All Articles

Basic structure of legal argument

1. If conditions A, B and C are satisfied, then legal consequences X, Y and Z follow. (Major premise: legal rule)
2. Conditions A, B and C are satisfied (or not). (Minor Premise: the facts of the case)
3. Therefore, legal co

1. Art 21 of the Constitution guarantees fundamental right to life and personal liberty. This article of Constitution has been interpreted by the Judiciary with widest amplitude so as to include several other rights such as right to food and shelter,

Learn Modern SOC and D&R practices for free from Google! Yes, really! That’s the message. Join *hundreds* of others who already signed up!

Now, with full details….

After some ungodly amount of work, the original ASO crew (but really Iman!) put toget

Do I go to my Cloud Service Provider (CSP) for cloud security tooling or to a third party vendor?

Who will secure my cloud use, a CSP or a focused specialty vendor?

Who is my primary cloud security tools provider?

This question asked in many ways ha

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security i

One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging me and why should anybody else care?

First, is “detection as code” just a glamorous term for what you did when you loaded your Snort rules in cvs in

We all know David Bianco Pyramid of Pain, a classic from 2013. The focus of this famous visual is on indicators that you “latch onto” in your detection activities. This post will reveal a related mystery connected to SIEM detection evolution and its

We had a community session on Evaluating AI Solutions in Cybersecurity: Understanding the "Real" vs. the "Hype" featuring Hilal Ahmad Lone, CISO at Razorpay & Manoj Kuruvanthody, CISO & DPO at Tredence Inc.

In this discussion, we covered key aspects

I was recently asked “What do intelligence reports do? They appear worthless!”

I found the question both funny and ironic. Unfortunately, I had to gently deliver some uncomfortable news.

There is a fundamental difference between intelligence and the ab

Congrats to the Top 50 Global Thought Leaders and Influencers on Risk Management 2024!

Thanks Thinkers360 for the recognition to myself and so many of the hard working colleagues in the cybersecurity industry!

See the full list of profiles here: https

Many organizations are looking for trusted advisors, and this applies to our beloved domain of cyber/information security. If you look at LinkedIn, many consultants present themselves as trusted advisors to CISOs or their teams.

Untrusted Advisor

 Mention “alert fatigue” to a SOC analyst. They would immediately recognize what you are talking about. Now, take your time machine to 2002. Find a SOC analyst (much fewer of those around, to be sure, but there are some!) and ask him about alert fati

The present application was filed for quashing proceedings in a case pending for the offence punishable under Section 66-C and 67 of the Information Technology Act, 2000 (‘The IT Act, 2000’). The Hon. HC stated that it could not be concluded without

Sneak peek into the CISO Breakfast at Black Hat 2024! .. first few photos out

CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.

CISOPlatform is

In today’s rapidly evolving digital economy, the demand for robust cybersecurity measures is more critical than ever. Senior cybersecurity officers and Chief Information Security Officers (CISOs) face the dual challenge of defending their organizatio

Automated penetration testing uses specialized software to emulate cyberattacks on your IT systems. This helps find vulnerabilities before attackers do. It’s essential for strengthening your cybersecurity strategy through continuous and efficient ass

We are hosting an exclusive CISO Platform Talks session on Evaluating AI Solutions in Cybersecurity: Understanding the "Real" vs. the "Hype" featuring Hilal Ahmad Lone, CISO, Razorpay and Manoj Kuruvanthody, CISO & DPO, Tredence Inc.

In the evolving

CISA has raised the alarm about, the recently discovered CVE-2024-5910 in Palo Alto Networks’ Expedition tool. This vulnerability is being actively exploited, leaving organizations scrambling to secure their systems before attackers take advantage.

B

We had a community session on "Offensive Security: Breach Stories to Defense Using Offense" with Saravanakumar Ramaiah, (Director - Technology Risk Management, Sutherland) & Rajiv Nandwani (Global Information Security Director, BCG).

In this discussi

I didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down to a design weakn