This Side of Paradise

The gatekeepers

Posted on | 512 words | ~3mins
work related

I had this fantastic opportunity to be part of the information risk management forum at the client location. So, off it was to Bangalore again - the program was scheduled for a day, with various senior people speaking. The most notable among them being -

  • Nandkumar Saravade - Director, Cyber Security and Compliance at NASSCOM. One of the very interesting discussions we had with him was an info sec accreditation similar to ISO 27001 which members of NASSCOM would use to benchmark themselves in the industry. Since offices in India serve various countries all over the world, the proposed standard would be trying to encompass information security laws across many countries. Any company having that particular security accreditation would surpass individual country specific requirements. Even a third party surveying/certifying firm like Gallup or Moody’s could actually define and administer these surveys and certifications. Great for the outsourcing business in India, and definitely a step in the right direction where information security measures are woefully inadequate when compared to the industry growth here.

  • Paul Hinkle - Formerly , Prinicipal Security instructor at Symantec and currently CTO of Safelight Security Advisors. His original scheduled talk was a fantastic one, and I was shattered for a moment that he was not going to do his original presentation because the crowd present there was not so technical. However, a little persuasion got that included for extra time. More on that later…! His impromptu presentation was about educating end users about securing their day to day work environment. What was different from the whole thing was the approach to the whole training scenario - do not have one standard training program across the organization. Split it up, customize it and see how it can be incorporated into a daily work flow so that it catches on effortlessly. Here’s more information on that. The second part was the best of all… a discussion on Cross site request forgery, straight out of Black hat 2007. The presentation and demo was done after the formal session was completed and had a limited group of people. It was simply awesome. Had a chat with him for a while, and happened to find out he was a keen photographer as well… spotted a 20D with a 24-105mm F4 L IS on him.

  • Ed Gabrys - Nice presentation on the emerging threat scenarios on the internet and within a croprate network. However, there wasn’t too much time, so everything was covered at a very high level. Caught up with him after his session and was talking for a while about the Sony-BMG rootkit.

Overall, a very fun day at work and I realized that I was absolutely at home with the discussions there, even though I had no formal training or background of the area there. Heck, I realized once again that this is what I was supposed to be doing - creating and defining things and being the gate keeper! I shouldn’t be worrying about those stupid regression scripts or chudail :)

As usual, hated to come back to work on Friday!