Author Archives: Rafeeq Rehman

About Rafeeq Rehman

Consultant, Author, Researcher.

CISO MindMap 2024: What do InfoSec Professionals Really Do?

Many individuals outside the realm of cybersecurity often underestimate the intricacies involved in a security professional’s role. Since its inception in 2012, the CISO MindMap has served as a valuable educational resource, offering insights into CISO responsibilities and aiding security … Continue reading

Posted in cisomindmap | Tagged , , , , , | Comments Off on CISO MindMap 2024: What do InfoSec Professionals Really Do?

Building Generative AI (GenAI) Applications

Four key considerations for business executives Harnessing the potential of Generative AI (GenAI) to create user applications that drive business value may appear daunting, yet it doesn’t need to be. With the GenAI field advancing swiftly and offering a plethora … Continue reading

Posted in Entrepreneurship, Leadership | Tagged , , | Comments Off on Building Generative AI (GenAI) Applications

Security Hygiene

While responsibilities of leaders in information security are very extensive as shown in the CISO MindMap, following are seven foundational and “must-have” capabilities that every information security program should have. If any of these capabilities is missing, the first priority … Continue reading

Posted in InfoSec | Tagged , , , , | Comments Off on Security Hygiene

Third Party Risk Management – Considerations for creating a program standard

What is a Third Party Third parties generally refer to external entities with whom you enter into contractual agreements to deliver products or services. These external partners may offer essential services to support your business operations or extend services to … Continue reading

Posted in Leadership | Tagged , , | Comments Off on Third Party Risk Management – Considerations for creating a program standard

No-Hype Use of LLMs in Cybersecurity

Three use cases of Large Language Models (LLMs) to save time and immediately enhance productivity While there is tremendous hype around LLMs, many people in Cybersecurity are still struggling to put news tools like ChatGPT and Google Bard to practice. … Continue reading

Posted in InfoSec, Leadership, SOC | Tagged , , , , , | Comments Off on No-Hype Use of LLMs in Cybersecurity

A Conference Dedicated to Security Operations Center (SOC)

As shown in CISO MindMap 2023, job of security professionals is complex and Security Operations Center (SOC) is a significant part of this job. SOC analysts are stressed out by overwhelming number of incidents and dealing with these incidents in a timely … Continue reading

Posted in SOC | Tagged , , , | Comments Off on A Conference Dedicated to Security Operations Center (SOC)

CISO MindMap 2023: What do InfoSec Professionals Really do?

NOTE: A new version of CISO MindMap has been published and is available at this link. Most people outside the Cybersecurity profession don’t fully realize and appreciate the complexity of a security professional’s job. Since 2012, CISO MindMap has been … Continue reading

Posted in cisomindmap, Leadership | Tagged , , , , , , | Comments Off on CISO MindMap 2023: What do InfoSec Professionals Really do?

Risk Assessment – On Estimating Control Strength

In a previous blog post, I discussed qualitative, quantitative, and scoring methods of risk assessment. Irrespective of which method we use, estimating “control strength” is an important part of calculating overall risk (especially in qualitative and quantitative methods). To improve … Continue reading

Posted in Risk Management | Tagged | Comments Off on Risk Assessment – On Estimating Control Strength