My Top Learnings from SABSA Security Architecture SCF Certification
Introduction I passed my SABSA Chartered Foundation (SCF) certification recently. I loved the SABSA methodology and learnt a...
How to NOT integrate security tools in DevSecOps : Top 3 Mistakes Across Process, Technology, And People
I am sharing my experience on the top 3 mistakes done during the integration of security tools in the CI CD pipeline across the three pillars of process, technology and people.
How to gauge the possible security impact of a proposed feature or development
This blog explores the factors that can help a product security team judge the possible security impact of a proposed new feature or development before starting a security review. It is an important task to find this before jumping in to security review.
How to Leverage Threat Modeling Findings to Enhance Security Across the SDLC
While threat modeling in itself is a very beneficial exercise, if outcomes from it are stored in a certain way that they can be processed they are really useful for improving product security at various levels.
Transparent Decision Making by Security Professionals
Context As a security professional, I make a lot of security decisions which impact engineering most of the...
Key to a comprehensive solution : Utilise Six Honest Serving Men (What, Why, How, Who, Where and When)
This concept can be used to create a wholesome and comprehensive solution to a problem. It recommends that we consider six aspects of any problem when trying to solve it.
Trust, but verify ( when collaborating with stakeholders )
In Short: While working with stakeholders from varied domains, Trust them with their claims but try to verify...
From Bugs to Breaches : Insights from my Career Transition from Software Testing to Cyber Security and Your Guide to do the same
My career transition from software testing to cyber security was exciting as well as painful at the same...
Summary of the Security Design of the AWS Nitro System
While reading the whitepaper of security design of AWS nitro system recently i came across some design decisions...
Choice Architecture in Product Security : Architecting secure choices
I recently came across the concept of choice architecture in a book (The Creative Problem Solver). This bIog...