ciso Ask for this first, when you join as a CISO As a CISO, ensure that you ask for this thing, as soon as you join an organisation. This will increase your chances of securing the organisation.
pentester 6 elements that every penetration test report must have Customer pays for the report, not for pentest. Here are the 6 important items that must be present in every penetration test report. Have a read.
career-advice On cocktail JDs in infosec and why they will keep coming... How is having 5 years of experience as C++ developer relevant for a CISO role? This is the age of cocktail JDs. I think they will keep coming for some time. Read to know why.
pentester Don't focus on admin certs when you want to become a Pentester. However... focussing on administrative certifications while aiming to be a pentester - could be a waste of time. I try to explain 'why' and 'what to do instead' in this post.
management appeared on br3akpoint with neelu tripathi So, this happened. I appeared on a podcast. br3akpoint by Neelu Tripathy. spoke about ISO 27001, implementation challenges, and other nuances related to it.
management Remember this clause while any enterprise application is being finalised for purchase How to ensure that, as a CISO, all the tools are properly integrated with your SOC?
defense Want to fight alert fatigue (in SOC)? Do this... Alert fatigue happens when a soc analyst ends up looking at too many alerts, resulting in missing crucial alerts. So, what's the way out? Read on.
ciso You are not getting value from pen-tests. Here are 5 reasons why. Penetration testing is a part of most of security regulations now. However, regulatory compliance need not be the only value proposition.As a customer, there could be 5 reasons why you are unable to get more value out of pen-tests. Have a read.
tools Try these tools to prepare your pentest report Everyone dreads preparing report, post-work. However, it is extremely important for the
risk-assessor 6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF) Web Application Firewall (WAF) has become a security imperative and absence of a WAF gets raised as a risk or an audit finding. However, many auditors and risk assessors miss some or all of the below 6 important areas related to WAF. So, here they are.
where-is-the-risk Vulnerability, Control, and Risk are not same As Pentester, auditor, or risk assessor, it is important to understand difference