pritha's Posts (572)

Sort by

In the fast-evolving landscape of cybersecurity, staying informed about recent breaches and understanding their legal implications is crucial for security professionals. In this blog post, we delve into the SolarWinds breach, examining the legal facets and the potential ramifications for Chief Information Security Officers (CISOs) and their organizations.



Matthew Rosenquist (moderator) With a staggering 35 years in the cybersecurity industry, Matthew Rosenquist brings a wealth of experience to the table. Not just a CISO, he is a cybersecurity strategist and industry adviser. His spirited moderation guides us through the legal intricacies of the SolarWinds saga.

Jim Routh (speaker) is the Chief Trust Officer at Saviant, stands out as a luminary with over 22 years in cybersecurity leadership. Having served as CISO and board member for giants like JP Morgan Chase and KPMG, his insights promise to dissect the legal implications of the SolarWinds breach.

Michael W. Reese (speaker) is the frontline CISO of Charge EPC, brings a unique perspective with 17 years in cybersecurity. His experience as a director, CISO, and adjunct professor offers valuable insights into how legal ramifications impact the daily battles of securing organizations.

We would like to thank our speakers and community Partner FireCompass for supporting the webinar. FireCompass is recognized as a leader by Gartner in Continuous Pen Testing, Red Teaming and Attack Surface Management. FireCompass is trusted by Top 10 Telcos, Fortune 500 companies and also mid market companies.


Panel (Recorded)


The discussion begins with a closer look at the charges filed against SolarWinds. Each speaker offers unique perspectives on what the SEC complaint entails. There's a focus on the legal requirements for public companies, emphasizing the SEC forms (S1, S8, 8K) and the obligation to provide accurate and timely information to investors. The nuances of how the SEC perceives intentional deception by the company and the CISO are explored, setting the stage for a comprehensive understanding of the legal intricacies.


Corporate Policies vs. SEC Guidelines: A Delicate Balancing Act

Jim Routh adds valuable insights by highlighting the corporate policies that often dictate the process of notifying regulators. The conversation navigates through the role of legal departments and the responsibilities they bear in the face of security incidents. The delicate balance between corporate policies and SEC guidelines is scrutinized, raising questions about who holds ultimate responsibility for the accuracy and legitimacy of the content in regulatory filings.


The Unraveling Precedent: Implications for the Industry

The panelists express concerns about the precedent set by the SEC in this case. They argue that the enforcement action might have broader consequences for the industry, potentially hindering the timely sharing of sensitive information with regulators. The discussion emphasizes the need for a cooperative approach between regulatory agencies and private enterprises to bolster cybersecurity resilience.


Understanding the Landscape

The Ever-Expanding Terrain:

Since the onset of the COVID-19 pandemic, the cybersecurity landscape has stretched beyond the confines of corporate walls, reaching into the homes of employees. This expanded terrain presents a new challenge – managing and securing a vast environment. The trio emphasizes the need for a comprehensive understanding of every asset, both inside and outside the traditional corporate infrastructure.

The Shift in Mental Paradigm:

Matthew Rosenquist emphasizes the mental shift required for CISOs. The game has changed, demanding meticulous documentation and transparency. In an era where hiding vulnerabilities is no longer an option, honesty, collaboration, and accountability become paramount.


Legal Implications and CISO Ramifications

Documenting Roles and Responsibilities:

One key takeaway is the importance of clearly documenting the roles and responsibilities of a CISO. This includes defining the extent of their authority, ensuring transparent approval processes, and facilitating seamless communication with upper management, the C-suite, and investors.

Navigating the Legal Landscape:

Jim Routh highlights the weaknesses in identity access management practices within a DevOps process, especially in the context of a cloud-first model. He stresses the necessity for enhanced controls tailored to the nuances of a cloud-based software supply chain.

Negotiating for Personal Protection:

In response to the evolving landscape, Michael W. Reese suggests that CISOs should consider negotiating clauses that allow them to have a private attorney review legal documents before public disclosures. This move seeks to address potential conflicts of interest and ensures independent legal counsel for personal protection.

Embracing Ethical Practices:

The experts advocate for a robust Ethics program, fostering an environment where potential deceptive practices are flagged early on. Having an Ethics Committee in place can provide an additional layer of scrutiny, ensuring that disclosures align with ethical standards.


Moving Forward: Advice for CISOs

Proactive Indemnification:

Jim Routh emphasizes the need for CISOs to be proactive in negotiating indemnification protections. This includes securing coverage for personal legal defense, separate from the legal representation provided to the enterprise. This proactive approach aligns with the changing dynamics in the cybersecurity landscape.

Shaping the Future CISO Role:

Michael W. Reese envisions three fundamental changes in the CISO role: enhanced identity access management processes, increased influence over security incident reporting, and a shift in focus during negotiations, where CISOs spend more time negotiating indemnification protection.



