Sign in Subscribe

Sripati MS

Want to fight alert fatigue (in SOC)? Do this...

Want to fight alert fatigue (in SOC)? Do this...

Alert fatigue happens when a soc analyst ends up looking at too many alerts, resulting in missing crucial alerts. So, what's the way out? Read on.

Security is a cost centre

Security is a cost centre

security is a cost centre in every company, except ...

You are not getting value from pen-tests. Here are 5 reasons why.

You are not getting value from pen-tests. Here are 5 reasons why.

Penetration testing is a part of most of security regulations now. However, regulatory compliance need not be the only value proposition.As a customer, there could be 5 reasons why you are unable to get more value out of pen-tests. Have a read.

Try these tools to prepare your pentest report

Try these tools to prepare your pentest report

Everyone dreads preparing report, post-work. However, it is extremely important for the

6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF)

6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF)

Web Application Firewall (WAF) has become a security imperative and absence of a WAF gets raised as a risk or an audit finding. However, many auditors and risk assessors miss some or all of the below 6 important areas related to WAF. So, here they are.

Vulnerability, Control, and Risk are not same

where-is-the-risk

Vulnerability, Control, and Risk are not same

As Pentester, auditor, or risk assessor, it is important to understand difference

Offense is not the sexiest game in town, defense is...

Offense is not the sexiest game in town, defense is...

To all those system and network administrators out there, who are thinking of jumping onto the infosec bandwagon, pentesting style because of the glamour quotient, remember - defense is better than offense. Read on...

Are you a top-down or bottoms-up person? it will matter while switching career in cybersecurity

Are you a top-down or bottoms-up person? it will matter while switching career in cybersecurity

Are you a top-down or bottom-up person? Answer to this question will be important if you are thinking about a switch into cybersecurity or move laterally within cybersecurity. Read on.

Who am I...

Who am I...

I am an information security professional. I have some scary certifications that make people think highly of me till i open my mouth. Well…. This personal site / blog is my attempt to write about information security the way I want.

'Lack of CAPTCHA' is not always a valid vulnerability or risk

where-is-the-risk

'Lack of CAPTCHA' is not always a valid vulnerability or risk

CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.

Risks of a cybersecurity career

Risks of a cybersecurity career

Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks.

A Day in a Pen-tester’s life

A Day in a Pen-tester’s life

My 2 cents on a day in a pentester's life, from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting!