Start here
Welcome to my home in the ether. Thank you for signing up as a member to this site (What, you haven't yet? nudge, nudge).
Once you become a member, you will start receiving posts & my newsletter (Risky Context) right in your inbox.
My name is Sripati and it has been 20 years since I started working; almost all of it is in information security.
Not everything was hunky-dory in this journey, however.
Praises, brickbats, warts, wounds, and all - that's my journey.
Who am I? And why I am blabbering about it, here, in public?
Because you should not make the same mistakes. You go make different ones.
This blog is a collection of posts, from my past to my present and future self. A compendium of my learnings in infosec.
It is only useful for penetration testers, security auditors, security risk assessors, decision makers, and people who want to join this field.
My site is not useful for anybody else.
So don't visit this site or join the mailing list if you are not a pentester, auditor, risk assessor, decision maker, or someone looking to join this field.
- There are things about infosec that one needs to know about, before deciding to join this. FOMO won't help. Information in this site can.
- Need to learn without waiting for experience to teach it to you? I can help.
- AI is slowly eating away the low hanging vulnerability scans and penetration tests. It helps if you can pivot from pentest to audit or risk assessments. But what does that mean? I can tell you.
- This field is not just pen-testing. There are lot of other career options. I can help you peek into them, to make a better and informed decision.
This site is useful to you, if ...
- You are a pentester and want to know what other things you can do.
- You are a pentester and wonder how you can add more value to your employer and customer.
- You happen to be a security auditor and wonder if you could become a pentester and what it entails.
- You happen to be a pentester and want to know more about the allied areas in information security (e.g., auditing, risk assessment, being a CISO, etc.).
- You have been wanting to become a security auditor or a risk assessor but need a taste of what it entails.
- You want to make a switch into security.
- You want to understand infosec in a top-down manner.
- You want to know what this 'top-down' manner is all about.
- You want to be a CISO and want to read more about what it entails.
If you are a pentester, here are some posts.
I have observed security leaders and have gathered some tips. Here they are.
If you are auditor or risk assessor, here are some food for thought.
At the intersection of pentest, auditing, risk management and career advice. Musings based on real experiences, not theory. All infosec, mashed up.
See you around!