As we navigate the aftermath of the SolarWinds Breach, CISOs find themselves at a pivotal juncture. The path forward involves embracing transparency, negotiating for personal protection, and actively shaping the future of the CISO role. Matthew Rosenquist, Jim Routh, and Michael W. Reese provide invaluable insights, setting the tone for a new era in cybersecurity.

Join the Conversation

Ready to engage with the cybersecurity community? Join CISO Platform, where professionals gather to share knowledge, experiences, and insights. Strengthen your network, stay informed, and be part of the conversation that shapes the future of cybersecurity.

Read more…

Our community members Prabhakar Ramakrishnan (CISO, TNQ Publishing) and Dr. Jagannath Sahoo (CISO, Gujarat fluorochemicals) are speaking on “Digital Personal Data Protection (DPDP): Practical Approaches For CISOs”

The bill aims to protect individual data and regulate data practices. CISOs should be aware of the new requirements to avoid penalties.


Topic : (Chennai Task Force) Digital Personal Data Protection (DPDP): Practical approach for CISOs 

Date & Time : 23 November, Thursday, 4 PM (IST) 

>> Registration Link : 



Key Discussion Points/ Agenda: 

1. Introduction to Data Privacy

- What is data privacy

- Privacy laws around the globe

- DPDPA Journey

2. Understanding the New Indian DPDPA 2023

- Objectives

- Principles of DPDPA

- Applicability

- Rights & Duties of Individuals

- Principals

- Legal implications/penalties

3. A practical approach to DPDPA compliance

- Personal data Inventory


- Risk treatment


Request members interested in the topic to register and also share with your teams and peers who may not be in the group. It is an important topic on 'DPDP for CISOs' and very relevant at the moment. 

>> Registration Link : 




Read more…

We are hosting a community Panel discussion on "Cybersecurity Breach At SolarWinds: Legal Implications And CISO Ramifications". Panelists include Matthew Rosenquist (CISO, Inc), Jim Routh (Former CISO JP Morgan & Chase, Chief Trust Officer Saviynt), Michael W. Reese (CIO | CISO Charge EPC)


You might have noticed it over the internet, the cybersecurity community is discussing on SEC Charging SolarWinds and Its CISO. In a recent move, the US Securities and Exchange Commission (SEC) has filed charges against SolarWinds and its chief information security officer (CISO) for reportedly concealing crucial information about cybersecurity vulnerabilities and risks from investors for two years prior to the revelation of a major cyberattack. It is important to understand the implications and best practices a CISO can do in their position.


Key Discussion Points :

  • Overview of charges/complaint-details?
  • Implications for security posture and reporting?
  • Will this case set a precident?
  • Is the SEC sending a message?
  • Concerns of industry CISOs?
  • How should CISOs adapt?


You can join us here:



Please Note : Since the speakers are across the globe, the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.


Read more…


In this episode of our Panel Discussion, our speakers Dan Lohrmann (Field CISO, Presidio), Danielle Cox (CISO, West Virginia), and Michael Gregg (CISO, North Dakota) discussed What's Hot For State CISOs In 2023.

A Candid Conversation with Cybersecurity Leaders

The realm of Chief Information Security Officers (CISOs) is continually evolving, and 2023 brings a fresh wave of challenges and opportunities. In this candid conversation, Dan Lohrmann, Danielle Cox, and Michael Gregg share their insights into what's trending and top of mind for CISOs in state government across the United States.

Meet the Experts

Dan Lohrmann - Field CISO, Presidio
With a background spanning from the National Security Agency to Michigan Government, Dan brings extensive experience to the table. His journey has been marked by various roles in both state and federal government, providing a unique perspective on the challenges and successes of CISOs.

Danielle Cox - CISO, West Virginia
Danielle's remarkable journey from a legal background to cybersecurity leadership showcases her adaptability and commitment to the field. As the CISO of West Virginia, she oversees the cybersecurity efforts for the state, bridging the gap between the public and private sectors.

Michael Gregg - CISO, North Dakota
Michael's pivot from the private sector to state government was driven by a desire to enhance the efficiency of state operations. He's responsible for safeguarding a broad spectrum of government entities in North Dakota, emphasizing collaboration and knowledge sharing across states.


The Expanding Horizons of State CISOs

2023 promises new horizons for state CISOs, and the panel delves into some key themes and challenges.

1. Building Robust Security Operations Centers (SOCs)

Michael Gregg discusses the remarkable growth of North Dakota's SOC, which extends its protective umbrella over not only state agencies but also counties, schools, and more. This shift towards inclusivity ensures a baseline of security across a multitude of entities.

Key Takeaway: Collaboration and information sharing across states have become imperative in the face of evolving cyber threats.

