Introduction Organizations in today’s digital world hold data of their customers and clients which makes them a target for hackers, Organisations must follow robust cyber security policies/standards/guidelines to protect themselves, their employees, and most importantly their data against a wide range of threats. A Information security checklist helps organizations keep a track of their cyber security health to make sure an attacker cannot get unauthorized access to information that is stored on devices such as servers, databases, cloud, workstations, etc. Cyber incidents are on the rise, organisations are continuously attacked by threat actors that can range from lone wolfs to […]
noobtalk
I recently passed the CISSP exam! This post is about my journey to CISSP, Why I choose to do it, the study material I used and how I prepared for the exam. Why? In my university days, I started doing freelance penetration testing, bug bounties and then joined a company where I used to do on-site penetration testing for clients. Over the years I realized that penetration testing as a field is getting saturated and shrinking because of a number of reasons, for example, introduction of framework based applications running on cloud-based architecture means my penetration testing skills are down […]
Its been 2 years and 8 months I was working as a Penetration tester looking after application security for the most part of my day. As it was an in-house work the job got boring as not much new and exciting was coming up, although it was well paying job and best part of it was laid back work culture, I decided to look for new a challenge. I wanted to get into a niche field in Penetration testing. Due to the advancements in framework oriented applications (built-in security) and tons of defensive products I feel few years down, traditional […]
Couple of months back I saw a post on Linkedin about open roles for information security engineer at Google Zurich Switzerland office. I believe working for google (apart from perks they offer) is a privilege, you get to work with cutting edge technologies in a “comparatively stress free” environment (Check out Google’s offices you will know what I mean). Looking at the job responsibilities they seemed generic and short. Google keeps job responsibilities and required skills precise (Because of a reason explained later). This blog post is about my Google interview experience for information security engineer role. As you can guess, […]
In software development they say “Clients don’t even know what they want, they just want it and want it now!” no wonder they keep showing them prototypes. The case is similar in Information security as well, they just want it “secure”. As a penetration tester when you go out to perform Penetration testing engagement, you must have a clear mind on what the client wants. What are the do’s and don’t? What matters to them the most? Chances are that even if you performed technically sound pentest, they would still not be pleased. Maybe it’s the “first time getting their […]