Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
All the general articles will go here.
In the past 2 years, there has been a surge in GenAI and its security implications. I developed the following framework to categorize the blogs, tools, and resources I have been exploring to make it easier to navigate and understand. Everything related to GenAI and Security can be put in these 3 pillars: Security of…
While the Spotify Wrap for 2024 was underwhelming, the Strava Year in Sport was a pleasant surprise. A few stats: These stats are not completely accurate as they were released mid-Dec. Hoping to continue this with better stats in ’25.
The best thing you can do as a professional is to have one identity; the worst thing you can do as an individual is to have one identity.
I did not speak a full sentence in English until I was 20, and I am pretty sure the recruiter at HSBC only hired me because I told him my uncle worked there. I did not write my first blog post until Dec 2018 in an effort to make sense of all the InfoSec jargons…
BSides SF is one of the largest security conferences in the Bay Area and my all-time favorite. Having presented twice at BSides SF, sharing some best practices on writing the submission and succeeding in the highly competitive CFP selection process. Lastly, get ahead of your reservations in submitting the CFP. A common reservation I see…
My then-girlfriend (now wife, Dimple) always had dogs. At one point, she used to have 5 dogs at once – all living with her family in a small home in Ratlam. I was the exact opposite. The only interaction I had with dogs until I met her was running away from them whenever they gave…
I remember watching a Ted talk long back. I don’t remember much of it, but do remember a sentence from the talk – “The days you remember are the days you live”. Following are the few days that I’ll remember and cherish from 2023. 👉 Got promoted to Security & Compliance Director, Mar ’23 👉…
After Good to Great, I had high expectations from this book, but it fell short. The research is good, but for some reason seemed outdated e.g. comparing the greatest companies of our generation and did not have a reference to Google / Apple / Microsoft which seemed odd – no fault of the book though…
The HITECH Act HITECH is an acronym for Health Information Technology for Economic & Clinical Health. How is HITECH Act related to HIPAA? The HITECH Act is a part of an economic stimulus package introduced in 2009 during the Obama administration, the American Recovery and Reinvestment (ARRA) Act of 2009. The purpose of the HITECH…
Cloud Computing – storing your data at someone else’s computer / using someone else’s CPU to perform processing / both Infrastructure as a Service (IaaS) – Hardware, bare-metal Platform as a Service (PaaS) – Infrastructure + Operating System Software as a Service (SaaS) – Infrastructure + Operating System + Software Scalability – Easily grow based on demand Elasticity – Easily shrink…