2. The Unknown Threat Landscape

Danielle Cox highlights the challenge of dealing with the "unknown." Legacy systems and mindsets are deeply ingrained in state governments, making it difficult to identify vulnerabilities and risks. Achieving visibility into the entirety of the threat landscape is a priority.

Key Takeaway: CISOs must constantly adapt to rapidly changing environments and take down silos to improve information sharing.

3. Vulnerability Remediation and Proactive Defense

Michael Gregg emphasizes the need for comprehensive vulnerability remediation. Legacy equipment and budget constraints make this a formidable task for state CISOs. A proactive approach, focusing on prevention rather than response, is crucial.

Key Takeaway: Looking upstream to identify vulnerabilities in the supply chain and addressing them before they infiltrate state systems is a strategic shift.

4. The Ongoing Battle Against Ransomware

Ransomware remains a persistent threat. State CISOs must be prepared to deal with potential attacks while continually bolstering their defense mechanisms.

Key Takeaway: Ransomware isn't going away, so robust defense and incident response plans are vital.

Join the Cybersecurity Community

If you're a CISO, CIO, Cybersecurity Manager, Vulnerability Manager, or Security Analyst looking for insights, collaboration, and professional growth in the dynamic world of cybersecurity, consider joining CISO Platform. It's a community where knowledge is shared, challenges are discussed, and solutions are discovered.


Read more…

(Panel) India Privacy Act And What It Means For CISOs

If you're a Chief Information Security Officer (CISO) or a cybersecurity professional, you're undoubtedly aware of the ever-evolving landscape of data protection and privacy regulations. In recent years, India has made significant strides in this arena with the introduction of the India Privacy Act. We'll dive into the key highlights and implications of this act, and we have some renowned legal experts to guide us through the intricacies.

Meet the Experts

Our esteemed panel of experts includes:

  • Advocate Dr. Pavan Duggal (Supreme Court of India; Expert Authority in Cyberlaw)
  • Advocate (Dr.) Prashant Mali (Cyber Law and Data Protection Lawyer, Bombay High Court)
  • Advocate Puneet Bhasin (Cyber & Data Protection Laws Expert, Founder- Cyberjure Legal Consulting & Cyberjure Academy)
  • Bikash Barai (Co-founder CISOPlatform, Firecompass)


(Panel Discussion) Recorded


Key Highlights of the India Privacy Act

1. Intent Matters

One of the most striking aspects of the India Privacy Act is its emphasis on intent. The concept of personal data breach under this act encompasses unauthorized sharing of data, whether intentional or not. This means that even unintentional data breaches can have legal repercussions. So, if you're a CISO, you must be prepared to demonstrate that you took reasonable security measures and conducted data audits to safeguard against data breaches.

2. Personal Data

The act merges sensitive personal data and personally identifiable data into one category, known as "personal data." This means that anything that identifies an individual, such as their name, health data, email ID, or IP address, falls under the purview of the act. This consolidation broadens the scope of data protection and places more responsibility on data fiduciaries and processors.

3. The Merger of Data Categories

Unlike previous laws, the India Privacy Act merges sensitive personal data and personally identifiable data into a single category – personal data. This means that any information that can identify an individual, from their name to their health data or email address, falls under this broader definition. CISOs need to be aware of the expanded scope and adapt their security measures accordingly.


Who Does the India Privacy Act Apply To?

The act casts a wide net, applying to almost every legal entity in India. Whether you're a large corporation, a startup, a healthcare provider, or a cooperative housing society, if you handle personal data, you're subject to the provisions of the act. This means that there's no escape from compliance for any organization, big or small.


Penalties and Liabilities

The India Privacy Act introduces substantial penalties for non-compliance. The fines can go up to 250 crore rupees, and they can be levied per breach or per record, depending on the severity of the data breach. The act is not lenient on organizations, and even smaller entities can face significant financial and legal consequences.

While the act does not explicitly include criminal liabilities, it does not absolve organizations from other existing laws, such as the Information Technology Act 2000 and the Indian Penal Code. Violations of these laws can lead to criminal charges, making it crucial for CISOs to ensure comprehensive compliance.


Impact on Enterprises and Startups

The India Privacy Act does not distinguish between large enterprises and startups when it comes to compliance. Both are equally bound by the act's provisions, and they must adhere to data protection regulations. This includes obtaining explicit consent for data processing, maintaining a consent management system, and providing a means for individuals to withdraw their consent.

Startups that handle sensitive data face the same level of responsibility as larger organizations. The source of the data and the scale of data processing do not exempt them from compliance. It's essential for all organizations, regardless of their size, to invest in educating their employees, developing consent management systems, and ensuring data security.


