1 Character #3 — Paranoid Pandu, aka even-my-breadth-should-be-encrypted-to-save-it-from-sniffing, PP in short, … Continue reading Bait for Your Identity
ISO 27001 : A Business View
Hi People, I am back after a strong lethargic break. Before i go back to hibernation (i can promise that i will be regular from now onward, but people who know me will differ — and i don’t blame them, either — but i digress), let me share a presentation that i did for a NULL meeting (what? You … Continue reading ISO 27001 : A Business View
