Making Common Sense out of
Security

Making Common Sense out of Security Making Common Sense out of Security Making Common Sense out of Security

Making Common Sense out of
Security

Making Common Sense out of Security Making Common Sense out of Security Making Common Sense out of Security
  • Home
  • Value Transformation
  • Value Philosophy
  • My writings
  • Profile
  • Areas of Practices
  • My Views
  • More
    • Home
    • Value Transformation
    • Value Philosophy
    • My writings
    • Profile
    • Areas of Practices
    • My Views
  • Home
  • Value Transformation
  • Value Philosophy
  • My writings
  • Profile
  • Areas of Practices
  • My Views

PDF Viewer

TINA – The Creator’s Design and the Governance Within

      We often look at governance, risk, and compliance as systems, but nature has been showing us a unified model all along.
The human body is self-sustaining, self-healing, and perfectly synchronized, every organ, every rhythm, every breath connected with purpose.
Organizations, too, thrive when governance, leadership, management, and guidance work together, not as silos, but as one living system.
Because unity is strength, and disconnection is decline.
No organization is too big to learn, and no individual too small to make a difference.
That, in essence, is what GRC with a human heart truly means.

Read the full reflection: TINA – The Creator’s Design and the Governance Within 

PDF Viewer

Borrowed Breath – The AI Culture

     As we race on the autobahn, the speed of the car often becomes the deciding factor. Yet, the decision on how fast we move lies entirely in the hands of the driver.

This article is a reflection of my thoughts as an AI, GRC, and Cybersecurity nomad — one among countless, faceless Homo sapiens eager to gallop on the AI autobahn. Adrenaline, passion, and mindset — whether as a follower or a leader — all play a role that can either accelerate the journey or act as its retarding force.

Remember: To every action, there is an equal and opposite reaction ;a reminder that progress and prudence must coexist, for speed without direction often leads to collision.
 

PDF Viewer

The Human Cost of Convenience: Reflections from a Digitally

    We built systems to make life easier.Somewhere along the way, life itself became the system.
As we stand on the brink of Industry 5.0, perhaps the next revolution we need isn’t about Artificial Intelligence — but about Authentic Humanity.
We’re working twenty-five hours in a twenty-four-hour day.
Deepfakes aren’t just digital anymore — they’ve become personal. 

PDF Viewer

Migrants: The Unprofitable Servant

   Migration, in the professional sense, is not merely a change of role or title. It is an act of faith, a belief that one’s skills, values, and experiences can transcend boundaries.
Migration isn’t always about crossing borders. In the modern workplace, we are all migrants, moving across roles, functions, and disciplines in search of relevance, growth, and purpose 

PDF Viewer

Work–Life Balance: Governance for the Life That Matters

   Work–life balance is a phrase we hear often today — in corporate handbooks, on glossy posters, and in HR campaigns. But is it a lived reality, or has it become a slogan that sounds sweet to the ears, checks the box of being “employer-friendly,” and adds a notch to corporate posturing?

The truth probably lies somewhere in between. The idea is noble and necessary — yet elusive in practice. Perhaps the real test is not whether companies can promise balance, but whether individuals and organizations together can create environments where balance is lived, not just pitched. 

PDF Viewer

Integrated = Risk + Audit Talking – Forward Looking Approach

  Audit and Risk functions both play vital roles in governance, and organizations depend on them for assurance and trust.
But when they operate in silos, assurance becomes backward-looking, creeping risks are normalized (the “boiling frog” effect), and boards receive fragmented messages.
Therefore, integration is essential — Risk informs Audit, Audit validates Risk, and together they sustain a forward-looking loop that strengthens posture, reduces exposure, and builds trust. 

PDF Viewer

Just Enough

 It has been a while since I first studied the Japanese discipline of 5S. At the time, it was explained to me as a method to keep a factory floor clean, organized, and efficient. Useful, yes, but far away from my world as a white-collar worker, miles away from any assembly line.
I stored it in my memory as “good to know,” nothing more.
But life has a way of bringing old lessons back in new forms. A recent episode shook me, and I began to wonder: What if 5S is not only for factories? What if it is also a philosophy for how to live?
Seiri (Sort):
Seiton (Set in Order):
Seiso (Shine):
Seiketsu (Standardize):
Shitsuke (Sustain):
 

PDF Viewer

Content Disarm & Reconstruction (CDR)


Cybersecurity has always moved between blocking attacks and detecting them after they happen. But stopping an attack isn’t the same as fixing the damage. In my new article, I talk about Content Disarm & Reconstruction (CDR) ,a way to make files safe by breaking them down, removing harmful parts, and rebuilding them clean. I use easy examples like airport security and medical checks to explain why this matters. The future of security is not just reacting, but being smarter, safer, and more proactive. 

PDF Viewer

AI Systems – For the People, Of the People, By the People


As human beings, we have never fully deciphered the mysteries of our own brain. Understanding how it truly functions remains an ongoing and incomplete journey. Yet, paradoxically, we have embarked on the ambitious task of creating a system we call Artificial Intelligence , an attempt to mimic the very organ we do not yet fully understand. It is a striking irony: we strive to replicate what still eludes our own comprehension.

PDF Viewer

“What IF” Vs “Even If” Vs “Because Of”




Risk = Fear = “What if?”
Resilience = Faith = “Even if”
Antifragile = Growth = “Because of” 

PDF Viewer

Making Risk Understandable


  

Being Aware is the First Step towards an Informed Decision
Everyone Thinks Differently — and That’s Okay.
Whether it’s a formula, a metaphor, or a lived experience — the aim is to speak to all , because risk is best managed when everyone understands it.
In risk, like in haircuts, you only realize the mistake once it’s too late.