Formula for Penalties

The India Privacy Act does not specify a fixed percentage of revenue as a basis for calculating penalties, unlike the GDPR. Instead, it relies on a formula that considers factors such as the magnitude of the data breach, the nature of the data, and the level of negligence on the part of the organization. The formula is still in the process of being determined and may provide more clarity in the future.


Implications for CISOs

As a CISO, you're at the forefront of ensuring data security and compliance within your organization. Here's how the India Privacy Act will impact your role:

1. Extensive Training and Education

You'll need to invest in training and education for your team to ensure they understand the nuances of the Act. From consent management to understanding the parameters of the law, a well-informed team is your first line of defense.

2. Consent Management

Consent management will become critical. You'll need to implement consent management software that provides explicit notice and allows individuals to withdraw their consent if needed. The Act emphasizes transparency in data processing and consent, ensuring data subjects are fully aware of how their information is used.

3. Data Localization

While data localization didn't make it into the Act, the onus is on organizations to ensure data security. CISOs need to consider the potential risks and advantages of data localization in their specific contexts, even in the absence of a specific mandate.

4. Data Classification and Protection

Given the Act's broader definition of personal data, a more comprehensive approach to data classification and protection is essential. This includes stricter controls on data access and sharing, encryption, and secure data storage.


Act Now

The India Privacy Act is a game-changer in the realm of data protection and privacy. As a cybersecurity professional, it's your responsibility to understand and implement the necessary measures to ensure compliance. The magnitude of the fines and the potential repercussions for non-compliance make it imperative to act now.

To stay updated and connect with a community of like-minded cybersecurity professionals, consider joining CISO Platform, a dedicated cybersecurity community. Sign up here and be part of a network that prioritizes knowledge sharing and continuous learning.


Read more…

In this enlightening Fireside Chat, Brad La Porte, a former Gartner Analyst, and Bikash Barai, Co-Founder of FireCompass, delve into the world of Continuous Security Validation and Testing. Their conversation offers valuable insights for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), Cyber Security Managers, Vulnerability Managers, and Security Analysts.

Part 2 Recap:
They discuss the current state of security validation, share their thoughts on achieving a continuous security approach and Exploring the Tools: ASM, CART, and BAS  >>> Read More

Fireside Chat (Recorded)


The Challenge Of Continuous Security Validation

In today's digital landscape, cybersecurity has become a top priority for organizations of all sizes. Small and medium-sized businesses (SMBs) face the same threats as larger enterprises, and attackers don't discriminate based on company size. Therefore, it's crucial for SMBs to adopt a smart approach to continuous security validation.

Brad La Porte suggests that the process remains largely the same, but the key is to "think smarter, not harder." It begins with assessing your organization's attack surface, understanding what's necessary, and eliminating what's not. Just like securing your home by locking individual doors, implementing network segmentation within your organization helps reduce the overall impact of security breaches.


The Importance Of Restrictive Policies

La Porte emphasizes the significance of having strict policies in place. These policies should control what users can access, such as URL filtering, blocking websites, and restricting administrative rights. For example, in a corporate environment, it might not be appropriate to grant social media access to every employee or allow them to have administrative privileges. Implementing multi-factor authentication, stricter password rules, and frequent password resets also add layers of security.


Open Source Tools And Consolidated Solutions

For organizations with limited budgets, La Porte suggests leveraging open-source tools. Many such tools are available, allowing SMBs to gain exposure to essential security practices without breaking the bank. As organizations mature and their budgets expand, they can consider integrating best-of-breed solutions.

Barai adds that starting with open-source tools can be an excellent way to begin the cybersecurity journey. It's a cost-effective approach for SMBs looking to strengthen their security posture. Additionally, he recommends looking for consolidated solutions that offer multiple capabilities in one package, similar to a "Swiss army knife."


Key Success Factors And Common Mistakes

La Porte reflects on key success factors and common mistakes in implementing continuous security validation. He emphasizes that the answer is unique to each organization, depending on factors like business nature, culture, budget, and alignment between financial and security goals.

Success factors include reducing the number of unsuccessful attacks (reconnaissance) by identifying and eliminating weak points and decreasing dwell time (the time attackers remain within your network) through early detection and swift response.

Reducing false positives and false negatives and focusing on reducing noise in security alerts are also essential. The goal is to find the "needle in the haystack" efficiently, which, as in the world of magic, requires continuous improvement and visibility from all angles.


Ready to join the cybersecurity community and further your knowledge? Join CISO Platform, For more insightful content and updates, stay tuned to CISO Platform!

Read more…

In this Interesting Fireside Chat, in collaboration with FireCompass, two industry experts, Brad La Porte (Ex Gartner Analyst) and Bikash Barai (Co-Founder, FireCompass), bring you insights into the ever-evolving landscape of cybersecurity. They discuss the current state of security validation and share their thoughts on achieving a continuous security approach.

