Social Network For CISO (Chief Information Security Officers)
80/20 rule (also known as Pareto Principle) is one of the most beautiful rules which helped me to achieve as well as fail. In most of the cases where I went wrong it finally turned out to be figuring out the “right few”. This is probably one of the most elusive rules. It is easy to understand but extremely difficult to practice.
#1: Know yourself before your enemy does.
I remember in a recent conference the speaker asked the audience…Continue
Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our first version of automated Penetration Testing Tool at iViZ. Where it did not help is in…Continue
Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program. Definitely bug bounty program has the advantage of crowd sourcing. However an organization should be mature and prepared enough to launch such a program. Here are some questions which shall tell you if you are prepared or not. You are ready…Continue
From our experience of helping organizations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously the management is extremely busy and has got too many priorities. It is natural to get into managing whirlwinds. So, I wanted to define a few questions which can help you to find out how robust is your application security management program? Not just that, by…Continue