In “build: an unorthodox guide to making things worth making”, Tony Fadell talks about bridging top-down and bottoms-up type of thinking. An example is in chapter 1.4 where he urges ppl to not only look down but to look up. Those tips are worth reading about. I have seen the…

Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks. They are, Burn-out, and Not knowing the “why cybersecurity” ? Burn-out is real, more so in cybersecurity. While regulation is driving…

TLDR-It’s not all pen-testing! My 2 cents on a day in a pentester's life from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting! Originally published on Quora (https://www.quora.com/How-is-the-day-of-Penetration-tester-will-be) by your truly, as an answer to a question. …

Disclaimer: This would be a long post (culmination of many old posts) with lot of different opinions, thoughts. If weaving is not right, please provide feedback on how it could be corrected. I had the good fortune of reading couple of threads by gentlemen whom I respect for their grounded…

This is a live post; it will undergo changes, which are captured in change log, provided at the end of this post. Being part of many external VAPT engagements, one thing was clear from outset — methodology is the key, but so are the information sources & tools for conducting…

assuming you have a valid account with tenable and have paid for your license. Problem Statement You are setting up a cloud server to conduct Nessus scans. You don’t have access to ssh (due to various reasons, let’s not go there). you are using cloud console. How would you download Tenable Nessus Pro on your cloud machine? curl --request GET --url https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-8.7.1-debian6_amd64.deb --header “Authorization: Bearer <auth-code-here>” --output ./fileName.deb

I got many comments (thank you, everyone, as I learnt a lot) for my article that I published some time back. I realized that I need to explain my thoughts in a different way (as many people were of the view that I am championing a person-with-no-technical-knowledge as CISO. …

This article was published by me on LinkedIn earlier. — — — — — — — — — — — — — — — — — — — — — — — — — - Disclaimer:- All of what is written here is my own opinion. ‘nuf said. Raise your…

I came across this rant (with the usual don’t-kill-me-am-just-making-a-random-statement-and-fully-intend-to-get-away-with-it disclaimer) on LinkedIn about how CISO’s are clueless about how a virus works, even with CISA/CISM and a decade’s experience under their belt. It got me seething about how this statement is wrong on so many levels, but then I decided…