Part 1 Recap 
In this discussion, we'll explore how Cybercrime has become an underground economy, the importance of continuous security validation, and what it means for the ever-changing threat landscape >>> Read More

Fireside Chat (Recorded)

Part 2 of a 3 Part Conversation:

Where Does Security Validation Stand Now?

As technology continues to advance, so do the tactics of cybercriminals. Brad La Porte, a seasoned cybersecurity professional, has observed a wide range of companies, from small and medium-sized enterprises to large corporations. The burning question on everyone's mind is, "How frequent is security validation, and are we truly on the path to continuous security?" Brad's response is a reality check: "Not close enough."

Brad explains that organizations today fall into five levels of security maturity, ranging from zero to five. True continuous security testing is typically found in the upper echelons (level five) and is commonly seen in financially robust sectors like finance and healthcare. However, the encouraging news is that the trend is shifting downstream. More organizations, especially in the lower maturity levels, are recognizing the importance of continuous security validation. Managed detection and response, along with managed security service providers, are integrating these testing methods, even automating a significant portion of the process, making it feasible for round-the-clock security.

In this ever-evolving landscape, organizations are also exploring innovative solutions, such as automated red teaming, attack surface management, and breach attack emulation. These tools allow organizations to bring their own malware and test for zero-day vulnerabilities, an essential step as zero-day attacks become more prevalent.

The majority of organizations still find themselves in the lower maturity levels, between zero and three. Some have barely scratched the surface of vulnerability management, often dealing with legacy systems. The good news is that help is readily available. Many organizations are adopting a hybrid approach, leveraging professional services and aligning their people, processes, and technology to improve their security posture. As security tools and solutions become more accessible, adoption continues to rise. However, evaluating the myriad of solutions remains a challenge in itself.

Exploring the Tools: ASM, CART, and BAS

Brad highlights three key tools for continuous security validation and testing: Attack Surface Management (ASM), Continuous Automated Red Team (CART), and Breach Attack Simulation (BAS). These tools offer a spectrum of breadth and depth in assessing an organization's security posture.

Attack Surface Management (ASM): This tool provides a broader perspective on your security posture, helping you identify weak points in your organization's defenses. It's like securing your home by locking all the doors and windows, ensuring there are no vulnerabilities for attackers to exploit.

Continuous Automated Red Team (CART): Going deeper into the security landscape, CART focuses on specific use cases, identifying vulnerabilities, and evaluating an organization's susceptibility to various threats. What sets it apart is its continuous and automated approach, making it an ideal choice for 24/7 security.

Breach Attack Simulation (BAS): BAS is all about emulating real-world attacks. It allows organizations to simulate advanced persistent threat groups, implement zero-day attacks, and train their workforce to combat these threats effectively. It's like conducting fire drills in your organization to prepare for potential breaches.

Building a Continuous Security Validation Program

For organizations looking to establish a continuous security validation program, Brad and Bikash recommend a structured approach. It starts with the right mindset. Security validation isn't a one-time event but an ongoing process that should encompass every facet of your organization.

Crawl, Walk, Run: Begin with small steps, assess your current security posture, and identify weak points. Avoid the common pitfall of attempting to do everything at once.

Focus on Reduction of Attack Surface: One of the most effective strategies is reducing the attack surface. Implementing multi-factor authentication and investing in security awareness training can significantly enhance your security posture.

Continuous Training and Drills: Treat security readiness as a culture. Regularly simulate security incidents, conduct tabletop exercises, and engage your employees in recognizing and responding to threats.


Join the conversation on continuous security validation and become part of the thriving cybersecurity community at CISO Platform. Stay informed, stay secure.


>>> Part 3 Of Continuous Security Validation by Brad La Porte & Bikash Barai


Read more…

Welcome to a Interesting Fireside Chat where Brad La Porte, former Gartner Analyst, and Bikash Barai, Co-Founder of FireCompass, delve deep into the world of Continuous Security Validation & Testing. In this discussion, we'll explore how Cybercrime has become an underground economy, the importance of continuous security validation, and what it means for the ever-changing threat landscape.

About Speaker

Brad LaPorte has been on the frontlines fighting cyber criminals and advising top CEOs, CISOs, CIOs, CxOs and other thought leaders on how to be as efficient and effective as possible. This was conducted in various advisory roles at the highest levels of top intelligence agencies, as a Senior Product Leader at both Dell and IBM, at multiple startups, and as a top Gartner Analyst.

Bikash Barai is the Co-Founder of FireCompass, known for his innovations in Network Security and Anti-Spam Technologies with multiple USPTO patents. He's been recognized by Fortune in their Top 40 Business Leaders under 40 list in India and is a prominent speaker at events like TiE, RSA Conference USA, and TEDx.

