Akshay on the business of security

Shrinking Budgets: Application Security Tools vs Process Tradeoff

Akshay Aggarwal — Thu, 30 Apr 2009 08:25:54 GMT

An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized technology company, lets call him Alok, went into a budget planning meeting and came out as a shadow of his former self. To be more precise a 85% version...(read more)

Akshay’s Uncertainty Principle: Observing Some Metrics Changes Them

Akshay Aggarwal — Fri, 27 Mar 2009 04:12:45 GMT

You’ve probably heard of the famous Heisenberg Uncertainty Principle in Quantum physics. It states “The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa.” --Heisenberg, uncertainty...(read more)

Response to InfoSec X Prize Part 1

Akshay Aggarwal — Fri, 06 Mar 2009 20:11:00 GMT

So I’ve been quite amazed by the amount of discussion and feedback i have received from colleagues and peers on my original post on creating fundamental change through competition. I will be posting some of the written replies that I received and which...(read more)

Baking Security In: A Comic Strip View of SDL

Akshay Aggarwal — Fri, 20 Feb 2009 21:07:00 GMT

So how do you t ake your average developer who scoffs at security from the careless and brash aka Kevin, to the poster child for good development practices aka Kevlarr. Well, the Microsoft SDL team has the answer for you. The team recently...(read more)

Microsoft IT Solutions: Full Drive Encryption using BitLocker

Akshay Aggarwal — Tue, 10 Feb 2009 21:01:00 GMT

One of the challenges that I have been focusing my team on this fiscal year has been creating new solutions that leverage the learning that Microsoft IT has had in deploying technology or solving problems. Microsoft IT generally has to deploy new technologies...(read more)

Note to Fannie Mae: Dealing with Logic Bombs

Akshay Aggarwal — Tue, 03 Feb 2009 22:05:00 GMT

Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic Bomb designed to take 4000 of the financial giants servers & their data. Since this news broke, a number of concerned CIOs have requested my team for...(read more)

The InfoSec X Prize: Fundamental Change Through Competition

Akshay Aggarwal — Fri, 23 Jan 2009 01:06:34 GMT

Today I had a thought provoking conversation with Dr. Peter Diamandis , Chairman and CEO of Zero Gravity Corporation & X Prize Foundation, on radical & fundamental change. Change that advances the status quo rather than relying on incremental...(read more)

Business During Downturn: The Chain Of Trust

Akshay Aggarwal — Thu, 22 Jan 2009 06:48:43 GMT

Business during economic downturns brings to the surface the tiny fractures that were unnoticeable during the good times. It is a fertile ground to relearn some of the lessons of the past & form wisdom for the future. I am going to try and capture...(read more)

Meter This: Practical Application Of Power drain Attack

Akshay Aggarwal — Sat, 26 Jul 2008 00:47:53 GMT

Last week while feeding my caffeine addiction I came across an article in the New York Times titled Can’t Find a Parking Spot? Check Smartphone . In order to reduce traffic congestion and fuel consumption, the city of San Francisco is implementing a new...(read more)

My BlueHat Talk

Akshay Aggarwal — Tue, 15 Jul 2008 23:08:27 GMT

Just got word that my talk Suddenly Psychic: Knowing everything about everyone was accepted at Microsoft's BlueHat Security Conference on October 16-17th. Sometimes when you go blue... you really go blue. Over the course of the next few months my buddy...(read more)

Towards enabling secure infrastructure outsourcing

Akshay Aggarwal — Mon, 14 Jul 2008 18:29:58 GMT

Many enterprise customers are increasingly evaluating the benefits of infrastructure outsourcing (ITO) to their businesses. In the past year, several CIOs have expressed concerns around the impact to the security and privacy of digital assets resulting...(read more)

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?

Akshay Aggarwal — Wed, 11 Jun 2008 18:06:24 GMT

Several enterprises are increasingly investing time and money in building application security tasks into their existing SDLCs. Some of them have also reached the conclusion that proactive approaches , like threat modeling, have more ROI than reactive...(read more)

OWASP Conference Update

Akshay Aggarwal — Mon, 09 Jun 2008 04:42:40 GMT

I will be presenting at the OWASP conference in Denver, CO this Tuesday, June 10th. The presentation will focus on the value that organizations especially ISVs can derive from threat modeling of line of business applications. For some time now, I've been...(read more)

Application Security development Lifecycle 4: Finding the right security talent

Akshay Aggarwal — Sun, 01 Jun 2008 22:45:00 GMT

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)... I thought about it a while and...(read more)

How Microsoft IT does Secure Application Development: Webcast

Akshay Aggarwal — Tue, 27 May 2008 19:20:00 GMT

Technorati Tags: Conference , SDLC , SDL , IT , ISV I will be discussing Microsoft IT's approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th....(read more)