M S Sripati
I am in information security professional, trying to strike a balance between compliance & assessment. This is my personal blog / website / resume.
You can find few of my selected posts below. A list of all posts is available. RSS feeds are available as well.
My other social media outlets can be seen on the left hand side of this site.
Disclaimer: This would be a long post (culmination of many old posts) with lot of different opinions, thoughts. If weaving is not right, please provide feedback on how it could be corrected. I had the good fortune of reading couple of threads by gentlemen whom I respect for their grounded advices. Their posts triggered some … Continue reading Do not kill your pentester for little or no value-add
I got many comments (thank you everyone, as i learnt a lot) for my article that i published some time back. I realized that i need to explain my thoughts in a different way (as many people were of view that i am championing a person-with-no-technical-knowledge as CISO. In order to explain my thinking, let’s … Continue reading How should a CISO deal with XSS?
I came across this rant (with the usual don’t-kill-me-am-just-making-a-random-statement-and-fully-intend-to-get-away-with-it disclaimer) on LinkedIn about how CISO’s are clueless about how a virus works, even with CISA/CISM and a decade’s experience under their belt. It got me seething about how this statement is wrong on so many levels, but then I decided to marshal it in a … Continue reading Please don’t kill your CISO for not knowing how a virus works
I overheard this interesting talk last sunday while harassing some poor developer to close an NC, have a dekko. But before that, a very short intro of the characters. Character #1 — Baba Gyandev, aka if-google-had-a-body-this-would-be-it, BG in short Character #2 — Baby Busy, aka this-will-never-happen-to-me, BB in short, BG’s follower#1 Character #3 — Paranoid Pandu, aka even-my-breadth-should-be-encrypted-to-save-it-from-sniffing, PP in short, … Continue reading Bait for Your Identity
Hi People, I am back after a strong lethargic break. Before i go back to hibernation (i can promise that i will be regular from now onward, but people who know me will differ — and i don’t blame them, either — but i digress), let me share a presentation that i did for a NULL meeting (what? You … Continue reading ISO 27001 : A Business View