Fireside Chat (Recorded)

The Cybercrime Has Become An Underground Economy

Brad La Porte, with over two decades in the cybersecurity industry, brings a unique perspective on the field's evolution. From his military days to consulting with High Tide Advisors, Brad has witnessed a monumental shift. The days of manual, 'men in black' forensics tools have given way to a high-tech battleground. The arsenal of attackers has grown, harnessing cloud-based tools, machine learning, and artificial intelligence.

This digital transformation isn't exclusive to defenders; criminals have adopted these technologies too. Cybercrime has become an underground economy, where you can outsource malicious activities with a few clicks. Ransomware as a service, supply chain breaches, and other cyber threats are just a Bitcoin away.

The Rise Of Continuous Security Validation

Continuous Security Validation is the response to this ever-growing menace. Organizations have become more serious about security, driven by the fear of being on the front page of a newspaper for the wrong reasons. The cost of a breach goes beyond immediate losses; it affects brand reputation and long-term security posture.

This evolution demands a change in mindset. Accepting that breaches will happen, and being proactive about security is paramount. The 'not in my backyard' mentality is changing, but it's not pervasive enough. It's not a matter of 'if' a breach will occur, but 'when' and 'how bad.' Organizations need to be in a continuous state of readiness, battling breaches on multiple fronts.


The State Of The Industry

The Agile Adversary
The adversary landscape has transformed into something agile. Just like developers, attackers make continuous changes. They seek windows of opportunity, and when they find them, they strike. This dynamic environment necessitates continuous testing and validation of security measures.

Simple Breaches, Huge Consequence
Many breaches appear deceptively simple, reminiscent of the 'For want of a nail' poem. Small misconfigurations can lead to massive compromises. Although zero-day vulnerabilities are powerful, they're rare culprits. Most breaches occur due to easily exploitable weaknesses.


The Way Forward

For CISOs, CIOs, Cyber Security Managers, Vulnerability Managers, and Security Analysts, understanding these dynamics is essential. Continuous Security Validation is not an option but a necessity in this evolving landscape. To ensure your organization's safety, you must adopt a proactive, continuous testing approach.

Embrace Continuous Security
The number one piece of advice is to fully embrace continuous security validation horizontally and vertically across your organization. Accept that breaches are inevitable, and focus on 'when' rather than 'if.' This mindset shift is crucial.

Join CISO Platform

To stay updated on the latest in cybersecurity and connect with like-minded professionals, consider joining CISO Platform, the CyberSecurity Community. Access valuable insights, discussions, and resources to fortify your organization's security posture.

Join CISO Platform - the CyberSecurity Community: Sign Up Now

>>> Part 2 Of Continuous Security Validation by Brad La Porte & Bikash Barai


Read more…


As we navigate the ever-evolving landscape of cybersecurity, one thing becomes clear: preparedness is key. Cyber threats continue to grow in complexity, and organizations, especially those responsible for critical infrastructure and national security like the US Government and Homeland Security, must remain vigilant. One powerful tool in their arsenal is running cyber crisis drills.

In this Fireside chat, we bring you insights from two seasoned cybersecurity professionals, Dan Lohrmann and Bikash Barai. They share hands-on tactics for conducting cybersecurity drills that prove invaluable for the government and enterprise board members.


Dan Lohrmann: A seasoned Chief Security Officer (CSO) and Chief Strategist at Security Mentor, Dan has a remarkable career history, including serving as the former CSO for the State of Michigan. His journey began at the National Security Agency (NSA), making him a cybersecurity veteran.

Bikash Barai: As a Co-Founder of FireCompass and CISO Platform, Bikash brings a wealth of knowledge and experience in cybersecurity. His background includes expertise in red teaming and advisory board roles, making him a thought leader in the field.

Before we dive into the tactics, it's worth noting that this is Part 4 of a 4-part discussion. If you haven't checked out the previous parts yet, you can catch up here:

  • Part1: Running Cyber Crisis Drills For The US Government With Dan Lohrmann & Bikash Barai (Link Here)
  • Part2: Preparing for the Unpredictable and Scenario Based Drills for the US Government & Homeland Security With Dan Lohrmann & Bikash Barai (Link Here)
  • Part3: Running Cyber Crisis Drills - Do's and Don'ts For Successful Cyber Crisis Drills With Dan Lohrmann & Bikash Barai (Link Here)

The Changing Attack Surface

The attack surface for organizations has transformed dramatically. No longer confined to office premises and data centers, the attack surface now extends to various uncharted territories. It's a shift driven by the growing remote workforce, a blend of home and office environments, and the widespread adoption of cloud technologies.

The Extended Attack Surface

As Bikash pointed out, organizations often overlook the extended attack surface. With employees working from home, even the home routers and personal systems become integral components of this surface. Understanding and securing this extended attack surface is a challenge that must be addressed effectively.