 

PDF Viewer

GRC for Family and Common Man


 GRC for Life: “Everyday Lessons from the Barber Shop and Beyond”
A Humanized Perspective on Governance, Risk, and Compliance

This document is written for everyday people—whether you’re a student, a parent, a shop owner, a teacher, or anyone else—who may have heard the term GRC (Governance, Risk, and Compliance) and thought, “That sounds too technical for me.” 

PDF Viewer

The Physics of Agility Applying Newton’s Second Law to Orga


 

This simple yet powerful equation explains how organizations react to external pressures. 

 When force increases—such as regulatory changes, cyber threats, or stakeholder demands—and organizational mass (inertia) decreases, the velocity of response improves. 

Inversely, a high internal mass—caused by bureaucracy, unclear processes, or cultural rigidity—slows down the ability to pivot or act.

PDF Viewer

Syllogism and Information Security

 Syllogism - Classical form of Deduction and Information Security .
Syllogism is a type of argument mostly used in the legal world . This article is an effort to blend syllogism with information security as we see it today. 
Black swan events are a “Reality” and so is the “Butterfly effect. “The universe needs one “Edward Lorenz” to change theories accepted for centuries and usher in a revolutionary change in the way things are seen and perceived.  

PDF Viewer

Security is Everybody's business

PDF Viewer

Principles of Security and Human Sickness-A Correlation

FOOD FOR THOUGHT

ZERO-DAY Vulnerabilities

Zero-day vulnerabilities are software flaws that leave users exposed to cyber-attacks before a patch or workaround is available. In short, a vulnerability exists but has not yet been patched. 

The simple reason for the patch not being available is BECAUSE - The Defenders and Creators – people who are Security researchers and people who are developers - have not yet become aware of them.  

Playing the Devil’s advocate here –  With the above in context, I want to use another term - Probability as used in RISK Management. 

It can be simply defined as “When the outcome of an event is unknown or unsure, it is best to discuss this in terms of probability- how likely something is going to happen”.  

Food for Thought 

1)  Can end customers trust the plethora of applications, operating systems, network devices, security devices deployed in their premises to REBOUND BACK and resume business operations after a ZERO-DAY vulnerability has been targeted by a ZERO-DAY Exploit. 

2)   Is “Defense-In-Depth” the ANSSWER to this scourge or Security Pandemic as I would like to call it. OR

3)   should organization’s look at “DEPTH-OF- DEFENSE” in addition to “DEFENSE-IN-DEPTH”. which to me means “Continuous Monitoring and Validation in a Consistent manner". 

To make this happen an organization would need multiple tools and technologies in the areas of Artificial Intelligence, Machine Learning, Threat Intelligence, Analysis, Co-relation, Detection and Response.  


So while we find answers to these questions , our customers and we as security professionals can continue to remain confused.

FOOD FOR THOUGHT

Cardiac death vs. brain death

 The most common and accepted form of death is cardiac death—the absence of the heart contracting and pumping blood due to a disturbance in its electrical activity. 

A less common type of death is brain death—the irreversible absence of all brain activity. 

  • The world is moving towards an application based digital economy. 
  • Risk Management and Governance in all shapes and forms has become more CRITICAL, then ever before. 
  • People perform processes using technology to produce the desired results. 
  • Results contribute to the fulfilment of Objectives, Goals and Missions to achieve the overall Enterprise Vision. 
  • Risks to People, Process and Technology interfere with EFFECTIVE and EFFICIENT production of Results. 
  • Attacks on organization’s digital assets are on the rise. 

All matured organizations – the Leaders, with advanced GRC processes understand one aspect better than the followers- COMMON SENSE. 

Many organizations are Brain Dead and are fast galloping towards a Cardiac Death, unless they put in corrective measures. 

Do you agree? 

COVID-19 and Cloud

First published in Feb 2021

At a recent visit to my Dr. we stuck up an interesting conversation – COVID-19 and ICU beds. The Dr informed me that no hospital however big (this is more for the Middle East) would have an ICU with more than 10 Beds. This was based on the probability of current and past threats and vulnerabilities related to human health. COVID-19 changed it all. The initial wave completely overwhelmed the system 

A few of my observations 

1) Like Cloud technologies the ICU’s in hospital could not provide Vertical and Horizontal scaling / No elasticity / No Redundancy or backup sites to fall back on 

2) People (frontline workers – Nurses, Doctors, hospital staff) were in short supply – People in the people, process, technology triad. 

3) The initial response was Protection (lockdowns, social distancing, trial and testing of different medicines to treat the virus, etc.) 

4) Later the response was more on EARLY “DETECTIONS” – Proactive testing, quarantines, isolations. This led to opening of the economy and more free movement of people. 

5) The RECOVERY, process is now in progress – Vaccinations. 

6) The Wheel is moving – Identify and Protect- Further research into new strains found in UK, Visit by WHO team to Wuhan etc. 

Do you agree?

Learn More

The content provided here is not intended to cause any harm, discomfort pain or  anguish to the readers , especially to one who have suffered the worse during the pandemic and who might have been infected with the virus. As security practitioners it is our profound duty to give back to the community at large in the larger efforts to make a better cyber world. This article is also intended to intensify efforts to decode the marketing jargons surrounding IT and Cybersecurity in particular and present a simple view which makes sense to the common man 

PDF Viewer

WHAT POWERFUL LESSONS CAN WE LEARN FROM NATURAL DISASTERS

Copyright © 2025 Making Common Sense out of Security - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to give you a better experience. 

Sorry I am on DIET SWEET !