Akshay on the business of security : Management

Akshay’s Uncertainty Principle: Observing Some Metrics Changes Them

Akshay Aggarwal — Fri, 27 Mar 2009 04:12:45 GMT

You’ve probably heard of the famous Heisenberg Uncertainty Principle in Quantum physics. It states “The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa.” --Heisenberg, uncertainty...(read more)

Business During Downturn: The Chain Of Trust

Akshay Aggarwal — Thu, 22 Jan 2009 06:48:43 GMT

Business during economic downturns brings to the surface the tiny fractures that were unnoticeable during the good times. It is a fertile ground to relearn some of the lessons of the past & form wisdom for the future. I am going to try and capture...(read more)

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?

Akshay Aggarwal — Wed, 11 Jun 2008 18:06:24 GMT

Several enterprises are increasingly investing time and money in building application security tasks into their existing SDLCs. Some of them have also reached the conclusion that proactive approaches , like threat modeling, have more ROI than reactive...(read more)

Application Security development Lifecycle 4: Finding the right security talent

Akshay Aggarwal — Sun, 01 Jun 2008 22:45:00 GMT

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)... I thought about it a while and...(read more)

Application Security Development Lifecycle 2: Mandatory or Not?

Akshay Aggarwal — Tue, 22 Apr 2008 10:36:21 GMT

Large enterprises tend to have a number of line of business (LOB) applications supporting business operations. It becomes key for an application security program to help the organization manage the risk posed by each of these applications. Applications...(read more)

Application Security Development Lifecycle 1: Understanding your portfolio

Akshay Aggarwal — Mon, 07 Apr 2008 19:45:00 GMT

"How many applications do you have and what do they do?" It seems simple enough yet this questions seems to perplex many a smart mind. Having posed it to over a hundred and fifty CSO/CIOs over the last year, I have rarely received a clear answer that...(read more)

Application Security Development Lifecycle Series

Akshay Aggarwal — Thu, 03 Apr 2008 09:54:00 GMT

After several requests from customers about information on how enterprise class application security programs are set up, I am writing a series of blogs about my experience helping some large enterprises set up application security teams similar to the...(read more)