The Power and Perils of the Cloud

Cloud technology is a double-edged sword. While it offers scalability and flexibility, it also scales both security and insecurity. As organizations increasingly embrace the cloud, they need to ensure that they configure their cloud environments securely.

It's worth noting that defaults can be insecure. A case in point is MongoDB databases with default configurations left wide open to the internet. These lapses result in open databases accessible to anyone, posing significant risks.

The Need for Consolidation

The complexity of modern cybersecurity is a significant challenge. Multiple security tools and solutions are available, each claiming to be essential. However, these tools often don't communicate with each other, creating operational silos. The solution? Consolidation.

Zero Trust: The Path to Consolidation

Zero trust, a concept gaining traction, seeks to eliminate many tools by centralizing security measures. By focusing on verification and not blindly trusting users or systems, zero trust can significantly simplify the security architecture.

Cloud as a Catalyst for Consolidation

Cloud environments, as Bikash explained, provide a uniform playing field for consolidation. The transition to cloud platforms enables organizations to bring various security measures under a single roof, streamlining security management.

Response and Recovery

In today's cybersecurity landscape, it's not only about preventing attacks but also about having a robust response and recovery strategy in place. Here are some essential elements:


Regular, secure backups are crucial. They serve as a safety net when incidents occur, allowing organizations to recover data and systems swiftly.

Crisis Drills

Conducting cybersecurity crisis drills is like preparing for a fire drill in a school. The exercises help teams practice their responses, identify weaknesses, and fine-tune their incident response plans.

BCP and DR

Business Continuity Planning (BCP) and Disaster Recovery (DR) strategies should be part of an organization's preparedness. These ensure that the business can continue its operations during and after a security incident.

The Path Forward

As the conversation between Dan Lohrmann and Bikash Barai draws to a close, they acknowledge that the path forward will not be without its challenges. While consolidation seems inevitable, it might take time to see a significant industry-wide shift. However, the gradual alignment of industry drivers indicates that we're moving in the right direction.

In conclusion, the complexities of the evolving cybersecurity landscape require constant adaptation. By embracing a zero trust approach, making the most of cloud technology, and preparing for crises through drills, organizations can bolster their defenses. As the experts suggest, the future holds promise, and the journey towards a consolidated and secure cybersecurity landscape continues.


>>For more insights and discussions on cybersecurity, join CISO Platform - the CyberSecurity Community. Sign up here.

Read more…


In the realm of cybersecurity, the ability to respond swiftly and effectively to a crisis is paramount. For organizations, especially those entrusted with securing government data and infrastructure, the stakes are incredibly high. That's where cyber crisis drills come into play. In this Fireside chat, our speakers, Dan Lohrmann and Bikash Barai, delve into the nitty-gritty of running cyber crisis drills for the US government and Homeland Security.

Meet the Experts

Dan Lohrmann is the Chief Security Officer and Chief Strategist at Security Mentor. With a background at the National Security Agency and experience as a former CISO for the State of Michigan, Dan brings a wealth of knowledge in cybersecurity to the table.

Bikash Barai is one of the co-founders of FireCompass and CISO Platform, a cybersecurity community. His expertise in cybersecurity, particularly in the realm of red teaming, adds a unique perspective to the conversation.

Before we dive into the tactics, it's worth noting that this is Part 3 of a 4-part discussion. If you haven't checked out the previous parts yet, you can catch up here:

  • Part1: Running Cyber Crisis Drills For The US Government With Dan Lohrmann & Bikash Barai (Link Here)
  • Part2: Preparing for the Unpredictable and Scenario Based Drills for the US Government & Homeland Security With Dan Lohrmann & Bikash Barai (Link Here)


Do's and Don'ts for Successful Cyber Crisis Drills

Preparation is Key

One of the fundamental pillars of conducting successful cyber crisis drills is thorough preparation. This entails providing participants with read-ahead materials that simulate real-life scenarios. These scenarios could be based on incidents at other companies, competitors, or industry-specific challenges. It's essential to equip your team with intelligence, even if it's not a real situation. This could involve briefing them on current events relevant to your industry, such as economic shifts or emerging threats.

Change It Up

One common pitfall in cyber crisis drills is complacency. To keep participants on their toes, consider throwing curveballs into the mix. Surprise your team by making sudden changes, like reassigning roles or introducing unexpected scenarios. This not only tests their adaptability but also ensures they don't become too comfortable with routine responses. The real world is full of surprises, and preparedness means being ready for the unexpected.

Actionable Items

At the end of a crisis drill, it's not enough to wrap up and move on. The key is to identify actionable items. Assign responsibilities for each item, and ensure there is a clear owner. Make it a point to report back on these items, whether through email updates or, ideally, a follow-up meeting. This level of accountability helps drive improvements and ensures that lessons learned are translated into real-world action.

