Category Archives: Leadership

Why we need to redefine CIA triad of information security

Whether it is opening a firewall port, relaxing a permission on an S3 bucket, or mailing a confidential document to a private email address, people often try to circumvent information security controls with a “good intention of getting things done”. … Continue reading

View post to subscribe to site newsletter.

Posted in Leadership | Comments Off on Why we need to redefine CIA triad of information security

SIX MODELS FOR A SUCCESSFUL CAREER

Six fundamental models that always fill my personal and professional life with joy, pleasure and satisfaction Do the right thing, always – This is my first model of a joyful life, explained to me by a school senior friend. If … Continue reading

Posted in Leadership | Tagged , , , , | Comments Off on SIX MODELS FOR A SUCCESSFUL CAREER

SASE: Technology, Transport and Service

What is it? Secure Access Service Edge or SASE is a relatively new concept. The goal is to connect users from anywhere to applications, data and services hosted in any place (Cloud, corporate data centers or Software-as-a-Service platforms). The basic … Continue reading

View post to subscribe to site newsletter.

Posted in Leadership | Comments Off on SASE: Technology, Transport and Service

Book “Cybersecurity Arm Wrestling” Published.

My latest book “Cybersecurity Arm Wrestling: Winning the perpetual fight against crime by building a modern Security Operations Center (SOC)” is published and available on amazon.com worldwide. This is a relatively short book with 11 chapters, three sections and about … Continue reading

View post to subscribe to site newsletter.

Posted in Leadership | Tagged , , , | Comments Off on Book “Cybersecurity Arm Wrestling” Published.

Final Draft of Book – Cybersecurity Arm Wrestling

The final draft of “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center (SOC)” book is complete and is available for download and your comments. The book consists of ten chapters as … Continue reading

View post to subscribe to site newsletter.

Posted in Leadership | Comments Off on Final Draft of Book – Cybersecurity Arm Wrestling

Setting up Computer Security Incident Response Team (CSIRT)

Once SOC analysts declare an event as a security incident, the CSIRT takes the ownership of the incident, take necessary actions and close it. The objective of CSIRT is to execute workflow for responding to the incidents once it is … Continue reading

View post to subscribe to site newsletter.

Posted in Leadership | Comments Off on Setting up Computer Security Incident Response Team (CSIRT)

Run Away from People with Defeatist Attitude

While negativity usually becomes very toxic for any team fairly quickly, defeatist attitude is probably the worst. Defeatists give up even before trying and urge others to do the same. They fear change. “A defeatist is the opposite of an … Continue reading

View post to subscribe to site newsletter.

Posted in Leadership | Tagged , | Comments Off on Run Away from People with Defeatist Attitude

CISO Tools to Build (or Tweak) a Cybersecurity Roadmap, Create Business Case and Request Funding

I am not telling you anything new when I say that an essential part of a CISO’s job is to build a Cybersecurity program, communicate it to stakeholders, and continuously tweak it based upon continuously changing threat landscape. Job of … Continue reading

Posted in InfoSec, Leadership | Tagged , , , , , , , | Comments Off on CISO Tools to Build (or Tweak) a Cybersecurity Roadmap, Create Business Case and Request Funding

A 3-3-4-5 Model for CISO Strategy

Many CISOs and Infosec leaders I meet face continuous challenge to communicate their strategy that is simple and others in their organization can understand and relate to. I have created a simple model for CISOs to explain it on a single page and have found it to be an effective tool. Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on A 3-3-4-5 Model for CISO Strategy

A Threat Modeling Process to Improve Resiliency of Cybersecurity Program

Many organizations with mature Cybersecurity program have implemented controls to safeguard their digital assets. However, controls can give a false sense of security as many times mere existence of a control does not mean that it is (a) adequate and/or (b) effective. Protecting crown jewels requires continuous monitoring and evaluating controls. This article describes a 5-step threat modeling process to improve resiliency of your program, identify gaps and close these gaps. Continue reading

View post to subscribe to site newsletter.

Posted in Digital Transformation, InfoSec, Leadership | Tagged , | Comments Off on A Threat Modeling Process to Improve Resiliency of Cybersecurity Program