top of page
YOU MATTER. YOUR PASSION MATTER.
All Posts


Learn to have Fun in Mitigating Risks
Risks. There are numerous billion risks around the world and it can be exhausting to identify each and every one of the risks and implement the right security measures/controls. We are yet to even discover all of them and now adding on to it are AI Risks. AI Risks is another new category to even think and talk about it. Not now. Frequently used, this term, GRC, short-form for Governance, Risks and Compliance which is to have a governance culture in managing risks to a accepta
Apr 109 min read


Process - User Access Reviews
User Access Reviews are daunting, confusing, tiresome tasks to be completed by Managers for their direct reports. The mere fact of needing to validate and approve the particular access/permissions for the respective individual makes the Manager feel as if it costing them so much of money and time where they are unable to complete their assigned work in time. Just to quickly get over with it, with that negeligence, nonchalant mindset and NOT choosing to act right at the given
Feb 116 min read
Technical Requirements Documentation
This documentation is to document the following Architecture Diagrams & Designs Technical Detail of every single component in Architecture Diagram Technical Information hat MUST be taken note at all times Technical Pre-requisites if any updates/modifications is required in the future It's a documentation that needs to meet compliance during an IT Audit, where it is readily available by being up-to-date. The documentation must match exactly with the configuration & the impleme
Jan 285 min read
Policy - Least of Privilege Permissions & Segregation Of Duties
Gone are the times where we can simply assign any permissions we need to get the work moving on with minimal disturbance and with minimal constant approval. Unfortunately, it has lead to a huge trending problem now that one has to monitor with a microscope to ensure ONLY the needed permissions are assigned in a granular manner. It's time to implement the Least Of Privilege Permissions and Segregation of Duties as a CyberSecurity Policy and not only as Security Controls/Best P
Dec 19, 20256 min read
Process - Service Accounts Ownership
Service Accounts, the accounts that lack TLC since the day they are created rapidly to meet the requirements of a new implementation or for troubleshooting purpose. The next in line are Service Prinicipals which are heavily used in Cloud Environments (Azure/AWS/GCP). This is a manual task at the moment although there are several IAM Management Tools now to monitor them in an automated manner. Not only that, almost every company is now working on automating this manual proces
Dec 15, 20257 min read


What are the differences between these 5: Practice, Process, Standards, Policy, Procedure
In IT Cybersecurity World, these 5 words are consistently heavily used and there's a dependency to each one of them. If one is not constructed well, it can cause gaps and will need to re-visit again to re-construct it once more and this is always a never-ending dilemma. How do we achieve a well-constructed Practice, Process, Standards, Policy & Procedure document that requires minimial re-work and able to execute timely & promptly in the organization? Yes, of course, skillset
Dec 12, 20254 min read


Why & What is the NEED to protect Privileged Accounts?
Now that we know what is a Privileged Account, we always got to ask ourselves these questions before we begin to work with any vendor or even to initiate a meeting with Head of Security/Security Manager/Security Lead/Security Director/CISO/CTO: Note: This is really a sensitive task/responsibility that one must be very careful and needs to pay important attention to it even in a discussion or a presentation about it. Why the need to protect Privileged Accounts? What is the nee
Dec 9, 20254 min read
bottom of page