Seek Feedback

Constructive feedback is invaluable. After the drill, conduct a "hot wash" or a feedback session where participants can share their thoughts, ideas, and concerns. You can use surveys to gather feedback or have an open discussion. Encourage your team to think outside the box and challenge the status quo. Valuable insights can often emerge from these discussions, leading to refined strategies.

Step Out of the Comfort Zone

Sometimes, hosting a drill within the same familiar environment may lead to complacency. To maintain engagement and focus, consider taking your team to an off-site location. This approach removes the distractions of daily work routines, encouraging participants to fully immerse themselves in the exercise. It's a small change that can make a significant difference.

The Ever-Changing Landscape of Cybersecurity

As we look ahead to 2021, it's crucial for cybersecurity professionals to remain vigilant. The landscape is continually evolving, and staying prepared is an ongoing journey, not a destination. Here are a few trends and areas of focus for the year:

Ransomware Evolution

Ransomware attacks are becoming increasingly complex and sophisticated. Attackers not only encrypt data but may also steal it before applying encryption. This double-threat strategy puts added pressure on organizations to pay the ransom, as the threat of data leakage looms.

Remote Work Challenges

The shift towards remote work, accelerated by global events, presents new challenges. Home networks have become prime targets for hackers, and organizations must adapt to secure their remote workforce effectively.

Artificial Intelligence and Machine Learning

AI and machine learning are playing a more central role in cybersecurity. They not only help in threat detection but are also being used by attackers. Automating processes is crucial to stay ahead in the game.

Cloud Security

As more businesses migrate to cloud platforms, the responsibility for end-to-end security remains with the organization. Don't assume that cloud providers have you fully covered. Cloud security is a shared responsibility.

Zero Trust and SASE

Implementing a Zero Trust model and exploring Secure Access Service Edge (SASE) solutions can enhance security in an environment where traditional network boundaries are blurred.


>>For Part 4 of the Blog Read Here


>>To stay updated on the latest cybersecurity trends and insights, consider joining CISO Platform, the cybersecurity community. You can sign up here: Join CISO Platform.




Read more…

CISO Platform Top100 Awards And Conference 2023

At the CISO PLATFORM 100 Awards & Conference 2023, we were fortunate to host "100+ CISOs joining us over 22+ Sessions to share their knowledge with the community and build Task Forces". Attendees experienced Keynotes, Panel discussions and Task Forces along with Award felicitation.

Our editorial team has handpicked the top sessions at CISO Platform Top100 Conference held in Agra. Here are the list of top sessions from the Conference 2023.




1. (Keynote) Orientation CISO Platform Journey

Speaker : Bikash Barai, Co-founder & Advisor, CISO Platform 

>> Go To Presentation




2. (Keynote) Getting Inside Generative AI And Its Impact On Security Testing

Speaker : Arnab Chattopadhayay, CTO, FireCompass & Bikash Barai, CEO, Firecompass 

>> Go To Presentation




3. (Keynote) Cyber Truths : Are You Prepared?

Speaker : Nikhil Fogat, Regional Sales Director- North Enterprise, SentinelOne & Shanker Sareen, Head Marketing - SentinelOne India and SAARC

>> Go To Presentation




4. (Keynote) Simplifying Data Privacy And Protection

Speaker : Tushar Haralkar, Principal Technical Sales Leader, Security Software, IBM India South Asia

>> Go To Presentation




5. (Keynote) Every Attacker Exploits Weaknesses - Understand Yours

Speaker : Chandrashekhar Basavanna, CEO, Secpod

>> Go To Presentation




6. (Keynote) India's Digital Personal Data Protection (DPDP) Act 2023

Speaker : Advocate Dr. Prashant Mali, Cyber Law and Data Protection Lawyer, Bombay High Court

>> Go To Presentation




7. (Panel Roleplay) CISO Presenting The Top 10 Security Risks To The Board

Speaker : Rajiv Nandwani (Moderator), Dr. Yusuf Hashmi, Kuldeep Kaushal

>> Go To Presentation




8. (Panel Roleplay) Executing Cyber Crisis Management Plan

Speaker : Gowdhaman Jothilingam (Moderator), Yudhisthira Sahoo, Basil Dange, Jagannath Sahoo, Prabhakar Ramakrishnan, Koushik Nath, Balram Choudhary, M.Sathish Kumar, Sathish Eathuraj, Ramkumar Dilli, Srinivasulu Thayam, Suprakash Guha

>> Go To Presentation




9. (Task Force) Verizon DBIR Control Mapping

Speaker : Manoj Kuruvanthody, CISO & DPO, Tredence

>> Go To Presentation




10. (Task Force) Session On Chennai Chapter

Speaker : Gowdhaman Jothilingam, Global CISO and Head IT, Latent View

>> Go To Presentation




Read more…