Type your search keyword, and press enter

Participating in Security Shark Tank with Robert Herjavec and CISOs

Participating as a ‘Shark’ as part of a panel comprising of Chief Information Security Officers (CISOs) and Robert Herjavec. The event is the Security Shark Tank taking place on Feb 14, 2017 in San Francisco during the week of RSA Conference 2017.

The event will be conducted in a true Shark Tank style environment that we are used to seeing in the hit TV series. It will be great participating alongside Robert Herjavec who will be serving as the host and moderator. It will give us the opportunity to interact with new technologies from top notch vendors while giving valuable feedback to the vendors themselves.

“The Security Shark Tank has grown to become the premier forum for CISOs and industry leaders to learn about innovative technology. I look forward to the rapid-fire exchange with my peers, the participating vendors and host Robert Herjavec during one of the most anticipated events during the week of RSA,” said Hearst CISO David Hahn, a former moderator and participant.

Link to the prnewswire feed: http://www.prnewswire.com/news-releases/robert-herjavec-to-host-security-current-signature-event-security-shark-tank-in-san-francisco-300362932.html?tc=eml_cleartime

Judge for SC Magazine Awards 2017

The annual SC Magazine 2017 awards celebrating the best and brightest in Information Security is around the corner. As part of this mission, it was a huge honor and privilege to be part of a small panel of judges comprised of a range of cybersecurity industry luminaries — from current and former CISOs to vendor-neutral consultants or analysts to educators from academic institutions — all members of SC’s audience, validating the best of the best Information security products and services nominated for various cybersecurity awards.


Speaking at Global Big Data Conference 2016

Securing Apache Kafka by Ajit Gaddam

Speaking on Securing Apache Kafka

Global Big Data Conference
Securing Apache Kafka by Ajit Gaddam


The Session

The Interview


Cloud Security Guidance

This post is a summary of the guidance provided in version 3 of the Cloud Security Alliance document Security Guidance for Critical Areas of Focus in Cloud Computing v3.0.  The CSA guidance remains one of the best around providing actionable security guidance for businesses adopting a multi-tenant cloud service environment.

Overall document summary:

  1. The Cloud Security guidance document is organized into 14 domains.
  2. The 14 cloud security domains are Cloud Architecture, Governance and Enterprise Risk Management, Legal: Contracts and Electronic Discovery, Compliance and Audit, Information Management and Data Security, Portability and Interoperability, Traditional Security, Business Continuity and Disaster Recovery, Data Center Operations, Incident Response, Notification and Remediation, Application Security, Encryption and Key Management, Identity and Access Management, Virtualization, and Security as a Service
  3. The different cloud deployment models are: private, public, community, or hybrid models
  4. Assets that need security in the cloud fall in two categories: Data or Applications/functions/processes. Parts or all assets can move to the cloud or live in your own data center.
  5. Hosting options could include internal (on-premise), external (dedicated or shared cloud infrastucture), or combined (e.g. data can live on-prem while application can move to the cloud).
  6. Assess the CIA (Confidentiality, Integrity, Availability) requirements for the asset and how the risk varies if part or the entire asset moves to the cloud.
  7. In summary, know the assets moving to the cloud, determine your risk tolerance, and figure out the acceptable cloud deployment and service models
    Continue reading… “Cloud Security Guidance”

Good List of Open Source Security Projects

This is a compilation of some excellent open source security projects.  I will continue to update this page. Insert in comments below if you have any good reference projects or open source security tools. I am excluding the obvious ones like Metasploit and Bro for example, in this list.

Platform / Host Security

OSQuery from Facebook

Reference Link: https://osquery.io/

Github linkhttps://github.com/facebook/osquery

Commercial Comparison: The commercial equivalent functionality is with Tanium.

Description: osquery gives you the ability to query and log things like running processes, logged in users, password changes, usb devices, firewall exceptions, listening ports, and more. It allows you to easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance

Continue reading… “Good List of Open Source Security Projects”