HEADLINES

LATEST POST

ARTICLES

interviewjobsearchtutorial
0

Ten things you may reveal during job interview (Response to Forbes Article)

In continuation to my recent articles on preparation for the interview, and few pointers to make perform better during the interview, I stumbled on an article at Forbes - Ten Things Never, Ever to reveal in a job interview by Liz Ryan. I agree with some of the pointers she voiced, but few might hurt the employee/employer relationship in the long run or may even be considered borderline unethical. This blog-post is an attempt to share my humble opinion while having experience as an entrepreneur & employee. Please read it with a pinch of salt, and do share your...
Continue reading
interviewjobsearchmistakestutorial
0

Interview Tips: Prepare well before you take off!

I have been working in Information Security domain long enough to understand what is it about, and where most the candidates I interview fumble. So, if you have a technical skill-set, out-of-box thinking and the passion to work, you have an excellent chance to be hired. This article will help you to avoid common mistakes and make you present yourself better & sharper. Now, this blog post shall be covered in 3 parts -...
Read more
securityagiledevopssdlc
0

DevSecOps is coming! Don't be afraid of change.

There has been a lot of buzz about the relationship between Security and DevOps as if we are debating their happy companionship. To me they are soulmates, and DevSecOps is a workable, scalable, and quantifiable fact unlike the big button if applied wisely. What is DevOps? The development cycle has undergone considerable changes in last few years. Customers and clients have evolving requirements and the market demands speed, and quality. The relationship between developers...
Read more
securityawarenesspolicyprivacy
0

An Interview by Timecamp on Data Protection

A few months back I was featured in an interview on Data Protection Tips with Timecamp. Only a handful of questions but they are well articultated for any organisation which is proactive & wants to address security in corporations, and their employees' & customers responsibilities. -- How do you evaluate people's awareness regarding the need to protect their private data? This is an exciting question as we have often faced challenges during data protection...
Read more
securityowaspdevelopmentpolicy
0

Don't be a security snob. Support your business team!

There have been many a times that access controls have been discussed in the meetings related to web development. With an interconnected world of APIs it is very important to understand the authentication of these end-points. One of the best approach I always vouch for is mutual authentication on SSL certificates (or 2 way SSL). Most of the times it is viable but it fails when either of party couldn't support it (hence not...
Read more
securitypentestcyberattackowaspvulnerability
0

WAF and IPS. Does your environment need both?

I have been in fair amount of discussions with management on the need for WAF, and IPS; they often confuse them and their basic purpose. It has been usually discussed after a pentest or vulnerability assessment, that if I can't fix this vulnerability - shall I just put an IPS or WAF to protect the intrusion/ exploitation? Or, sometimes they are considered as the silver bullet to thwart off the attackers instead of fixing...
Read more
owaspvulnerabilitypatchzerodaysecurity
0

I know I haven't patched yet, and there's a zero-day knocking at my door

Patching is important, but let's agree it takes time. It takes time to test & validate the patch in your environment, check the application compatibility with the software and the underlying services. And then, one fine day, an adversary just hacks your server due to this un-patched code while you are testing it. It breaks my heart and I wonder "what can be done in the delta period while the team is testing...
Read more