Posts

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...

How should I as a Security Leader learn Gen AI - Initial Thoughts !

      Since the last two years we have been overwhelmed with the deluge of Gen AI based applications and use cases. ChatGPT in its first avatar brought AI to our homes and daily lives. While personally, most of us continue to use Gen AI for various tasks we are also finding our organisations also discussing, brainstorming and adopting Gen AI in various forms.   The usage of Gen AI has moved from generating content to answering queries, preparing detailed plan and doing large complex tasks.      When we are at home we do not tend to worry so much about the security implications of Gen AI as we tend to be cautious as well as our data sets are generally smaller and do not reveal so much.  However this is also does not hold true as most recently I saw LinkedIN deciding to use its users content to train its GenAI models. This was without an intimation or warning to users except in regions like EU which have stringent privacy laws.  After the initi...

A Practical Pathway for Mid-Career IT and Security Professionals to Master Cloud Security

Can Cloud Security be learned theoretically ?   Many believe that they can learn cloud security by simply studying white papers and completing online courses without hands-on experience with cloud service providers. While this may be enough to gain some understanding and participate in discussions, it falls short when it comes to effectively securing organisations against cyber attacks   The cloud represents a paradigm shift from traditional on-premise strategies, requiring professionals to master new engineering concepts and technologies. This learning is an essential prerequisite to gain required knowledge and acquire necessary skills to secure a cloud environment.  In this blog,  I am sharing a small pathway to learn cloud security below for an absolute beginner in cloud security. This is targeted towards mid career professionals who have experience in IT and Security but have not handled Cloud environments. The article is primarily focused on IaaS ( In...

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...