Risky Context

Risky Context

Home
Notes
Chat
Archive
About
6 elements that every penetration test report must have
Important disclaimer - it is very important that you vet the report template with the customer before you start the engagement.
  Sripati MS
6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF)
Web Application Firewall (WAF) has become a security imperative and absence of a WAF gets raised as a risk or an audit finding. However, many auditors…
  Sripati MS
Try these tools to prepare your pentest report
Everyone dreads preparing report, post-work.
  Sripati MS
You are not getting value from pen-tests. Here are 5 reasons why.
Penetration testing is a part of most of security regulations now. However, regulatory compliance need not be the only value proposition.As a customer…
  Sripati MS
How to get job as entry level candidate in cybersecurity
Here are some ways for an entry level guy to enter into this field. Remember - very few people can do all the things that are listed below.
  Sripati MS

Recent posts

View all
Risky Context, W3
Welcome everyone, to another edition of 'Risky Context'.
  Sripati MS
Bored of working in an Indian Bank as auditor or risk assessor? Remember the promise...
Banking is a boring job for many.
  Sripati MS
Spoke at CPE session, ISACA Muscat Chapter
So, this happened.
  Sripati MS
Risky Context W2: Key Themes and Insights on Cybersecurity Careers
This edition summarises a series of articles from my blog "Risky Context" on various aspects of cybersecurity careers.
  Sripati MS
Risky Context W1
Unspoken aspects of a career in Penetration Testing
  Sripati MS
There is value in becoming a fully-integrated tester…
What’s integration?
  Sripati MS
There will be customers who wouldn’t want you to become domain admin…
Regulation is still the driving force behind the pentesting industry.
  Sripati MS
Business will expect you to support them in non-pentesting activities...
This is part of a series of posts, first one here.
  Sripati MS
To business, pen-testers are like jumbo-jets...
...profitable only when on-air, expensive when in hanger.
  Sripati MS
Not every customer wants you to become domain admin...
Penetration testing (and security assessments in general) has evolved a lot in the last decade or so.
  Sripati MS
You are one cog in the wheel...
… a very important one, but few more are needed before a business takes off and money starts rolling in.
  Sripati MS
Ask for this first, when you join as a CISO
No, it is not bigger team, corner office, or that new tool promising to remove all your infosec worries.
  Sripati MS
Risky Context
Risky Context
Weekly dose of experience, for infosec auditors, pentesters, and risk assessors. For top-down guys (https://sripati.info/it-matters-in-cybersecurity-if-you-are-a-top-down-or-bottoms-up-person/).
© 2026 Sripati MS · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture